okta

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 2, 2019 License: MIT Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// MFAStatusActive is a  constant to represent OKTA User State returned by the API
	MFAStatusActive = "ACTIVE"
	// MFAStatusPending is a user MFA Status of NOT Active
	MFAStatusPending = "PENDING_ACTIVATION"
)
View Source 
const (
	// GroupTypeOKTA - group type constant for an OKTA Mastered Group
	GroupTypeOKTA = "OKTA_GROUP"
	// GroupTypeBuiltIn - group type constant for a Built in OKTA groups
	GroupTypeBuiltIn = "BUILT_IN"
	// GroupTypeApp -- group type constant for app mastered group
	GroupTypeApp = "APP_GROUP"
)
View Source 
const (
	DuoFactor          = "duo"
	FidoU2fFactor      = "fido_u2f"
	FidoWebauthnFactor = "fido_webauthn"
	GoogleOtpFactor    = "google_otp"
	OktaCallFactor     = "okta_call"
	OktaOtpFactor      = "okta_otp"
	OktaPushFactor     = "okta_push"
	OktaQuestionFactor = "okta_question"
	OktaSmsFactor      = "okta_sms"
	RsaTokenFactor     = "rsa_token"
	SymantecVipFactor  = "symantec_vip"
	YubikeyTokenFactor = "yubikey_token"
)

Current available factors for MFA

View Source 
const (

	// FilterEqualOperator Filter Operatorid for "equal"
	FilterEqualOperator = "eq"
	// FilterStartsWithOperator - filter operator for "starts with"
	FilterStartsWithOperator = "sw"
	// FilterGreaterThanOperator - filter operator for "greater than"
	FilterGreaterThanOperator = "gt"
	// FilterLessThanOperator - filter operator for "less than"
	FilterLessThanOperator = "lt"
)
View Source 
const (

	// UserStatusActive is a  constant to represent OKTA User State returned by the API
	UserStatusActive = "ACTIVE"
	// UserStatusStaged is a  constant to represent OKTA User State returned by the API
	UserStatusStaged = "STAGED"
	// UserStatusProvisioned is a  constant to represent OKTA User State returned by the API
	UserStatusProvisioned = "PROVISIONED"
	// UserStatusRecovery is a  constant to represent OKTA User State returned by the API
	UserStatusRecovery = "RECOVERY"
	// UserStatusLockedOut is a  constant to represent OKTA User State returned by the API
	UserStatusLockedOut = "LOCKED_OUT"
	// UserStatusPasswordExpired is a  constant to represent OKTA User State returned by the API
	UserStatusPasswordExpired = "PASSWORD_EXPIRED"
	// UserStatusSuspended is a  constant to represent OKTA User State returned by the API
	UserStatusSuspended = "SUSPENDED"
	// UserStatusDeprovisioned is a  constant to represent OKTA User State returned by the API
	UserStatusDeprovisioned = "DEPROVISIONED"
)

Variables

This section is empty.

Functions

func CheckResponse 

func CheckResponse(c *Client, r *http.Response) error

CheckResponse checks the API response for errors, and returns them if present. A response is considered an error if it has a status code outside the 200 range. API error responses are expected to have either no response body, or a JSON response body that maps to ErrorResponse. Any other response body will be silently ignored.

The error type will be *RateLimitError for rate limit exceeded errors, and *TwoFactorAuthError for two-factor authentication errors. TODO - check un-authorized

Types 

type AccountLink struct {
	Filter string `json:"filter,omitempty"`
	Action string `json:"action,omitempty"`
}

type App 

type App struct {
	ID            string    `json:"id"`
	Name          string    `json:"name"`
	Label         string    `json:"label"`
	Status        string    `json:"status"`
	LastUpdated   time.Time `json:"lastUpdated"`
	Created       time.Time `json:"created"`
	Accessibility struct {
		SelfService      bool        `json:"selfService"`
		ErrorRedirectURL interface{} `json:"errorRedirectUrl"`
		LoginRedirectURL interface{} `json:"loginRedirectUrl"`
	} `json:"accessibility"`
	Visibility struct {
		AutoSubmitToolbar bool `json:"autoSubmitToolbar"`
		Hide              struct {
			IOS bool `json:"iOS"`
			Web bool `json:"web"`
		} `json:"hide"`
		AppLinks struct {
			TestorgoneCustomsaml20App1Link bool `json:"testorgone_customsaml20app_1_link"`
		} `json:"appLinks"`
	} `json:"visibility"`
	Features    []interface{} `json:"features"`
	SignOnMode  string        `json:"signOnMode"`
	Credentials struct {
		UserNameTemplate struct {
			Template string `json:"template"`
			Type     string `json:"type"`
		} `json:"userNameTemplate"`
		Signing struct {
		} `json:"signing"`
	} `json:"credentials"`
	Settings struct {
		App struct {
		} `json:"app"`
		Notifications struct {
			Vpn struct {
				Network struct {
					Connection string `json:"connection"`
				} `json:"network"`
				Message interface{} `json:"message"`
				HelpURL interface{} `json:"helpUrl"`
			} `json:"vpn"`
		} `json:"notifications"`
		SignOn struct {
			DefaultRelayState     string        `json:"defaultRelayState"`
			SsoAcsURL             string        `json:"ssoAcsUrl"`
			IdpIssuer             string        `json:"idpIssuer"`
			Audience              string        `json:"audience"`
			Recipient             string        `json:"recipient"`
			Destination           string        `json:"destination"`
			SubjectNameIDTemplate string        `json:"subjectNameIdTemplate"`
			SubjectNameIDFormat   string        `json:"subjectNameIdFormat"`
			ResponseSigned        bool          `json:"responseSigned"`
			AssertionSigned       bool          `json:"assertionSigned"`
			SignatureAlgorithm    string        `json:"signatureAlgorithm"`
			DigestAlgorithm       string        `json:"digestAlgorithm"`
			HonorForceAuthn       bool          `json:"honorForceAuthn"`
			AuthnContextClassRef  string        `json:"authnContextClassRef"`
			SpIssuer              interface{}   `json:"spIssuer"`
			RequestCompressed     bool          `json:"requestCompressed"`
			AttributeStatements   []interface{} `json:"attributeStatements"`
		} `json:"signOn"`
	} `json:"settings"`
	Links struct {
		Logo []struct {
			Name string `json:"name"`
			Href string `json:"href"`
			Type string `json:"type"`
		} `json:"logo"`
		AppLinks []struct {
			Name string `json:"name"`
			Href string `json:"href"`
			Type string `json:"type"`
		} `json:"appLinks"`
		Help struct {
			Href string `json:"href"`
			Type string `json:"type"`
		} `json:"help"`
		Users struct {
			Href string `json:"href"`
		} `json:"users"`
		Deactivate struct {
			Href string `json:"href"`
		} `json:"deactivate"`
		Groups struct {
			Href string `json:"href"`
		} `json:"groups"`
		Metadata struct {
			Href string `json:"href"`
			Type string `json:"type"`
		} `json:"metadata"`
	} `json:"_links"`
}

func (App) String 

func (a App) String() string

type AppFilterOptions 

type AppFilterOptions struct {
	NextURL       *url.URL `url:"-"`
	GetAllPages   bool     `url:"-"`
	NumberOfPages int      `url:"-"`
	Limit         int      `url:"limit,omitempty"`
}

AppFilterOptions is used to generate a "Filter" to search for different Apps The values here coorelate to API Search paramgters on the group API

type AppUser 

type AppUser struct {
	ID              string     `json:"id"`
	ExternalID      string     `json:"externalId"`
	Created         time.Time  `json:"created"`
	LastUpdated     time.Time  `json:"lastUpdated"`
	Scope           string     `json:"scope"`
	Status          string     `json:"status"`
	StatusChanged   *time.Time `json:"statusChanged"`
	PasswordChanged *time.Time `json:"passwordChanged"`
	SyncState       string     `json:"syncState"`
	LastSync        *time.Time `json:"lastSync"`
	Credentials     struct {
		UserName string `json:"userName"`
		Password struct {
		} `json:"password"`
	} `json:"credentials"`
	Profile struct {
		SecondEmail      interface{} `json:"secondEmail"`
		LastName         string      `json:"lastName"`
		MobilePhone      interface{} `json:"mobilePhone"`
		Email            string      `json:"email"`
		SalesforceGroups []string    `json:"salesforceGroups"`
		Role             string      `json:"role"`
		FirstName        string      `json:"firstName"`
		Profile          string      `json:"profile"`
	} `json:"profile"`
	Links struct {
		App struct {
			Href string `json:"href"`
		} `json:"app"`
		User struct {
			Href string `json:"href"`
		} `json:"user"`
	} `json:"_links"`
}

type AppsService 

type AppsService service

func (*AppsService) GetByID 

func (a *AppsService) GetByID(appID string) (*App, *Response, error)

GetByID gets a group from OKTA by the Gropu ID. An error is returned if the group is not found

func (*AppsService) GetUsers 

func (a *AppsService) GetUsers(appID string, opt *AppFilterOptions) (appUsers []AppUser, resp *Response, err error)

GetUsers returns the members in an App 

Pass in an optional AppFilterOptions struct to filter the results
The Users in the app are returned

type AuthContext added in v1.0.1 

type AuthContext struct {
	AuthType string `json:"authType,omitempty"`
}

type AuthProvider 

type AuthProvider struct {
	Provider string   `json:"provider,omitempty"`
	Include  []string `json:"include,omitempty"`
}

policy & rule conditions authProvider obj

type Authorization added in v1.0.1 

type Authorization struct {
	Url     string `json:"url,omitempty"`
	Binding string `json:"binding,omitempty"`
}

type Authorize added in v1.0.1 

type Authorize struct {
	Href      string `json:"href,omitempty"`
	Templated bool   `json:"templated,omitempty"`
	Hints     *Hints `json:"hints,omitempty"`
}

type BaseSubSchema 

type BaseSubSchema struct {
	Index       string        `json:"-"`
	Title       string        `json:"title"`
	Type        string        `json:"type"`
	Format      string        `json:"format,omitempty"`
	Required    bool          `json:"required,omitempty"`
	Mutability  string        `json:"mutablity,omitempty"`
	Scope       string        `json:"scope,omitempty"`
	MinLength   int           `json:"minLength,omitempty"`
	MaxLength   int           `json:"maxLength,omitempty"`
	Permissions []Permissions `json:"permissions"`
	Master      *Master       `json:"master,omitempty"`
}

User Profiles Base SubSchema

type Client 

type Client struct {

	// Base URL for API requests.
	//  This will be built automatically based on inputs to NewClient
	//  If needed you can override this if needed (your URL is not *.okta.com or *.oktapreview.com)
	BaseURL *url.URL

	// User agent used when communicating with the GitHub API.
	UserAgent string

	PauseOnRateLimit bool

	// From the http response, populate this var with the okta error code, if applicable
	// https://developer.okta.com/reference/error_codes/
	OktaErrorCode string

	// RateRemainingFloor - If the API returns a "X-Rate-Limit-Remaining" header less than this the SDK will either pause
	//  Or throw  RateLimitError depending on the client.PauseOnRateLimit value. It defaults to 30
	// One client doing too much work can lock out all API Access for every other client
	// We are trying to be a "good API User Citizen"
	RateRemainingFloor int

	Limit int

	// Services used for talking to different parts of the  API.
	// Service for Working with Users
	Users *UsersService

	// Service for Working with Groups
	Groups *GroupsService

	// Service for Working with Apps
	Apps *AppsService

	// Service for Working with Policies
	Policies *PoliciesService

	// Service for Working with Schemas
	Schemas *SchemasService

	// Service for Working with Identity Providers
	IdentityProviders *IdentityProvidersService

	// Service for Working with Trusted Origins
	TrustedOrigins *TrustedOriginsService

	// Org service for administrating org level resources
	Org *OrgService
	// contains filtered or unexported fields
}

A Client manages communication with the API.

func NewClient 

func NewClient(httpClient *http.Client, orgName string, apiToken string, isProduction bool) *Client

NewClient returns a new OKTA API client. If a nil httpClient is provided, http.DefaultClient will be used.

func NewClientWithBaseURL 

func NewClientWithBaseURL(httpClient *http.Client, baseURL *url.URL, apiToken string) *Client

NewClientWithBaseURL creates a client based on the full base URL and api token

func NewClientWithDomain 

func NewClientWithDomain(httpClient *http.Client, orgName string, domain string, apiToken string) (*Client, error)

NewClientWithDomain creates a client based on the organziation name and base domain for requests (okta.com, okta-emea.com, oktapreview.com, etc).

func (*Client) Do 

func (c *Client) Do(req *http.Request, v interface{}) (*Response, error)

Do sends an API request and returns the API response. The API response is JSON decoded and stored in the value pointed to by v, or returned as an error if an API error has occurred. If v implements the io.Writer interface, the raw response body will be written to v, without attempting to first decode it. If rate limit is exceeded and reset time is in the future, Do returns rate immediately without making a network API call.

func (*Client) NewRequest 

func (c *Client) NewRequest(method, urlStr string, body interface{}) (*http.Request, error)

NewRequest creates an API request. A relative URL can be provided in urlStr, in which case it is resolved relative to the BaseURL of the Client. Relative URLs should always be specified without a preceding slash. If specified, the value pointed to by body is JSON encoded and included as the request body.

type ClientRedirectUri added in v1.0.1 

type ClientRedirectUri struct {
	Href  string `json:"href,omitempty"`
	Hints *Hints `json:"hints,omitempty"`
}

type Conditions added in v1.0.1 

type Conditions struct {
	Deprovisioned *Deprovisioned `json:"deprovisioned,omitempty"`
	Suspended     *Suspended     `json:"suspended,omitempty"`
}
type Consent struct {
	Terms struct {
		Format string `json:"format,omitempty"`
		Value  string `json:"value,omitempty"`
	} `json:"terms,omitempty"`
	Type string `json:"type,omitempty"`
}

Mfa policy factors consent obj

type Credentials added in v1.0.1 

type Credentials struct {
	Client *IdpClient `json:"client,omitempty"`
}

type CustomSubSchema 

type CustomSubSchema struct {
	Index       string `json:"-"`
	Title       string `json:"title"`
	Type        string `json:"type"`
	Description string `json:"description,omitempty"`
	Format      string `json:"format,omitempty"`
	Required    bool   `json:"required,omitempty"`
	Mutability  string `json:"mutablity,omitempty"`
	Scope       string `json:"scope,omitempty"`
	MinLength   int    `json:"minLength,omitempty"`
	MaxLength   int    `json:"maxLength,omitempty"`
	Items       struct {
		Type string `json:"type,omitempty"`
	} `json:"items,omitempty"`
	Union       string        `json:"union,omitempty"`
	Enum        []string      `json:"enum,omitempty"`
	OneOf       []OneOf       `json:"oneOf,omitempty"`
	Permissions []Permissions `json:"permissions"`
	Master      *Master       `json:"master,omitempty"`
}

User Profiles Custom SubSchema

type Delegation 

type Delegation struct {
	Options struct {
		SkipUnlock bool `json:"skipUnlock,omitempty"`
	} `json:"options,omitempty"`
}

password policy settings delegation obj

type Deprovisioned added in v1.0.1 

type Deprovisioned struct {
	Action string `json:"action,omitempty"`
}

type Endpoints added in v1.0.1 

type Endpoints struct {
	Authorization *Authorization `json:"authorization,omitempty"`
	Token         *Token         `json:"token,omitempty"`
}

type Enroll 

type Enroll struct {
	Self string `json:"self,omitempty"`
}

Mfa policy & rule factors enroll obj

type Factor added in v1.0.1 

type Factor struct {
	Id         string `json:"id"`
	Provider   string `json:"provider"`
	FactorType string `json:"factorType"`
	Status     string `json:"status"`
	Links      struct {
		Deactivate struct {
			Href  string `json:"href"`
			Hints *Hints `json:"hints"`
		} `json:"deactivate"`
	} `json:"_links"`
}

type FactorProvider added in v1.0.1 

type FactorProvider struct {
	Consent `json:"consent,omitempty"`
	Enroll  `json:"enroll,omitempty"`
}

FactorProvider represents a FactorProvider

type Factors 

type Factors struct {
	Duo          *FactorProvider `json:"duo,omitempty"`
	FidoU2f      *FactorProvider `json:"fido_u2f,omitempty"`
	FidoWebauthn *FactorProvider `json:"fido_webauthn,omitempty"`
	GoogleOtp    *FactorProvider `json:"google_otp,omitempty"`
	OktaCall     *FactorProvider `json:"okta_call,omitempty"`
	OktaOtp      *FactorProvider `json:"okta_otp,omitempty"`
	OktaPassword *FactorProvider `json:"okta_password,omitempty"`
	OktaPush     *FactorProvider `json:"okta_push,omitempty"`
	OktaQuestion *FactorProvider `json:"okta_question,omitempty"`
	OktaSms      *FactorProvider `json:"okta_sms,omitempty"`
	RsaToken     *FactorProvider `json:"rsa_token,omitempty"`
	SymantecVip  *FactorProvider `json:"symantec_vip,omitempty"`
	YubikeyToken *FactorProvider `json:"yubikey_token,omitempty"`
}

Mfa policy settings factors obj

type Group 

type Group struct {
	ID                    string        `json:"id"`
	Created               time.Time     `json:"created"`
	LastUpdated           time.Time     `json:"lastUpdated"`
	LastMembershipUpdated time.Time     `json:"lastMembershipUpdated"`
	ObjectClass           []string      `json:"objectClass"`
	Type                  string        `json:"type"`
	GroupProfile          *GroupProfile `json:"profile"`
	GroupLinks            *GroupLinks   `json:"_links"`
}

Group represents the Group Object from the OKTA API

type GroupFilterOptions 

type GroupFilterOptions struct {
	// This will be built by internal - may not need to export
	FilterString  string   `url:"filter,omitempty"`
	NextURL       *url.URL `url:"-"`
	GetAllPages   bool     `url:"-"`
	NumberOfPages int      `url:"-"`
	Limit         int      `url:"limit,omitempty"`

	NameStartsWith string `url:"q,omitempty"`
	GroupTypeEqual string `url:"-"`

	LastUpdated           dateFilter `url:"-"`
	LastMembershipUpdated dateFilter `url:"-"`
}

GroupFilterOptions is used to generate a "Filter" to search for different groups The values here coorelate to API Search paramgters on the group API 

type GroupLinks struct {
		Name string `json:"name"`
		Href string `json:"href"`
		Type string `json:"type"`
	} `json:"logo"`
	Users struct {
		Href string `json:"href"`
	} `json:"users"`
	Apps struct {
		Href string `json:"href"`
	} `json:"apps"`
}

type GroupProfile added in v1.0.1 

type GroupProfile struct {
	Name                       string `json:"name"`
	Description                string `json:"description"`
	SamAccountName             string `json:"samAccountName,omitempty"`
	Dn                         string `json:"dn,omitempty"`
	WindowsDomainQualifiedName string `json:"windowsDomainQualifiedName,omitempty"`
	ExternalID                 string `json:"externalId,omitempty"`
}

type GroupUserFilterOptions 

type GroupUserFilterOptions struct {
	Limit         int      `url:"limit,omitempty"`
	NextURL       *url.URL `url:"-"`
	GetAllPages   bool     `url:"-"`
	NumberOfPages int      `url:"-"`
}

GroupUserFilterOptions is a struct that you populate which will limit or control group fetches and searches 

The values here will coorelate to the search filtering allowed in the OKTA API. These values are turned into Query Parameters

type Groups 

type Groups struct {
	Include []string `json:"include,omitempty"`
	Exclude []string `json:"exclude,omitempty"`
}

policy & rule conditions people groups obj when creating an obj, Include & Exclude are exclusive

type GroupsService 

type GroupsService service

GroupsService handles communication with the Groups data related methods of the OKTA API.

func (*GroupsService) Add 

func (g *GroupsService) Add(groupName string, groupDescription string) (*Group, *Response, error)

Add - Adds an OKTA Mastered Group with name and description. GroupName is required.

func (*GroupsService) Delete 

func (g *GroupsService) Delete(groupID string) (*Response, error)

Delete - Deletes an OKTA Mastered Group with ID

func (*GroupsService) GetByID 

func (g *GroupsService) GetByID(groupID string) (*Group, *Response, error)

GetByID gets a group from OKTA by the Gropu ID. An error is returned if the group is not found

func (*GroupsService) GetUsers 

func (g *GroupsService) GetUsers(groupID string, opt *GroupUserFilterOptions) (users []User, resp *Response, err error)

GetUsers returns the members in a group 

Pass in an optional GroupFilterOptions struct to filter the results
The Users in the group are returned

func (*GroupsService) ListGroups 

func (s *GroupsService) ListGroups(filter string) (*groups, *Response, error)

func (*GroupsService) ListWithFilter 

func (g *GroupsService) ListWithFilter(opt *GroupFilterOptions) ([]Group, *Response, error)

ListWithFilter - Method to list groups with different filter options. 

Pass in a GroupFilterOptions to specify filters. Values in that struct will turn into Query parameters

func (*GroupsService) Update added in v1.0.1 

func (p *GroupsService) Update(id string, group interface{}) (*Group, *Response, error)

UpdateGroup: Update a group

type Hints added in v1.0.1 

type Hints struct {
	Allow []string `json:"allow,omitempty"`
}

type IdentityProvider added in v1.0.1 

type IdentityProvider struct {
	ID          string     `json:"id,omitempty"`
	Type        string     `json:"type,omitempty"`
	Status      string     `json:"status,omitempty"`
	IssuerMode  string     `json:"issuerMode,omitempty"`
	Name        string     `json:"name,omitempty"`
	Created     *time.Time `json:"created,omitempty"`
	LastUpdated *time.Time `json:"lastUpdated,omitempty"`
	Protocol    *Protocol  `json:"protocol,omitempty"`
	Policy      *IdpPolicy `json:"policy,omitempty"`
	Links       *IdpLinks  `json:"_links,omitempty"`
}

Note - time.Time fields are pointers due to the issue described at link below https://stackoverflow.com/questions/32643815/golang-json-omitempty-with-time-time-field

type IdentityProvidersService added in v1.0.1 

type IdentityProvidersService service

func (*IdentityProvidersService) CreateIdentityProvider added in v1.0.1 

func (p *IdentityProvidersService) CreateIdentityProvider(idp interface{}) (*IdentityProvider, *Response, error)

CreateIdentityProvider: Create an Identity Provider You must pass in the IdentityProvider object created from the desired input IdentityProvider

func (*IdentityProvidersService) DeleteIdentityProvider added in v1.0.1 

func (p *IdentityProvidersService) DeleteIdentityProvider(id string) (*Response, error)

DeleteIdentityProvider: Delete an Identity Provider Requires IdentityProvider ID from IdentityProvider object

func (*IdentityProvidersService) GetIdentityProvider added in v1.0.1 

func (p *IdentityProvidersService) GetIdentityProvider(id string) (*IdentityProvider, *Response, error)

GetIdentityProvider: Get an Identity Provider Requires IdentityProvider ID from IdentityProvider object

func (*IdentityProvidersService) IdentityProvider added in v1.0.1 

func (p *IdentityProvidersService) IdentityProvider() IdentityProvider

func (*IdentityProvidersService) UpdateIdentityProvider added in v1.0.1 

func (p *IdentityProvidersService) UpdateIdentityProvider(id string, idp interface{}) (*IdentityProvider, *Response, error)

UpdateIdentityProvider: Update an Identity Provider Requires IdentityProvider ID from IdentityProvider object & IdentityProvider object from the desired input IdentityProvider

type IdpClient added in v1.0.1 

type IdpClient struct {
	ClientID     string `json:"client_id,omitempty"`
	ClientSecret string `json:"client_secret,omitempty"`
}

type IdpGroups added in v1.0.1 

type IdpGroups struct {
	Action      string   `json:"action,omitempty"`
	Assignments []string `json:"assignments,omitempty"`
}
type IdpLinks struct {
	Authorize         *Authorize         `json:"authorize,omitempty"`
	ClientRedirectUri *ClientRedirectUri `json:"clientRedirectUri,omitempty"`
}

type IdpPolicy added in v1.0.1 

type IdpPolicy struct {
	Provisioning *Provisioning `json:"provisioning,omitempty"`
	AccountLink  *AccountLink  `json:"accountLink,omitempty"`
	Subject      *Subject      `json:"subject,omitempty"`
	MaxClockSkew int           `json:"maxClockSkew,omitempty"`
}

type Master added in v1.0.1 

type Master struct {
	Type string `json:"type,omitempty"`
}

type MfaRule 

type MfaRule struct {
	Type       string            `json:"type,omitempty"`
	Status     string            `json:"status,omitempty"`
	Name       string            `json:"name,omitempty"`
	Priority   int               `json:"priority,omitempty"`
	Conditions *PolicyConditions `json:"conditions,omitempty"`
	Actions    *MfaRuleActions   `json:"actions,omitempty"`
}

MfaRule represents the Rule Object from the OKTA API used to create or update a mfa rule

func (*MfaRule) PeopleCondition 

func (p *MfaRule) PeopleCondition(condition string, clude string, values []string) error

MfaRule PeopleCondition updates the People condition for the input mfa rule requires inputs string "users" or "groups & "include" or "exclude" plus a string slice of Okta group or user IDs

type MfaRuleActions added in v1.0.1 

type MfaRuleActions struct {
	Enroll *Enroll `json:"enroll,omitempty"`
}

MfaRuleActions represents actions that can be performed against an MFA Policy Rule

type Network 

type Network struct {
	Connection string   `json:"connection,omitempty"`
	Include    []string `json:"include,omitempty"`
	Exclude    []string `json:"exclude,omitempty"`
}

policy & rule conditions network obj when creating an obj, Include & Exclude are exclusive TODO: Include & Exclude not supported as only needed when Connection is "ZONE". zone requires the zone api (not implemented atm)

type NewUser 

type NewUser struct {
	Profile     userProfile  `json:"profile"`
	Credentials *credentials `json:"credentials,omitempty"`
}

NewUser object to create user objects in OKTA

func (*NewUser) SetPassword 

func (u *NewUser) SetPassword(passwordIn string)

SetPassword Adds a specified password to the new User

func (*NewUser) SetRecoveryQuestion 

func (u *NewUser) SetRecoveryQuestion(questionIn string, answerIn string)

SetRecoveryQuestion - Sets a custom security question and answer on a user object

type OneOf 

type OneOf struct {
	Const string `json:"const"`
	Title string `json:"title"`
}

OneOf obj for User Profiles Custom SubSchema

type OrgService added in v1.0.1 

type OrgService service

OrgService allows you to perform actions against resources at the organization level.

func (*OrgService) ActivateFactor added in v1.0.1 

func (s *OrgService) ActivateFactor(id string) (*Factor, *Response, error)

ActivateFactor ability to activate factor provider for an organization. For valid providers IDs see API docs https://developer.okta.com/docs/api/resources/factor_admin.

func (*OrgService) DeactivateFactor added in v1.0.1 

func (s *OrgService) DeactivateFactor(id string) (*Factor, *Response, error)

DeactivateFactor ability to deactivate factor provider for an organization. For valid provider IDs see API docs https://developer.okta.com/docs/api/resources/factor_admin.

func (*OrgService) ListFactors added in v1.0.1 

func (s *OrgService) ListFactors() ([]*Factor, *Response, error)

ListFactors lists information around factors for organization.

type Password 

type Password struct {
	Complexity struct {
		MinLength *int `json:"minLength,omitempty"`
		// omitempty considers zero values on primitives empty. Thus if you have a value like one of these where the
		// default is 1 but 0 is valid, you would never be able to set them to 0 because it would omit them and the
		// API would default them. Same goes for other primitives.
		MinLowerCase      *int     `json:"minLowerCase"`
		MinUpperCase      *int     `json:"minUpperCase"`
		MinNumber         *int     `json:"minNumber"`
		MinSymbol         *int     `json:"minSymbol"`
		ExcludeUsername   bool     `json:"excludeUsername"`
		ExcludeAttributes []string `json:"excludeAttributes,omitempty"`
		Dictionary        struct {
			Common struct {
				Exclude bool `json:"exclude"`
			} `json:"common,omitempty"`
		} `json:"dictionary,omitempty"`
	} `json:"complexity,omitempty"`
	Age struct {
		MaxAgeDays     *int `json:"maxAgeDays,omitempty"`
		ExpireWarnDays *int `json:"expireWarnDays,omitempty"`
		MinAgeMinutes  *int `json:"minAgeMinutes,omitempty"`
		HistoryCount   *int `json:"historyCount,omitempty"`
	} `json:"age,omitempty"`
	Lockout struct {
		MaxAttempts                     *int     `json:"maxAttempts,omitempty"`
		AutoUnlockMinutes               *int     `json:"autoUnlockMinutes,omitempty"`
		ShowLockoutFailures             bool     `json:"showLockoutFailures,omitempty"`
		UserLockoutNotificationChannels []string `json:"UserLockoutNotificationChannels,omitempty"`
	} `json:"lockout,omitempty"`
}

Password policy settings password obj

type PasswordAction 

type PasswordAction struct {
	Access string `json:"access,omitempty"`
}

rule actions for passwords use the same passwordAction obj

type PasswordRule 

type PasswordRule struct {
	Type       string            `json:"type,omitempty"`
	Status     string            `json:"status,omitempty"`
	Name       string            `json:"name,omitempty"`
	Priority   int               `json:"priority,omitempty"`
	Conditions *PolicyConditions `json:"conditions,omitempty"`
	Actions    struct {
		PasswordChange           PasswordAction `json:"passwordChange,omitempty"`
		SelfServicePasswordReset PasswordAction `json:"selfServicePasswordReset,omitempty"`
		SelfServiceUnlock        PasswordAction `json:"selfServiceUnlock,omitempty"`
	} `json:"actions,omitempty"`
}

PasswordRule represents the Rule Object from the OKTA API used to create or update a password rule

type People 

type People struct {
	*Groups `json:"groups,omitempty"`
	*Users  `json:"users,omitempty"`
}

policy & rule conditions people obj when creating an obj, Groups & Users are exclusive

type Permissions 

type Permissions struct {
	Principal string `json:"principal"`
	Action    string `json:"action"`
}

Permissions obj for User Profiles SubSchemas

type PoliciesService 

type PoliciesService service

PoliciesService handles communication with the Policy data related methods of the OKTA API.

func (*PoliciesService) ActivatePolicy 

func (p *PoliciesService) ActivatePolicy(id string) (*Response, error)

ActivatePolicy: Activate a policy Requires Policy ID from Policy object

func (*PoliciesService) ActivatePolicyRule 

func (p *PoliciesService) ActivatePolicyRule(policyId string, ruleId string) (*Response, error)

ActivatePolicyRule: Activate a policy rule Requires Policy ID from Policy object and Rule ID from Rule object

func (*PoliciesService) CreatePolicy 

func (p *PoliciesService) CreatePolicy(policy interface{}) (*Policy, *Response, error)

CreatePolicy: Create a policy You must pass in the Policy object created from the desired input policy

func (*PoliciesService) CreatePolicyRule 

func (p *PoliciesService) CreatePolicyRule(id string, rule interface{}) (*Rule, *Response, error)

CreatePolicyRule: Create a policy rule Requires Policy ID from Policy object You must pass in the Rule object created from the desired input rule

func (*PoliciesService) DeactivatePolicy 

func (p *PoliciesService) DeactivatePolicy(id string) (*Response, error)

DeactivatePolicy: Deactivate a policy Requires Policy ID from Policy object

func (*PoliciesService) DeactivatePolicyRule 

func (p *PoliciesService) DeactivatePolicyRule(policyId string, ruleId string) (*Response, error)

DeactivatePolicyRule: Deactivate a policy rule Requires Policy ID from Policy object and Rule ID from Rule object

func (*PoliciesService) DeletePolicy 

func (p *PoliciesService) DeletePolicy(id string) (*Response, error)

DeletePolicy: Delete a policy Requires Policy ID from Policy object

func (*PoliciesService) DeletePolicyRule 

func (p *PoliciesService) DeletePolicyRule(policyId string, ruleId string) (*Response, error)

DeletePolicyRule: Delete a rule Requires Policy ID from Policy object and Rule ID from Rule object

func (*PoliciesService) GetPoliciesByType 

func (p *PoliciesService) GetPoliciesByType(policyType string) (*PolicyCollection, *Response, error)

GetPoliciesByType: Get all policies by type Allowed types are OKTA_SIGN_ON, PASSWORD, MFA_ENROLL, or OAUTH_AUTHORIZATION_POLICY

func (*PoliciesService) GetPolicy 

func (p *PoliciesService) GetPolicy(id string) (*Policy, *Response, error)

GetPolicy: Get a policy Requires Policy ID from Policy object

func (*PoliciesService) GetPolicyRule 

func (p *PoliciesService) GetPolicyRule(policyId string, ruleId string) (*Rule, *Response, error)

GetPolicyRule: Get a policy rule Requires Policy ID from Policy object and Rule ID from Rule object

func (*PoliciesService) GetPolicyRules 

func (p *PoliciesService) GetPolicyRules(id string) (*rules, *Response, error)

GetPolicyRules: Get policy rules Requires Policy ID from Policy object

func (*PoliciesService) MfaPolicy 

func (p *PoliciesService) MfaPolicy() Policy

Return the MfaPolicy object. Used to create & update the mfa policy

func (*PoliciesService) MfaRule 

func (p *PoliciesService) MfaRule() MfaRule

Return the MfaRule object. Used to create & update the mfa rule

func (*PoliciesService) PasswordPolicy 

func (p *PoliciesService) PasswordPolicy() Policy

Return the PasswordPolicy object. Used to create & update the password policy

func (*PoliciesService) PasswordRule 

func (p *PoliciesService) PasswordRule() PasswordRule

Return the PasswordRule object. Used to create & update the password rule

func (*PoliciesService) SignOnPolicy 

func (p *PoliciesService) SignOnPolicy() Policy

Return the SignOnPolicy object. Used to create & update the signon policy

func (*PoliciesService) SignOnRule 

func (p *PoliciesService) SignOnRule() SignOnRule

Return the SignOnRule object. Used to create & update the signon rule

func (*PoliciesService) UpdatePolicy 

func (p *PoliciesService) UpdatePolicy(id string, policy interface{}) (*Policy, *Response, error)

UpdatePolicy: Update a policy Requires Policy ID from Policy object & Policy object from the desired input policy

func (*PoliciesService) UpdatePolicyRule 

func (p *PoliciesService) UpdatePolicyRule(policyId string, ruleId string, rule interface{}) (*Rule, *Response, error)

UpdatePolicyRule: Update a policy rule Requires Policy ID from Policy object and Rule ID from Rule object You must pass in the Rule object from the desited input rule

type Policy 

type Policy struct {
	ID          string            `json:"id,omitempty"`
	Type        string            `json:"type,omitempty"`
	Name        string            `json:"name,omitempty"`
	System      bool              `json:"system,omitempty"`
	Description string            `json:"description,omitempty"`
	Priority    int               `json:"priority,omitempty"`
	Status      string            `json:"status,omitempty"`
	Created     time.Time         `json:"created,omitempty"`
	LastUpdated time.Time         `json:"lastUpdated,omitempty"`
	Conditions  *PolicyConditions `json:"conditions,omitempty"`
	Settings    *PolicySettings   `json:"settings,omitempty"`
	Links       *PolicyLinks      `json:"_links,omitempty"`
}

Policy represents the complete Policy Object from the OKTA API used to return policy data from a GET request

type PolicyCollection added in v1.0.1 

type PolicyCollection struct {
	Policies []Policy `json:"-,omitempty"`
}

a slice of Policy objs used by GetPoliciesByType

type PolicyConditions added in v1.0.1 

type PolicyConditions struct {
	People       *People       `json:"people,omitempty"`
	AuthContext  *AuthContext  `json:"authContext,omitempty"`
	Network      *Network      `json:"network,omitempty"`
	AuthProvider *AuthProvider `json:"authProvider,omitempty"`
}

type PolicyGroups added in v1.0.1 

type PolicyGroups struct {
	Include []string `json:"include,omitempty"`
}
type PolicyLinks struct {
	Self struct {
		Href  string `json:"href,omitempty"`
		Hints struct {
			Allow []string `json:"allow,omitempty"`
		} `json:"hints,omitempty"`
	} `json:"self,omitempty"`
	Activate struct {
		Href  string `json:"href,omitempty"`
		Hints struct {
			Allow []string `json:"allow,omitempty"`
		} `json:"hints,omitempty"`
	} `json:"activate",omitempty`
	Deactivate struct {
		Href  string `json:"href,omitempty"`
		Hints struct {
			Allow []string `json:"allow,omitempty"`
		} `json:"hints,omitempty"`
	} `json:"deactivate,omitempty"`
	Rules struct {
		Href  string `json:"href,omitempty"`
		Hints struct {
			Allow []string `json:"allow,omitempty"`
		} `json:"hints,omitempty"`
	} `json:"rules,omitempty"`
}

Policy & Rule obj use the same links obj

type PolicySettings added in v1.0.1 

type PolicySettings struct {
	Factors    *Factors    `json:"factors,omitempty"`
	Password   *Password   `json:"password,omitempty"`
	Recovery   *Recovery   `json:"recovery,omitempty"`
	Delegation *Delegation `json:"delegation,omitempty"`
}

type Protocol added in v1.0.1 

type Protocol struct {
	Type        string       `json:"type,omitempty"`
	Endpoints   *Endpoints   `json:"endpoints,omitempty"`
	Scopes      []string     `json:"scopes,omitempty"`
	Credentials *Credentials `json:"credentials,omitempty"`
}

type Provisioning added in v1.0.1 

type Provisioning struct {
	Action        string      `json:"action,omitempty"`
	ProfileMaster bool        `json:"profileMaster,omitempty"`
	Groups        *IdpGroups  `json:"groups,omitempty"`
	Conditions    *Conditions `json:"conditions,omitempty"`
}

type Rate 

type Rate struct {
	// The number of requests per minute the client is currently limited to.
	RatePerMinuteLimit int

	// The number of remaining requests the client can make this minute
	Remaining int

	// The time at which the current rate limit will reset.
	ResetTime time.Time
}

Rate represents the rate limit for the current client.

type RateLimitError 

type RateLimitError struct {
	Rate        Rate // Rate specifies last known rate limit for the client
	ErrorDetail apiError
	Response    *http.Response //
}

RateLimitError occurs when OKTA returns 429 "Too Many Requests" response with a rate limit remaining value of 0, and error message starts with "API rate limit exceeded for ".

func (*RateLimitError) Error 

func (r *RateLimitError) Error() string

type Recovery 

type Recovery struct {
	Factors struct {
		RecoveryQuestion struct {
			Status     string `json:"status,omitempty"`
			Properties struct {
				Complexity struct {
					MinLength *int `json:"minLength,omitempty"`
				} `json:"complexity,omitempty"`
			} `json:"properties,omitempty"`
		} `json:"recovery_question,omitempty"`
		OktaEmail struct {
			Status     string `json:"status,omitempty"`
			Properties struct {
				RecoveryToken struct {
					TokenLifetimeMinutes int `json:"tokenLifetimeMinutes,omitempty"`
				} `json:"recoveryToken,omitempty"`
			} `json:"properties,omitempty"`
		} `json:"okta_email,omitempty"`
		OktaSms struct {
			Status string `json:"status,omitempty"`
		} `json:"okta_sms,omitempty"`
	} `json:"factors,omitempty"`
}

Password policy settings recover obj

type Response 

type Response struct {
	*http.Response

	NextURL *url.URL
	// PrevURL       *url.URL
	SelfURL       *url.URL
	OKTARequestID string
	Rate
}

Response is a OKTA API response. This wraps the standard http.Response returned from OKTA and provides convenient access to things like pagination links.

type Rule 

type Rule struct {
	ID          string            `json:"id,omitempty"`
	Type        string            `json:"type,omitempty"`
	Status      string            `json:"status,omitempty"`
	Priority    int               `json:"priority,omitempty"`
	Name        string            `json:"name,omitempty"`
	System      bool              `json:"system,omitempty"`
	Created     time.Time         `json:"created,omitempty"`
	LastUpdated time.Time         `json:"lastUpdated,omitempty"`
	Conditions  *PolicyConditions `json:"conditions,omitempty"`
	Actions     struct {
		SignOn                   `json:"signon,omitempty"`
		Enroll                   `json:"enroll,omitempty"`
		PasswordChange           PasswordAction `json:"passwordChange,omitempty"`
		SelfServicePasswordReset PasswordAction `json:"selfServicePasswordReset,omitempty"`
		SelfServiceUnlock        PasswordAction `json:"selfServiceUnlock,omitempty"`
	} `json:"actions,omitempty"`
	Links *PolicyLinks `json:"_links,omitempty"`
}

Rule represents the complete Rule Object from the OKTA API used to return rule data from a GET request

type Schema 

type Schema struct {
	ID          string    `json:"id"`
	Schema      string    `json:"$schema"`
	Name        string    `json:"name"`
	Title       string    `json:"title"`
	Created     time.Time `json:"created"`
	LastUpdated time.Time `json:"lastUpdated"`
	Definitions struct {
		Base struct {
			ID         string          `json:"id"`
			Type       string          `json:"type"`
			Properties []BaseSubSchema `json:"properties"`
			Required   []string        `json:"required"`
		}
		Custom struct {
			ID         string            `json:"id"`
			Type       string            `json:"type"`
			Properties []CustomSubSchema `json:"properties"`
			Required   []string          `json:"required"`
		} `json:"custom"`
	} `json:"definitions"`
	Type string `json:"type"`
}

User Profiles Schema obj

type SchemasService 

type SchemasService service

SchemasService handles communication with the Schema data related methods of the OKTA API.

func (*SchemasService) BaseSubSchema 

func (p *SchemasService) BaseSubSchema() BaseSubSchema

Return the BaseSubSchema object. Used to update the Base User SubSchema

func (*SchemasService) CustomSubSchema 

func (p *SchemasService) CustomSubSchema() CustomSubSchema

Return the CustomSubSchema object. Used to create & update Custom User SubSchema

func (*SchemasService) DeleteUserCustomSubSchema 

func (s *SchemasService) DeleteUserCustomSubSchema(index string) (*Schema, *Response, error)

DeleteUserCustomSubSchema deletes a Custom SubSchema input is a string of the custom subschema index key

func (*SchemasService) GetRawUserSchema 

func (s *SchemasService) GetRawUserSchema() (map[string]interface{}, *Response, error)

GetRawUserSchema returns the User Profile Schema as a map[string]interface{}

func (*SchemasService) GetUserBaseSubSchema 

func (s *SchemasService) GetUserBaseSubSchema(index string, obj map[string]interface{}) (*BaseSubSchema, error)

GetUserBaseSubSchema returns the User Base Profile SubSchema as a BaseSubSchema struct inputs are a string index key for the SubSchema & a map[string]interface{} for the User Profile SubSchema, such as from GetUserSubSchemaPropMap()

func (*SchemasService) GetUserCustomSubSchema 

func (s *SchemasService) GetUserCustomSubSchema(index string, obj map[string]interface{}) (*CustomSubSchema, error)

GetUserCustomSubSchema returns the User Custom Profile SubSchema as a CustomSubSchema struct inputs are a string index key for the SubSchema & a map[string]interface{} for the User Profile SubSchema, such as from GetUserSubSchemaPropMap()

func (*SchemasService) GetUserSchema 

func (s *SchemasService) GetUserSchema() (*Schema, *Response, error)

GetUserSchema returns the User Profile Schema as a Schema struct

func (*SchemasService) GetUserSubSchemaIndex 

func (s *SchemasService) GetUserSubSchemaIndex(scope string) ([]string, *Response, error)

GetUserSubSchemaIndex returns an array of User Profile SubSchema index keys input is a string subschema scope "base" or "custom"

func (*SchemasService) GetUserSubSchemaPropMap 

func (s *SchemasService) GetUserSubSchemaPropMap(scope string, index string) (map[string]interface{}, *Response, error)

GetUserSubSchemaPropMap returns the User Profile SubSchema as a map[string]interface{} inputs are a string subschema scope "base" or "custom" & the index key for the User Profile SubSchema

func (*SchemasService) OneOf 

func (p *SchemasService) OneOf() OneOf

Return the OneOf object. Used to create & update Custom User SubSchema OneOf

func (*SchemasService) Permissions 

func (p *SchemasService) Permissions() Permissions

Return the Permissions object. Used to create & update User SubSchemas Permissions

func (*SchemasService) UpdateUserBaseSubSchema 

func (s *SchemasService) UpdateUserBaseSubSchema(update BaseSubSchema) (*Schema, *Response, error)

UpdateUserBaseSubSchema Updates a Base SubSchema can only update subschema permissions & the nullability of the firstName and lastName subschemas input is a BaseSubSchema struct

func (*SchemasService) UpdateUserCustomSubSchema 

func (s *SchemasService) UpdateUserCustomSubSchema(update CustomSubSchema) (*Schema, *Response, error)

UpdateUserCustomSubSchema Adds or Updates a Custom SubSchema input is a CustomSubSchema struct

type SignOn 

type SignOn struct {
	Access                  string `json:"access,omitempty"`
	RequireFactor           bool   `json:"requireFactor,omitempty"`
	FactorPromptMode        string `json:"factorPromptMode,omitempty"`
	RememberDeviceByDefault bool   `json:"rememberDeviceByDefault,omitempty"`
	FactorLifetime          int    `json:"factorLifetime,omitempty"`
	Session                 struct {
		MaxSessionIdleMinutes     int  `json:"maxSessionIdleMinutes,omitempty"`
		MaxSessionLifetimeMinutes int  `json:"maxSessionLifetimeMinutes,omitempty"`
		UsePersistentCookie       bool `json:"usePersistentCookie"` // field must have a value
	} `json:"session,omitempty"`
}

signon rule actions signon obj

type SignOnRule 

type SignOnRule struct {
	Type       string            `json:"type,omitempty"`
	Status     string            `json:"status,omitempty"`
	Name       string            `json:"name,omitempty"`
	Priority   int               `json:"priority,omitempty"`
	Conditions *PolicyConditions `json:"conditions,omitempty"`
	Actions    struct {
		SignOn `json:"signon,omitempty"`
	} `json:"actions,omitempty"`
}

SignOnRule represents the Rule Object from the OKTA API used to create or update a signon rule

type Subject added in v1.0.1 

type Subject struct {
	UserNameTemplate *UserNameTemplate `json:"userNameTemplate,omitempty"`
	Filter           string            `json:"filter,omitempty"`
	MatchType        string            `json:"matchType,omitempty"`
}

type Suspended added in v1.0.1 

type Suspended struct {
	Action string `json:"action,omitempty"`
}

type Token added in v1.0.1 

type Token struct {
	Url     string `json:"url,omitempty"`
	Binding string `json:"binding,omitempty"`
}

type TrustedOrigin added in v1.0.1 

type TrustedOrigin struct {
	ID            string              `json:"id,omitempty"`
	Status        string              `json:"status,omitempty"`
	Name          string              `json:"name,omitempty"`
	Origin        string              `json:"origin,omitempty"`
	Scopes        []map[string]string `json:"scopes,omitempty"`
	Created       *time.Time          `json:"created,omitempty"`
	CreatedBy     string              `json:"createdBy,omitempty"`
	LastUpdated   *time.Time          `json:"lastUpdated,omitempty"`
	LastUpdatedBy string              `json:"lastUpdated,omitempty"`
	Links         *TrustedOriginLinks `json:"_links,omitempty"`
}

type TrustedOriginDeactive added in v1.0.1 

type TrustedOriginDeactive struct {
	Href  string              `json:"href,omitempty"`
	Hints *TrustedOriginHints `json:"hints,omitempty"`
}

type TrustedOriginHints added in v1.0.1 

type TrustedOriginHints struct {
	Allow []string `json:"allow,omitempty"`
}
type TrustedOriginLinks struct {
	Self       *TrustedOriginSelf     `json:"self,omitempty"`
	Deactivate *TrustedOriginDeactive `json:"deactive,omitempty"`
}

type TrustedOriginSelf added in v1.0.1 

type TrustedOriginSelf struct {
	Href  string              `json:"href,omitempty"`
	Hints *TrustedOriginHints `json:"hints,omitempty"`
}

type TrustedOriginsService added in v1.0.1 

type TrustedOriginsService service

func (*TrustedOriginsService) ActivateTrustedOrigin added in v1.0.1 

func (p *TrustedOriginsService) ActivateTrustedOrigin(id string, activate bool) (*Response, error)

ActivateTrustedOrigin: Activate/Deactivate a Trusted Origin Requires TrustedOrigin ID from TrustedOrigin object and a boolean to activate or deactivate

func (*TrustedOriginsService) CreateTrustedOrigin added in v1.0.1 

func (p *TrustedOriginsService) CreateTrustedOrigin(trustedOrigin interface{}) (*TrustedOrigin, *Response, error)

CreateTrustedOrigin: Create a Trusted Origin You must pass in the Trusted Origin object created from the desired input trustedOrigin

func (*TrustedOriginsService) DeleteTrustedOrigin added in v1.0.1 

func (p *TrustedOriginsService) DeleteTrustedOrigin(id string) (*Response, error)

DeleteTrustedOrigin: Delete a Trusted Origin Requires TrustedOrigin ID from TrustedOrigin object

func (*TrustedOriginsService) GetTrustedOrigin added in v1.0.1 

func (p *TrustedOriginsService) GetTrustedOrigin(id string) (*TrustedOrigin, *Response, error)

GetTrustedOrigin: Get a Trusted Origin entry Requires TrustedOrigins ID from TrustedOrigins object

func (*TrustedOriginsService) ListTrustedOrigins added in v1.0.1 

func (p *TrustedOriginsService) ListTrustedOrigins() (*Response, error)

ListTrustedOrigins: Lists all Trusted Origins from an Okta Account

func (*TrustedOriginsService) TrustedOrigin added in v1.0.1 

func (p *TrustedOriginsService) TrustedOrigin() TrustedOrigin

func (*TrustedOriginsService) UpdateTrustedOrigin added in v1.0.1 

func (p *TrustedOriginsService) UpdateTrustedOrigin(id string, trustedOrigin interface{}) (*TrustedOrigin, *Response, error)

UpdateTrustedOrigin: Update a Trusted Origin Requires TrustedOrigin ID from TrustedOrigin object & TrustedOrigin object from the desired input policy

type User 

type User struct {
	Activated       string          `json:"activated,omitempty"`
	Created         string          `json:"created,omitempty"`
	Credentials     credentials     `json:"credentials,omitempty"`
	ID              string          `json:"id,omitempty"`
	LastLogin       string          `json:"lastLogin,omitempty"`
	LastUpdated     string          `json:"lastUpdated,omitempty"`
	PasswordChanged string          `json:"passwordChanged,omitempty"`
	Profile         userProfile     `json:"profile"`
	Status          string          `json:"status,omitempty"`
	StatusChanged   string          `json:"statusChanged,omitempty"`
	Links           userLinks       `json:"_links,omitempty"`
	MFAFactors      []userMFAFactor `json:"-,omitempty"`
	Groups          []Group         `json:"-,omitempty"`
}

User is a struct that represents a user object from OKTA.

func (User) String 

func (u User) String() string

type UserListFilterOptions 

type UserListFilterOptions struct {
	Limit         int    `url:"limit,omitempty"`
	EmailEqualTo  string `url:"-"`
	LoginEqualTo  string `url:"-"`
	StatusEqualTo string `url:"-"`
	IDEqualTo     string `url:"-"`

	FirstNameEqualTo string `url:"-"`
	LastNameEqualTo  string `url:"-"`

	// This will be built by internal - may not need to export
	FilterString  string     `url:"filter,omitempty"`
	NextURL       *url.URL   `url:"-"`
	GetAllPages   bool       `url:"-"`
	NumberOfPages int        `url:"-"`
	LastUpdated   dateFilter `url:"-"`
}

UserListFilterOptions is a struct that you can populate which will "filter" user searches the exported struct fields should allow you to do different filters based on what is allowed in the OKTA API. 

The filter OKTA API is limited in the fields it can search
NOTE: In the current form you can't add parenthesis and ordering

OKTA API Supports only a limited number of properties: status, lastUpdated, id, profile.login, profile.email, profile.firstName, and profile.lastName. http://developer.okta.com/docs/api/resources/users.html#list-users-with-a-filter

type UserNameTemplate added in v1.0.1 

type UserNameTemplate struct {
	Template string `json:"template,omitempty"`
}

type Users 

type Users struct {
	Include []string `json:"include,omitempty"`
	Exclude []string `json:"exclude,omitempty"`
}

policy & rule conditions people users obj when creating an obj, Include & Exclude are exclusive

type UsersService 

type UsersService service

UsersService handles communication with the User data related methods of the OKTA API.

func (*UsersService) Activate 

func (s *UsersService) Activate(id string, sendEmail bool) (*activationResponse, *Response, error)

Activate Activates a user. You can have OKTA send an email by including a "sendEmail=true" If you pass in sendEmail=false, then activationResponse.ActivationURL will have a string URL that can be sent to the end user. You can discard response if sendEmail=true

func (*UsersService) AssignRole 

func (s *UsersService) AssignRole(id string, role string) (*Response, error)

Assign Role to User. id must be User.ID

func (*UsersService) Create 

func (s *UsersService) Create(userIn NewUser, createAsActive bool) (*User, *Response, error)

Create - Creates a new user. You must pass in a "newUser" object created from Users.NewUser() There are many differnt reasons that OKTA may reject the request so you have to check the error messages

func (*UsersService) Deactivate 

func (s *UsersService) Deactivate(id string) (*Response, error)

Deactivate - Deactivates a user

func (*UsersService) Delete 

func (s *UsersService) Delete(id string) (*Response, error)

Delete - Delete a user. Does not check for user status DEPROVISIONED.

func (*UsersService) GetByID 

func (s *UsersService) GetByID(id string) (*User, *Response, error)

GetByID returns a user object for a specific OKTA ID. Generally the id input string is the cryptic OKTA key value from User.ID. However, the OKTA API may accept other values like "me", or login shortname

func (*UsersService) ListRoles 

func (s *UsersService) ListRoles(id string) (*userRoles, *Response, error)

List User Roles. id must be User.ID will return a struct containing a slice for each role assigned to the user if the user has no roles, return nil

func (*UsersService) ListWithFilter 

func (s *UsersService) ListWithFilter(opt *UserListFilterOptions) ([]User, *Response, error)

ListWithFilter will use the input UserListFilterOptions to find users and return a paged result set

func (*UsersService) NewUser 

func (s *UsersService) NewUser() NewUser

NewUser - Returns a new user object. This is used to create users in OKTA. It only has the properties that OKTA will take as input. The "User" object has more feilds that are OKTA returned like the ID, etc

func (*UsersService) PopulateEnrolledFactors 

func (s *UsersService) PopulateEnrolledFactors(user *User) (*Response, error)

PopulateEnrolledFactors will populate the Enrolled MFA Factors a user is a member of. You pass in a pointer to an existing users http://developer.okta.com/docs/api/resources/factors.html#list-enrolled-factors

func (*UsersService) PopulateGroups 

func (s *UsersService) PopulateGroups(user *User) (*Response, error)

PopulateGroups will populate the groups a user is a member of. You pass in a pointer to an existing users

func (*UsersService) PopulateMFAFactors 

func (s *UsersService) PopulateMFAFactors(user *User) (*Response, error)

PopulateMFAFactors will populate the MFA Factors a user is a member of. You pass in a pointer to an existing users

func (*UsersService) ResetPassword 

func (s *UsersService) ResetPassword(id string, sendEmail bool) (*resetPasswordResponse, *Response, error)

ResetPassword - Generates a one-time token (OTT) that can be used to reset a user’s password. The OTT link can be automatically emailed to the user or returned to the API caller and distributed using a custom flow. http://developer.okta.com/docs/api/resources/users.html#reset-password If you pass in sendEmail=false, then resetPasswordResponse.resetPasswordUrl will have a string URL that can be sent to the end user. You can discard response if sendEmail=true

func (*UsersService) SetPassword 

func (s *UsersService) SetPassword(id string, newPassword string) (*User, *Response, error)

SetPassword - Sets a user password to an Admin provided String

func (*UsersService) Suspend 

func (s *UsersService) Suspend(id string) (*Response, error)

Suspend - Suspends a user - If user is NOT active an Error will come back based on OKTA API: http://developer.okta.com/docs/api/resources/users.html#suspend-user

func (*UsersService) UnAssignRole 

func (s *UsersService) UnAssignRole(id string, role string) (*Response, error)

Unassign Role from User. id must be User.ID, role must be []userRole.ID from ListRoles

func (*UsersService) Unlock 

func (s *UsersService) Unlock(id string) (*Response, error)

Unlock - Unlocks a user - Per docs, only for OKTA Mastered Account http://developer.okta.com/docs/api/resources/users.html#unlock-user

func (*UsersService) Unsuspend 

func (s *UsersService) Unsuspend(id string) (*Response, error)

Unsuspend - Unsuspends a user - If user is NOT SUSPENDED, an Error will come back based on OKTA API: http://developer.okta.com/docs/api/resources/users.html#unsuspend-user

func (*UsersService) Update 

func (s *UsersService) Update(userIn NewUser, id string) (*User, *Response, error)

Update - Update an existing user. We use the same "newUser" object as we do to create a user since the update api endpopint requires the same data structure (profile & credentials) in its body. The request uses POST and not PUT because POST supports partial updates.

func (*UsersService) UserListFilterOptions 

func (s *UsersService) UserListFilterOptions() UserListFilterOptions

UserListFilterOptions - Returns the filter options object. This is used by ListWithFilter to search for users in OKTA

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.