okta-apps - Pinkfish - AI Agents & Workflows for Getting Work Done

Server path: /okta-apps | Type: Application | PCID required: Yes

Tools

Tool	Description
`okta-apps_activate_application`	Activate an application
`okta-apps_assign_group_to_application`	Assign an application group
`okta-apps_assign_user_to_application`	Assign an application user
`okta-apps_create_application`	Create an application
`okta-apps_deactivate_application`	Deactivate an application
`okta-apps_delete_application`	Delete an application
`okta-apps_get_application`	Retrieve an application
`okta-apps_get_application_group_assignment`	Retrieve an application group
`okta-apps_get_application_user`	Retrieve an application user
`okta-apps_list_application_group_assignments`	List all application groups
`okta-apps_list_application_users`	List all application users
`okta-apps_list_applications`	List all applications
`okta-apps_replace_application`	Replace an application
`okta-apps_unassign_application_from_group`	Unassign an application group
`okta-apps_unassign_user_from_application`	Unassign an application user
`okta-apps_update_application_user`	Update an application user
`okta-apps_update_group_assignment_to_application`	Update an application group

okta-apps_activate_application

Activate an application Parameters:

Parameter	Type	Required	Default	Description
`appId`	string	Yes	—	Application ID

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "appId": {
      "type": "string",
      "description": "Application ID"
    }
  },
  "required": [
    "PCID",
    "appId"
  ]
}

okta-apps_assign_group_to_application

Assign an application group Parameters:

Parameter	Type	Required	Default	Description
`appId`	string	Yes	—	Application ID
`groupId`	string	Yes	—	The `id` of the group
`_embedded`	object	No	—	Embedded resource related to the Application Group using the JSON Hypertext Application Language specification. If the `expand=group` query parameter is specified, then the group object is embedded. If the `expand=metadata` query parameter is specified, then the group assignment metadata is embedded.
`_links`	object	No	—	The links value
`id`	string	No	—	ID of the group
`lastUpdated`	object	No	—	Last Updated
`priority`	integer	No	—	Priority assigned to the group. If an app has more than one group assigned to the same user, then the group with the higher priority has its profile applied to the application user. If a priority value isn’t specified, then the next highest priority is assigned by default. See Assign attribute group priority and the sample priority use case.
`profile`	object	No	—	Specifies the profile properties applied to application users that are assigned to the app through group membership. Some reference properties are imported from the target app and can’t be configured. See profile.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "appId": {
      "type": "string",
      "description": "Application ID"
    },
    "groupId": {
      "type": "string",
      "description": "The `id` of the group"
    },
    "_embedded": {
      "type": "object",
      "description": "Embedded resource related to the Application Group using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. If the `expand=group` query parameter is specified, then the [group](openapi/okta-management/management/group) object is embedded.  If the `expand=metadata` query parameter is specified, then the group assignment metadata is embedded."
    },
    "_links": {
      "description": "The links value"
    },
    "id": {
      "type": "string",
      "description": "ID of the [group](openapi/okta-management/management/group)"
    },
    "lastUpdated": {
      "description": "Last Updated"
    },
    "priority": {
      "type": "integer",
      "description": "Priority assigned to the group. If an app has more than one group assigned to the same user, then the group with the higher priority has its profile applied to the [application user](https://developer.okta.com/docs/api/openapi/okta-management/management/tags/applicationusers). If a priority value isn't specified, then the next highest priority is assigned by default. See [Assign attribute group priority](https://help.okta.com/okta_help.htm?type=oie&id=ext-usgp-app-group-priority) and the [sample priority use case](https://help.okta.com/okta_help.htm?type=oie&id=ext-usgp-combine-values-use)."
    },
    "profile": {
      "type": "object",
      "description": "Specifies the profile properties applied to [application users](https://developer.okta.com/docs/api/openapi/okta-management/management/tags/applicationusers) that are assigned to the app through group membership.  Some reference properties are imported from the target app and can't be configured. See [profile](https://developer.okta.com/docs/api/openapi/okta-management/management/user/getuser#user/getuser/t=response&c=200&path=profile)."
    }
  },
  "required": [
    "PCID",
    "appId",
    "groupId"
  ]
}

okta-apps_assign_user_to_application

Assign an application user Parameters:

Parameter	Type	Required	Default	Description
`appId`	string	Yes	—	Application ID
`_embedded`	object	No	—	Embedded resources related to the application user using the JSON Hypertext Application Language specification
`_links`	object	No	—	Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of resources related to the application user.
`created`	object	No	—	The created value
`credentials`	object	No	—	Specifies a user’s credentials for the app. This parameter can be omitted for apps with sign-on mode (`signOnMode`) or authentication schemes (`credentials.scheme`) that don’t require credentials.
`externalId`	string	No	—	The ID of the user in the target app that’s linked to the Okta application user object. This value is the native app-specific identifier or primary key for the user in the target app. The `externalId` is set during import when the user is confirmed (reconciled) or during provisioning when the user is created in the target app. This value isn’t populated for SSO app assignments (for example, SAML or SWA) because it isn’t synchronized with a target app.
`id`	string	Yes	—	Unique identifier for the Okta user
`lastSync`	string	No	—	Timestamp of the last synchronization operation. This value is only updated for apps with the `IMPORT_PROFILE_UPDATES` or `PUSH PROFILE_UPDATES` feature.
`lastUpdated`	object	No	—	Last Updated
`passwordChanged`	string	null	No	—	Timestamp when the application user password was last changed
`profile`	object	No	—	Specifies the default and custom profile properties for a user. Properties that are visible in the Admin Console for an app assignment can also be assigned through the API. Some properties are reference properties that are imported from the target app and can’t be configured. See profile.
`scope`	string	No	—	Indicates if the assignment is direct (`USER`) or by group membership (`GROUP`). If not specified, Okta tries to determine the scope based on the assignment type.
`status`	string	No	—	Status of an application user
`statusChanged`	string	No	—	Timestamp when the application user status was last changed
`syncState`	string	No	—	The synchronization state for the application user. The application user’s `syncState` depends on whether the `PROFILE_MASTERING` feature is enabled for the app. > Note: User provisioning currently must be configured through the Admin Console.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "appId": {
      "type": "string",
      "description": "Application ID"
    },
    "_embedded": {
      "type": "object",
      "description": "Embedded resources related to the application user using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification"
    },
    "_links": {
      "type": "object",
      "description": "Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. This object is used for dynamic discovery of resources related to the application user.",
      "properties": {
        "app": {
          "description": "The app value"
        },
        "group": {
          "description": "The group value"
        },
        "user": {
          "description": "The user value"
        }
      }
    },
    "created": {
      "description": "The created value"
    },
    "credentials": {
      "type": "object",
      "description": "Specifies a user's credentials for the app. This parameter can be omitted for apps with [sign-on mode](/openapi/okta-management/management/application/getapplication#application/getapplication/t=response&c=200&path=&d=0/signonmode) (`signOnMode`) or [authentication schemes](/openapi/okta-management/management/application/getapplication#application/getapplication/t=response&c=200&path=&d=0/credentials/scheme) (`credentials.scheme`) that don't require credentials.",
      "properties": {
        "password": {
          "type": "object",
          "description": "The user's password. This is a write-only property. An empty `password` object is returned to indicate that a password value exists."
        },
        "userName": {
          "type": "string",
          "description": "The user's username in the app  > **Note:** The [userNameTemplate](/openapi/okta-management/management/tags/application/other/createapplication#application/createapplication/t=response&c=200&path=&d=0/credentials/usernametemplate) in the application object defines the default username generated when a user is assigned to that app. > If you attempt to assign a username or password to an app with an incompatible [authentication scheme](/openapi/okta-management/management/tags/application/other/createapplication#application/createapplication/t=response&c=200&path=&d=0/credentials/scheme), the following error is returned: > \"Credentials should not be set on this resource based on the scheme.\""
        }
      }
    },
    "externalId": {
      "type": "string",
      "description": "The ID of the user in the target app that's linked to the Okta application user object. This value is the native app-specific identifier or primary key for the user in the target app.  The `externalId` is set during import when the user is confirmed (reconciled) or during provisioning when the user is created in the target app. This value isn't populated for SSO app assignments (for example, SAML or SWA) because it isn't synchronized with a target app."
    },
    "id": {
      "type": "string",
      "description": "Unique identifier for the Okta user"
    },
    "lastSync": {
      "type": "string",
      "description": "Timestamp of the last synchronization operation. This value is only updated for apps with the `IMPORT_PROFILE_UPDATES` or `PUSH PROFILE_UPDATES` feature."
    },
    "lastUpdated": {
      "description": "Last Updated"
    },
    "passwordChanged": {
      "type": [
        "string",
        "null"
      ],
      "description": "Timestamp when the application user password was last changed"
    },
    "profile": {
      "type": "object",
      "description": "Specifies the default and custom profile properties for a user. Properties that are visible in the Admin Console for an app assignment can also be assigned through the API. Some properties are reference properties that are imported from the target app and can't be configured. See [profile](/openapi/okta-management/management/user/getuser#user/getuser/t=response&c=200&path=profile)."
    },
    "scope": {
      "type": "string",
      "description": "Indicates if the assignment is direct (`USER`) or by group membership (`GROUP`). If not specified, Okta tries to determine the scope based on the assignment type.",
      "enum": [
        "USER",
        "GROUP"
      ]
    },
    "status": {
      "type": "string",
      "description": "Status of an application user",
      "enum": [
        "ACTIVE",
        "APPROVED",
        "DEPROVISIONED",
        "IMPLICIT",
        "IMPORTED",
        "INACTIVE",
        "MATCHED",
        "PENDING",
        "PROVISIONED",
        "REVOKED",
        "STAGED",
        "SUSPENDED",
        "UNASSIGNED"
      ]
    },
    "statusChanged": {
      "type": "string",
      "description": "Timestamp when the application user status was last changed"
    },
    "syncState": {
      "type": "string",
      "description": "The synchronization state for the application user. The application user's `syncState` depends on whether the `PROFILE_MASTERING` feature is enabled for the app.  > **Note:** User provisioning currently must be configured through the Admin Console.",
      "enum": [
        "DISABLED",
        "ERROR",
        "OUT_OF_SYNC",
        "SYNCHRONIZED",
        "SYNCING"
      ]
    }
  },
  "required": [
    "PCID",
    "appId",
    "id"
  ]
}

okta-apps_create_application

Create an application Parameters:

Parameter	Type	Required	Default	Description
`activate`	boolean	No	—	Executes activation lifecycle operation when creating the app
`OktaAccessGateway-Agent`	string	No	—	Okta Access Gateway-agent
`_embedded`	object	No	—	Embedded resources related to the app using the JSON Hypertext Application Language specification. If the `expand=user/{userId}` query parameter is specified, then the assigned Application User is embedded.
`_links`	object	No	—	Discoverable resources related to the app
`accessibility`	object	No	—	Specifies access settings for the app
`created`	string	No	—	Timestamp when the application object was created
`expressConfiguration`	object	No	—	<div class=“x-lifecycle-container”><x-lifecycle class=“oie”></x-lifecycle></div> Indicates which Express Configuration capabilities the app supports and has enabled
`features`	string[]	No	—	Enabled app features > Note: See Application Features for app provisioning features.
`id`	string	No	—	Unique ID for the app instance
`label`	string	Yes	—	User-defined display name for app
`lastUpdated`	string	No	—	Timestamp when the application object was last updated
`licensing`	object	No	—	Licenses for the app
`orn`	string	No	—	The Okta resource name (ORN) for the current app instance
`profile`	object	No	—	Contains any valid JSON schema for specifying properties that can be referenced from a request (only available to OAuth 2.0 client apps). For example, add an app manager contact email address or define an allowlist of groups that you can then reference using the Okta Expression Language `getFilteredGroups` function. > Notes: > * `profile` isn’t encrypted, so don’t store sensitive data in it. > * `profile` doesn’t limit the level of nesting in the JSON schema you created, but there is a practical size limit. Okta recommends a JSON schema size of 1 MB or less for best performance.
`signOnMode`	string	Yes	—	Authentication mode for the app \| signOnMode \| Description \| \| ---------- \| ----------- \| \| AUTO_LOGIN \| Secure Web Authentication (SWA) \| \| BASIC_AUTH \| HTTP Basic Authentication with Okta Browser Plugin \| \| BOOKMARK \| Just a bookmark (no-authentication) \| \| BROWSER_PLUGIN \| Secure Web Authentication (SWA) with Okta Browser Plugin \| \| OPENID_CONNECT \| Federated Authentication with OpenID Connect (OIDC) \| \| SAML_1_1 \| Federated Authentication with SAML 1.1 WebSSO (not supported for custom apps) \| \| SAML_2_0 \| Federated Authentication with SAML 2.0 WebSSO \| \| SECURE_PASSWORD_STORE \| Secure Web Authentication (SWA) with POST (plugin not required) \| \| WS_FEDERATION \| Federated Authentication with WS-Federation Passive Requestor Profile \| Select the `signOnMode` for your custom app:
`status`	string	No	—	App instance status
`universalLogout`	object	No	—	<div class=“x-lifecycle-container”><x-lifecycle class=“oie”></x-lifecycle></div> Universal Logout properties for the app. These properties are only returned and can’t be updated.
`visibility`	object	No	—	Specifies visibility settings for the app

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "activate": {
      "type": "boolean",
      "description": "Executes activation lifecycle operation when creating the app"
    },
    "OktaAccessGateway-Agent": {
      "type": "string",
      "description": "Okta Access Gateway-agent"
    },
    "_embedded": {
      "type": "object",
      "description": "Embedded resources related to the app using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. If the `expand=user/{userId}` query parameter is specified, then the assigned [Application User](/openapi/okta-management/management/tags/applicationusers) is embedded.",
      "properties": {
        "user": {
          "type": "object",
          "description": "The specified [Application User](/openapi/okta-management/management/tags/applicationusers) assigned to the app"
        }
      }
    },
    "_links": {
      "description": "Discoverable resources related to the app"
    },
    "accessibility": {
      "type": "object",
      "description": "Specifies access settings for the app",
      "properties": {
        "errorRedirectUrl": {
          "type": "string",
          "description": "Custom error page URL for the app"
        },
        "loginRedirectUrl": {
          "type": "string",
          "description": "Custom login page URL for the app > **Note:** The `loginRedirectUrl` property is deprecated in Identity Engine. This property is used with the custom app login feature. Orgs that actively use this feature can continue to do so. See [Okta-hosted sign-in (redirect authentication)](https://developer.okta.com/docs/guides/redirect-authentication/) or [configure IdP routing rules](https://help.okta.com/okta_help.htm?type=oie&id=ext-cfg-routing-rules) to redirect users to the appropriate sign-in app for orgs that don't use the custom app login feature."
        },
        "selfService": {
          "type": "boolean",
          "description": "Represents whether the app can be self-assignable by users"
        }
      }
    },
    "created": {
      "type": "string",
      "description": "Timestamp when the application object was created"
    },
    "expressConfiguration": {
      "type": "object",
      "description": "<div class=\"x-lifecycle-container\"><x-lifecycle class=\"oie\"></x-lifecycle></div> Indicates which Express Configuration capabilities the app supports and has enabled",
      "properties": {
        "enabledCapabilities": {
          "type": "array",
          "items": {
            "type": "string",
            "enum": [
              "PROVISIONING",
              "SSO",
              "UNIVERSAL_LOGOUT"
            ]
          },
          "description": "Capabilities currently enabled for the app"
        },
        "supportedCapabilities": {
          "type": "array",
          "items": {
            "type": "string",
            "enum": [
              "PROVISIONING",
              "SSO",
              "UNIVERSAL_LOGOUT"
            ]
          },
          "description": "Capabilities supported by the app"
        }
      }
    },
    "features": {
      "type": "array",
      "items": {
        "type": "string",
        "enum": [
          "GROUP_PUSH",
          "IMPORT_NEW_USERS",
          "IMPORT_PROFILE_UPDATES",
          "IMPORT_USER_SCHEMA",
          "PROFILE_MASTERING",
          "PUSH_NEW_USERS",
          "PUSH_PASSWORD_UPDATES",
          "PUSH_PROFILE_UPDATES",
          "PUSH_USER_DEACTIVATION",
          "REACTIVATE_USERS",
          "OUTBOUND_DEL_AUTH",
          "DESKTOP_SSO",
          "FEDERATED_PROFILE",
          "SUPPRESS_ACTIVATION_EMAIL",
          "PUSH_PENDING_USERS",
          "MFA",
          "UPDATE_EXISTING_USERNAME",
          "EXCLUDE_USERNAME_UPDATE_ON_PROFILE_PUSH",
          "EXCHANGE_ACTIVE_SYNC",
          "IMPORT_SYNC",
          "IMPORT_SYNC_CONTACTS",
          "DEVICE_COMPLIANCE",
          "VPN_CONFIG",
          "IMPORT_SCHEMA_ENUM_VALUES",
          "SCIM_PROVISIONING",
          "DEVICE_FILTER_IN_SIGN_ON_RULES",
          "PROFILE_TEMPLATE_UPGRADE",
          "DEFAULT_PUSH_STATUS_TO_PUSH",
          "REAL_TIME_SYNC",
          "SSO",
          "AUTHN_CONTEXT",
          "JIT_PROVISIONING",
          "GROUP_SYNC",
          "OPP_SCIM_INCREMENTAL_IMPORTS",
          "IN_MEMORY_APP_USER",
          "LOG_STREAMING",
          "OAUTH_INTEGRATION",
          "IDP",
          "PUSH_NEW_USERS_WITHOUT_PASSWORD",
          "SKYHOOK_SERVICE",
          "ENTITLEMENT_MANAGEMENT",
          "PUSH_NEW_USERS_WITH_HASHED_PASSWORD"
        ]
      },
      "description": "Enabled app features > **Note:** See [Application Features](/openapi/okta-management/management/tags/applicationfeatures/) for app provisioning features."
    },
    "id": {
      "type": "string",
      "description": "Unique ID for the app instance"
    },
    "label": {
      "type": "string",
      "description": "User-defined display name for app"
    },
    "lastUpdated": {
      "type": "string",
      "description": "Timestamp when the application object was last updated"
    },
    "licensing": {
      "type": "object",
      "description": "Licenses for the app",
      "properties": {
        "seatCount": {
          "type": "integer",
          "description": "Number of licenses purchased for the app"
        }
      }
    },
    "orn": {
      "type": "string",
      "description": "The Okta resource name (ORN) for the current app instance"
    },
    "profile": {
      "type": "object",
      "description": "Contains any valid JSON schema for specifying properties that can be referenced from a request (only available to OAuth 2.0 client apps). For example, add an app manager contact email address or define an allowlist of groups that you can then reference using the Okta Expression Language `getFilteredGroups` function.  > **Notes:** > * `profile` isn't encrypted, so don't store sensitive data in it. > * `profile` doesn't limit the level of nesting in the JSON schema you created, but there is a practical size limit. Okta recommends a JSON schema size of 1 MB or less for best performance."
    },
    "signOnMode": {
      "type": "string",
      "description": "Authentication mode for the app  | signOnMode | Description | | ---------- | ----------- | | AUTO_LOGIN | Secure Web Authentication (SWA) | | BASIC_AUTH | HTTP Basic Authentication with Okta Browser Plugin | | BOOKMARK | Just a bookmark (no-authentication) | | BROWSER_PLUGIN | Secure Web Authentication (SWA) with Okta Browser Plugin | | OPENID_CONNECT | Federated Authentication with OpenID Connect (OIDC) | | SAML_1_1 | Federated Authentication with SAML 1.1 WebSSO (not supported for custom apps) | | SAML_2_0 | Federated Authentication with SAML 2.0 WebSSO | | SECURE_PASSWORD_STORE | Secure Web Authentication (SWA) with POST (plugin not required) | | WS_FEDERATION | Federated Authentication with WS-Federation Passive Requestor Profile |  Select the `signOnMode` for your custom app:",
      "enum": [
        "AUTO_LOGIN",
        "BASIC_AUTH",
        "BOOKMARK",
        "BROWSER_PLUGIN",
        "OPENID_CONNECT",
        "SAML_1_1",
        "SAML_2_0",
        "SECURE_PASSWORD_STORE",
        "WS_FEDERATION"
      ]
    },
    "status": {
      "type": "string",
      "description": "App instance status",
      "enum": [
        "ACTIVE",
        "DELETED",
        "INACTIVE"
      ]
    },
    "universalLogout": {
      "type": "object",
      "description": "<div class=\"x-lifecycle-container\"><x-lifecycle class=\"oie\"></x-lifecycle></div> Universal Logout properties for the app. These properties are only returned and can't be updated.",
      "properties": {
        "identityStack": {
          "type": "string",
          "description": "Indicates whether the app uses a shared identity stack that may cause the user to sign out of other apps by the same company",
          "enum": [
            "SHARED",
            "NOT_SHARED"
          ]
        },
        "protocol": {
          "type": "string",
          "description": "The protocol used for Universal Logout",
          "enum": [
            "PROPRIETARY",
            "GLOBAL_TOKEN_REVOCATION"
          ]
        },
        "status": {
          "type": "string",
          "description": "Universal Logout status for the app instance",
          "enum": [
            "ENABLED",
            "DISABLED",
            "UNSUPPORTED"
          ]
        },
        "supportType": {
          "type": "string",
          "description": "Indicates whether the app supports full or partial Universal Logout (UL).",
          "enum": [
            "FULL",
            "PARTIAL"
          ]
        }
      }
    },
    "visibility": {
      "type": "object",
      "description": "Specifies visibility settings for the app",
      "properties": {
        "appLinks": {
          "type": "object",
          "description": "Links or icons that appear on the End-User Dashboard if they're set to `true`."
        },
        "autoLaunch": {
          "type": "boolean",
          "description": "Automatically signs in to the app when user signs into Okta"
        },
        "autoSubmitToolbar": {
          "type": "boolean",
          "description": "Automatically sign in when user lands on the sign-in page"
        },
        "hide": {
          "type": "object",
          "description": "Hides the app for specific end-user apps"
        }
      }
    }
  },
  "required": [
    "PCID",
    "label",
    "signOnMode"
  ]
}

okta-apps_deactivate_application

Deactivate an application Parameters:

Parameter	Type	Required	Default	Description
`appId`	string	Yes	—	Application ID

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "appId": {
      "type": "string",
      "description": "Application ID"
    }
  },
  "required": [
    "PCID",
    "appId"
  ]
}

okta-apps_delete_application

Delete an application Parameters:

Parameter	Type	Required	Default	Description
`appId`	string	Yes	—	Application ID

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "appId": {
      "type": "string",
      "description": "Application ID"
    }
  },
  "required": [
    "PCID",
    "appId"
  ]
}

okta-apps_get_application

Retrieve an application Parameters:

Parameter	Type	Required	Default	Description
`appId`	string	Yes	—	Application ID
`expand`	string	No	—	An optional query parameter to return the specified Application User in the `_embedded` property. Valid value: `expand=user/{userId}`

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "appId": {
      "type": "string",
      "description": "Application ID"
    },
    "expand": {
      "type": "string",
      "description": "An optional query parameter to return the specified [Application User](/openapi/okta-management/management/tags/applicationusers) in the `_embedded` property. Valid value: `expand=user/{userId}`"
    }
  },
  "required": [
    "PCID",
    "appId"
  ]
}

okta-apps_get_application_group_assignment

Retrieve an application group Parameters:

Parameter	Type	Required	Default	Description
`appId`	string	Yes	—	Application ID
`groupId`	string	Yes	—	The `id` of the group
`expand`	string	No	—	An optional query parameter to return the corresponding assigned group or the group assignment metadata details in the `_embedded` property.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "appId": {
      "type": "string",
      "description": "Application ID"
    },
    "groupId": {
      "type": "string",
      "description": "The `id` of the group"
    },
    "expand": {
      "type": "string",
      "description": "An optional query parameter to return the corresponding assigned [group](openapi/okta-management/management/group) or the group assignment metadata details in the `_embedded` property."
    }
  },
  "required": [
    "PCID",
    "appId",
    "groupId"
  ]
}

okta-apps_get_application_user

Retrieve an application user Parameters:

Parameter	Type	Required	Default	Description
`appId`	string	Yes	—	Application ID
`userId`	string	Yes	—	ID of an existing Okta user
`expand`	string	No	—	An optional query parameter to return the corresponding User object in the `_embedded` property. Valid value: `user`

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "appId": {
      "type": "string",
      "description": "Application ID"
    },
    "userId": {
      "type": "string",
      "description": "ID of an existing Okta user"
    },
    "expand": {
      "type": "string",
      "description": "An optional query parameter to return the corresponding [User](/openapi/okta-management/management/tags/user) object in the `_embedded` property. Valid value: `user`"
    }
  },
  "required": [
    "PCID",
    "appId",
    "userId"
  ]
}

okta-apps_list_application_group_assignments

List all application groups Parameters:

Parameter	Type	Required	Default	Description
`appId`	string	Yes	—	Application ID
`q`	string	No	—	Specifies a filter for a list of assigned groups returned based on their names. The value of `q` is matched against the group `name`. This filter only supports the `startsWith` operation that matches the `q` string against the beginning of the group name.
`after`	string	No	—	Specifies the pagination cursor for the `next` page of results. Treat this as an opaque value obtained through the next link relationship. See Pagination.
`limit`	integer	No	—	Specifies the number of objects to return per page. If there are multiple pages of results, the Link header contains a `next` link that you need to use as an opaque value (follow it, don’t parse it). See Pagination.
`expand`	string	No	—	An optional query parameter to return the corresponding assigned group or the group assignment metadata details in the `_embedded` property.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "appId": {
      "type": "string",
      "description": "Application ID"
    },
    "q": {
      "type": "string",
      "description": "Specifies a filter for a list of assigned groups returned based on their names. The value of `q` is matched against the group `name`. This filter only supports the `startsWith` operation that matches the `q` string against the beginning of the [group name](openapi/okta-management/management/group#tag/Group/operation/listGroups!c=200&path=profile/name&t=response)."
    },
    "after": {
      "type": "string",
      "description": "Specifies the pagination cursor for the `next` page of results. Treat this as an opaque value obtained through the next link relationship. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
    },
    "limit": {
      "type": "integer",
      "description": "Specifies the number of objects to return per page. If there are multiple pages of results, the Link header contains a `next` link that you need to use as an opaque value (follow it, don't parse it). See [Pagination](/#pagination)."
    },
    "expand": {
      "type": "string",
      "description": "An optional query parameter to return the corresponding assigned [group](openapi/okta-management/management/group) or the group assignment metadata details in the `_embedded` property."
    }
  },
  "required": [
    "PCID",
    "appId"
  ]
}

okta-apps_list_application_users

List all application users Parameters:

Parameter	Type	Required	Default	Description
`appId`	string	Yes	—	Application ID
`after`	string	No	—	Specifies the pagination cursor for the next page of results. Treat this as an opaque value obtained through the next link relationship. See Pagination.
`limit`	integer	No	—	Specifies the number of objects to return per page. If there are multiple pages of results, the Link header contains a `next` link that you need to use as an opaque value (follow it, don’t parse it). See Pagination.
`q`	string	No	—	Specifies a filter for the list of application users returned based on their profile attributes. The value of `q` is matched against the beginning of the following profile attributes: `userName`, `firstName`, `lastName`, and `email`. This filter only supports the `startsWith` operation that matches the `q` string against the beginning of the attribute values. > Note: For OIDC apps, user profiles don’t contain the `firstName` or `lastName` attributes. Therefore, the query only matches against the `userName` or `email` attributes.
`expand`	string	No	—	An optional query parameter to return the corresponding User object in the `_embedded` property. Valid value: `user`

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "appId": {
      "type": "string",
      "description": "Application ID"
    },
    "after": {
      "type": "string",
      "description": "Specifies the pagination cursor for the next page of results. Treat this as an opaque value obtained through the next link relationship. See [Pagination](/#pagination)."
    },
    "limit": {
      "type": "integer",
      "description": "Specifies the number of objects to return per page. If there are multiple pages of results, the Link header contains a `next` link that you need to use as an opaque value (follow it, don't parse it). See [Pagination](/#pagination)."
    },
    "q": {
      "type": "string",
      "description": "Specifies a filter for the list of application users returned based on their profile attributes. The value of `q` is matched against the beginning of the following profile attributes: `userName`, `firstName`, `lastName`, and `email`. This filter only supports the `startsWith` operation that matches the `q` string against the beginning of the attribute values. > **Note:** For OIDC apps, user profiles don't contain the `firstName` or `lastName` attributes. Therefore, the query only matches against the `userName` or `email` attributes."
    },
    "expand": {
      "type": "string",
      "description": "An optional query parameter to return the corresponding [User](/openapi/okta-management/management/tags/user) object in the `_embedded` property. Valid value: `user`"
    }
  },
  "required": [
    "PCID",
    "appId"
  ]
}

okta-apps_list_applications

List all applications Parameters:

Parameter	Type	Required	Default	Description
`q`	string	No	—	Searches for apps with `name` or `label` properties that starts with the `q` value using the `startsWith` operation
`after`	string	No	—	Specifies the pagination cursor for the next page of results. Treat this as an opaque value obtained through the `next` link relationship.
`useOptimization`	boolean	No	—	Specifies whether to use query optimization. If you specify `useOptimization=true` in the request query, the response contains a subset of app instance properties.
`alwaysIncludeVpnSettings`	boolean	No	—	Specifies whether to include the VPN configuration for existing notifications in the result, regardless of whether VPN notifications are configured
`limit`	integer	No	—	Specifies the number of results per page
`filter`	string	No	—	Filters apps with a supported expression for a subset of properties. Filtering supports the following limited number of properties: `id`, `status`, `credentials.signing.kid`, `settings.slo.enabled`, or `name`. See Filter.
`expand`	string	No	—	An optional parameter used for link expansion to embed more resources in the response. Only supports `expand=user/{userId}` and must be used with the `user.id eq "{userId}"` filter query for the same user. Returns the assigned application user in the `_embedded` property.
`includeNonDeleted`	boolean	No	—	Specifies whether to include non-active, but not deleted apps in the results

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "q": {
      "type": "string",
      "description": "Searches for apps with `name` or `label` properties that starts with the `q` value using the `startsWith` operation"
    },
    "after": {
      "type": "string",
      "description": "Specifies the [pagination](/#pagination) cursor for the next page of results. Treat this as an opaque value obtained through the `next` link relationship."
    },
    "useOptimization": {
      "type": "boolean",
      "description": "Specifies whether to use query optimization. If you specify `useOptimization=true` in the request query, the response contains a subset of app instance properties."
    },
    "alwaysIncludeVpnSettings": {
      "type": "boolean",
      "description": "Specifies whether to include the VPN configuration for existing notifications in the result, regardless of whether VPN notifications are configured"
    },
    "limit": {
      "type": "integer",
      "description": "Specifies the number of results per page"
    },
    "filter": {
      "type": "string",
      "description": "Filters apps with a supported expression for a subset of properties. Filtering supports the following limited number of properties: `id`, `status`, `credentials.signing.kid`, `settings.slo.enabled`, or `name`. See [Filter](https://developer.okta.com/docs/api/#filter)."
    },
    "expand": {
      "type": "string",
      "description": "An optional parameter used for link expansion to embed more resources in the response. Only supports `expand=user/{userId}` and must be used with the `user.id eq \"{userId}\"` filter query for the same user. Returns the assigned [application user](/openapi/okta-management/management/tags/applicationusers) in the `_embedded` property."
    },
    "includeNonDeleted": {
      "type": "boolean",
      "description": "Specifies whether to include non-active, but not deleted apps in the results"
    }
  },
  "required": [
    "PCID"
  ]
}

okta-apps_replace_application

Replace an application Parameters:

Parameter	Type	Required	Default	Description
`appId`	string	Yes	—	Application ID
`_embedded`	object	No	—	Embedded resources related to the app using the JSON Hypertext Application Language specification. If the `expand=user/{userId}` query parameter is specified, then the assigned Application User is embedded.
`_links`	object	No	—	Discoverable resources related to the app
`accessibility`	object	No	—	Specifies access settings for the app
`created`	string	No	—	Timestamp when the application object was created
`expressConfiguration`	object	No	—	<div class=“x-lifecycle-container”><x-lifecycle class=“oie”></x-lifecycle></div> Indicates which Express Configuration capabilities the app supports and has enabled
`features`	string[]	No	—	Enabled app features > Note: See Application Features for app provisioning features.
`id`	string	No	—	Unique ID for the app instance
`label`	string	Yes	—	User-defined display name for app
`lastUpdated`	string	No	—	Timestamp when the application object was last updated
`licensing`	object	No	—	Licenses for the app
`orn`	string	No	—	The Okta resource name (ORN) for the current app instance
`profile`	object	No	—	Contains any valid JSON schema for specifying properties that can be referenced from a request (only available to OAuth 2.0 client apps). For example, add an app manager contact email address or define an allowlist of groups that you can then reference using the Okta Expression Language `getFilteredGroups` function. > Notes: > * `profile` isn’t encrypted, so don’t store sensitive data in it. > * `profile` doesn’t limit the level of nesting in the JSON schema you created, but there is a practical size limit. Okta recommends a JSON schema size of 1 MB or less for best performance.
`signOnMode`	string	Yes	—	Authentication mode for the app \| signOnMode \| Description \| \| ---------- \| ----------- \| \| AUTO_LOGIN \| Secure Web Authentication (SWA) \| \| BASIC_AUTH \| HTTP Basic Authentication with Okta Browser Plugin \| \| BOOKMARK \| Just a bookmark (no-authentication) \| \| BROWSER_PLUGIN \| Secure Web Authentication (SWA) with Okta Browser Plugin \| \| OPENID_CONNECT \| Federated Authentication with OpenID Connect (OIDC) \| \| SAML_1_1 \| Federated Authentication with SAML 1.1 WebSSO (not supported for custom apps) \| \| SAML_2_0 \| Federated Authentication with SAML 2.0 WebSSO \| \| SECURE_PASSWORD_STORE \| Secure Web Authentication (SWA) with POST (plugin not required) \| \| WS_FEDERATION \| Federated Authentication with WS-Federation Passive Requestor Profile \| Select the `signOnMode` for your custom app:
`status`	string	No	—	App instance status
`universalLogout`	object	No	—	<div class=“x-lifecycle-container”><x-lifecycle class=“oie”></x-lifecycle></div> Universal Logout properties for the app. These properties are only returned and can’t be updated.
`visibility`	object	No	—	Specifies visibility settings for the app

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "appId": {
      "type": "string",
      "description": "Application ID"
    },
    "_embedded": {
      "type": "object",
      "description": "Embedded resources related to the app using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. If the `expand=user/{userId}` query parameter is specified, then the assigned [Application User](/openapi/okta-management/management/tags/applicationusers) is embedded.",
      "properties": {
        "user": {
          "type": "object",
          "description": "The specified [Application User](/openapi/okta-management/management/tags/applicationusers) assigned to the app"
        }
      }
    },
    "_links": {
      "description": "Discoverable resources related to the app"
    },
    "accessibility": {
      "type": "object",
      "description": "Specifies access settings for the app",
      "properties": {
        "errorRedirectUrl": {
          "type": "string",
          "description": "Custom error page URL for the app"
        },
        "loginRedirectUrl": {
          "type": "string",
          "description": "Custom login page URL for the app > **Note:** The `loginRedirectUrl` property is deprecated in Identity Engine. This property is used with the custom app login feature. Orgs that actively use this feature can continue to do so. See [Okta-hosted sign-in (redirect authentication)](https://developer.okta.com/docs/guides/redirect-authentication/) or [configure IdP routing rules](https://help.okta.com/okta_help.htm?type=oie&id=ext-cfg-routing-rules) to redirect users to the appropriate sign-in app for orgs that don't use the custom app login feature."
        },
        "selfService": {
          "type": "boolean",
          "description": "Represents whether the app can be self-assignable by users"
        }
      }
    },
    "created": {
      "type": "string",
      "description": "Timestamp when the application object was created"
    },
    "expressConfiguration": {
      "type": "object",
      "description": "<div class=\"x-lifecycle-container\"><x-lifecycle class=\"oie\"></x-lifecycle></div> Indicates which Express Configuration capabilities the app supports and has enabled",
      "properties": {
        "enabledCapabilities": {
          "type": "array",
          "items": {
            "type": "string",
            "enum": [
              "PROVISIONING",
              "SSO",
              "UNIVERSAL_LOGOUT"
            ]
          },
          "description": "Capabilities currently enabled for the app"
        },
        "supportedCapabilities": {
          "type": "array",
          "items": {
            "type": "string",
            "enum": [
              "PROVISIONING",
              "SSO",
              "UNIVERSAL_LOGOUT"
            ]
          },
          "description": "Capabilities supported by the app"
        }
      }
    },
    "features": {
      "type": "array",
      "items": {
        "type": "string",
        "enum": [
          "GROUP_PUSH",
          "IMPORT_NEW_USERS",
          "IMPORT_PROFILE_UPDATES",
          "IMPORT_USER_SCHEMA",
          "PROFILE_MASTERING",
          "PUSH_NEW_USERS",
          "PUSH_PASSWORD_UPDATES",
          "PUSH_PROFILE_UPDATES",
          "PUSH_USER_DEACTIVATION",
          "REACTIVATE_USERS",
          "OUTBOUND_DEL_AUTH",
          "DESKTOP_SSO",
          "FEDERATED_PROFILE",
          "SUPPRESS_ACTIVATION_EMAIL",
          "PUSH_PENDING_USERS",
          "MFA",
          "UPDATE_EXISTING_USERNAME",
          "EXCLUDE_USERNAME_UPDATE_ON_PROFILE_PUSH",
          "EXCHANGE_ACTIVE_SYNC",
          "IMPORT_SYNC",
          "IMPORT_SYNC_CONTACTS",
          "DEVICE_COMPLIANCE",
          "VPN_CONFIG",
          "IMPORT_SCHEMA_ENUM_VALUES",
          "SCIM_PROVISIONING",
          "DEVICE_FILTER_IN_SIGN_ON_RULES",
          "PROFILE_TEMPLATE_UPGRADE",
          "DEFAULT_PUSH_STATUS_TO_PUSH",
          "REAL_TIME_SYNC",
          "SSO",
          "AUTHN_CONTEXT",
          "JIT_PROVISIONING",
          "GROUP_SYNC",
          "OPP_SCIM_INCREMENTAL_IMPORTS",
          "IN_MEMORY_APP_USER",
          "LOG_STREAMING",
          "OAUTH_INTEGRATION",
          "IDP",
          "PUSH_NEW_USERS_WITHOUT_PASSWORD",
          "SKYHOOK_SERVICE",
          "ENTITLEMENT_MANAGEMENT",
          "PUSH_NEW_USERS_WITH_HASHED_PASSWORD"
        ]
      },
      "description": "Enabled app features > **Note:** See [Application Features](/openapi/okta-management/management/tags/applicationfeatures/) for app provisioning features."
    },
    "id": {
      "type": "string",
      "description": "Unique ID for the app instance"
    },
    "label": {
      "type": "string",
      "description": "User-defined display name for app"
    },
    "lastUpdated": {
      "type": "string",
      "description": "Timestamp when the application object was last updated"
    },
    "licensing": {
      "type": "object",
      "description": "Licenses for the app",
      "properties": {
        "seatCount": {
          "type": "integer",
          "description": "Number of licenses purchased for the app"
        }
      }
    },
    "orn": {
      "type": "string",
      "description": "The Okta resource name (ORN) for the current app instance"
    },
    "profile": {
      "type": "object",
      "description": "Contains any valid JSON schema for specifying properties that can be referenced from a request (only available to OAuth 2.0 client apps). For example, add an app manager contact email address or define an allowlist of groups that you can then reference using the Okta Expression Language `getFilteredGroups` function.  > **Notes:** > * `profile` isn't encrypted, so don't store sensitive data in it. > * `profile` doesn't limit the level of nesting in the JSON schema you created, but there is a practical size limit. Okta recommends a JSON schema size of 1 MB or less for best performance."
    },
    "signOnMode": {
      "type": "string",
      "description": "Authentication mode for the app  | signOnMode | Description | | ---------- | ----------- | | AUTO_LOGIN | Secure Web Authentication (SWA) | | BASIC_AUTH | HTTP Basic Authentication with Okta Browser Plugin | | BOOKMARK | Just a bookmark (no-authentication) | | BROWSER_PLUGIN | Secure Web Authentication (SWA) with Okta Browser Plugin | | OPENID_CONNECT | Federated Authentication with OpenID Connect (OIDC) | | SAML_1_1 | Federated Authentication with SAML 1.1 WebSSO (not supported for custom apps) | | SAML_2_0 | Federated Authentication with SAML 2.0 WebSSO | | SECURE_PASSWORD_STORE | Secure Web Authentication (SWA) with POST (plugin not required) | | WS_FEDERATION | Federated Authentication with WS-Federation Passive Requestor Profile |  Select the `signOnMode` for your custom app:",
      "enum": [
        "AUTO_LOGIN",
        "BASIC_AUTH",
        "BOOKMARK",
        "BROWSER_PLUGIN",
        "OPENID_CONNECT",
        "SAML_1_1",
        "SAML_2_0",
        "SECURE_PASSWORD_STORE",
        "WS_FEDERATION"
      ]
    },
    "status": {
      "type": "string",
      "description": "App instance status",
      "enum": [
        "ACTIVE",
        "DELETED",
        "INACTIVE"
      ]
    },
    "universalLogout": {
      "type": "object",
      "description": "<div class=\"x-lifecycle-container\"><x-lifecycle class=\"oie\"></x-lifecycle></div> Universal Logout properties for the app. These properties are only returned and can't be updated.",
      "properties": {
        "identityStack": {
          "type": "string",
          "description": "Indicates whether the app uses a shared identity stack that may cause the user to sign out of other apps by the same company",
          "enum": [
            "SHARED",
            "NOT_SHARED"
          ]
        },
        "protocol": {
          "type": "string",
          "description": "The protocol used for Universal Logout",
          "enum": [
            "PROPRIETARY",
            "GLOBAL_TOKEN_REVOCATION"
          ]
        },
        "status": {
          "type": "string",
          "description": "Universal Logout status for the app instance",
          "enum": [
            "ENABLED",
            "DISABLED",
            "UNSUPPORTED"
          ]
        },
        "supportType": {
          "type": "string",
          "description": "Indicates whether the app supports full or partial Universal Logout (UL).",
          "enum": [
            "FULL",
            "PARTIAL"
          ]
        }
      }
    },
    "visibility": {
      "type": "object",
      "description": "Specifies visibility settings for the app",
      "properties": {
        "appLinks": {
          "type": "object",
          "description": "Links or icons that appear on the End-User Dashboard if they're set to `true`."
        },
        "autoLaunch": {
          "type": "boolean",
          "description": "Automatically signs in to the app when user signs into Okta"
        },
        "autoSubmitToolbar": {
          "type": "boolean",
          "description": "Automatically sign in when user lands on the sign-in page"
        },
        "hide": {
          "type": "object",
          "description": "Hides the app for specific end-user apps"
        }
      }
    }
  },
  "required": [
    "PCID",
    "appId",
    "label",
    "signOnMode"
  ]
}

okta-apps_unassign_application_from_group

Unassign an application group Parameters:

Parameter	Type	Required	Default	Description
`appId`	string	Yes	—	Application ID
`groupId`	string	Yes	—	The `id` of the group

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "appId": {
      "type": "string",
      "description": "Application ID"
    },
    "groupId": {
      "type": "string",
      "description": "The `id` of the group"
    }
  },
  "required": [
    "PCID",
    "appId",
    "groupId"
  ]
}

okta-apps_unassign_user_from_application

Unassign an application user Parameters:

Parameter	Type	Required	Default	Description
`appId`	string	Yes	—	Application ID
`userId`	string	Yes	—	ID of an existing Okta user
`sendEmail`	boolean	No	—	Sends a deactivation email to the administrator if `true`

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "appId": {
      "type": "string",
      "description": "Application ID"
    },
    "userId": {
      "type": "string",
      "description": "ID of an existing Okta user"
    },
    "sendEmail": {
      "type": "boolean",
      "description": "Sends a deactivation email to the administrator if `true`"
    }
  },
  "required": [
    "PCID",
    "appId",
    "userId"
  ]
}

okta-apps_update_application_user

Update an application user Parameters:

Parameter	Type	Required	Default	Description
`appId`	string	Yes	—	Application ID
`userId`	string	Yes	—	ID of an existing Okta user
`body`	object	Yes	—	Request body

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "appId": {
      "type": "string",
      "description": "Application ID"
    },
    "userId": {
      "type": "string",
      "description": "ID of an existing Okta user"
    },
    "body": {
      "description": "Request body"
    }
  },
  "required": [
    "PCID",
    "appId",
    "userId",
    "body"
  ]
}

okta-apps_update_group_assignment_to_application

Update an application group Parameters:

Parameter	Type	Required	Default	Description
`appId`	string	Yes	—	Application ID
`groupId`	string	Yes	—	The `id` of the group
`body`	object[]	No	—	Request body

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "appId": {
      "type": "string",
      "description": "Application ID"
    },
    "groupId": {
      "type": "string",
      "description": "The `id` of the group"
    },
    "body": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "op": {
            "type": "string",
            "enum": [
              "remove",
              "replace"
            ],
            "description": "The operation (PATCH action)"
          },
          "path": {
            "type": "string",
            "description": "The resource path of the attribute to update"
          },
          "value": {
            "type": "object",
            "description": "The update operation value"
          }
        }
      },
      "description": "Request body"
    }
  },
  "required": [
    "PCID",
    "appId",
    "groupId"
  ]
}

​Tools

​okta-apps_activate_application

​okta-apps_assign_group_to_application

​okta-apps_assign_user_to_application

​okta-apps_create_application

​okta-apps_deactivate_application

​okta-apps_delete_application

​okta-apps_get_application

​okta-apps_get_application_group_assignment

​okta-apps_get_application_user

​okta-apps_list_application_group_assignments

​okta-apps_list_application_users

​okta-apps_list_applications

​okta-apps_replace_application

​okta-apps_unassign_application_from_group

​okta-apps_unassign_user_from_application

​okta-apps_update_application_user

​okta-apps_update_group_assignment_to_application

Tools

okta-apps_activate_application

okta-apps_assign_group_to_application

okta-apps_assign_user_to_application

okta-apps_create_application

okta-apps_deactivate_application

okta-apps_delete_application

okta-apps_get_application

okta-apps_get_application_group_assignment

okta-apps_get_application_user

okta-apps_list_application_group_assignments

okta-apps_list_application_users

okta-apps_list_applications

okta-apps_replace_application

okta-apps_unassign_application_from_group

okta-apps_unassign_user_from_application

okta-apps_update_application_user

okta-apps_update_group_assignment_to_application