Documentation ¶
Index ¶
- Constants
- func CheckResponse(c *Client, r *http.Response) error
- type AccountLink
- type App
- type AppFilterOptions
- type AppUser
- type AppsService
- type AuthContext
- type AuthProvider
- type Authorization
- type Authorize
- type BaseSubSchema
- type Client
- func NewClient(httpClient *http.Client, orgName string, apiToken string, isProduction bool) *Client
- func NewClientWithBaseURL(httpClient *http.Client, baseURL *url.URL, apiToken string) *Client
- func NewClientWithDomain(httpClient *http.Client, orgName string, domain string, apiToken string) (*Client, error)
- type ClientRedirectUri
- type Conditions
- type Consent
- type Credentials
- type CustomSubSchema
- type Delegation
- type Deprovisioned
- type Endpoints
- type Enroll
- type Factor
- type FactorProvider
- type Factors
- type Group
- type GroupFilterOptions
- type GroupLinks
- type GroupProfile
- type GroupUserFilterOptions
- type Groups
- type GroupsService
- func (g *GroupsService) Add(groupName string, groupDescription string) (*Group, *Response, error)
- func (g *GroupsService) Delete(groupID string) (*Response, error)
- func (g *GroupsService) GetByID(groupID string) (*Group, *Response, error)
- func (g *GroupsService) GetUsers(groupID string, opt *GroupUserFilterOptions) (users []User, resp *Response, err error)
- func (s *GroupsService) ListGroups(filter string) (*groups, *Response, error)
- func (g *GroupsService) ListWithFilter(opt *GroupFilterOptions) ([]Group, *Response, error)
- func (p *GroupsService) Update(id string, group interface{}) (*Group, *Response, error)
- type Hints
- type IdentityProvider
- type IdentityProvidersService
- func (p *IdentityProvidersService) CreateIdentityProvider(idp interface{}) (*IdentityProvider, *Response, error)
- func (p *IdentityProvidersService) DeleteIdentityProvider(id string) (*Response, error)
- func (p *IdentityProvidersService) GetIdentityProvider(id string) (*IdentityProvider, *Response, error)
- func (p *IdentityProvidersService) IdentityProvider() IdentityProvider
- func (p *IdentityProvidersService) UpdateIdentityProvider(id string, idp interface{}) (*IdentityProvider, *Response, error)
- type IdpClient
- type IdpGroups
- type IdpLinks
- type IdpPolicy
- type Master
- type MfaRule
- type MfaRuleActions
- type Network
- type NewUser
- type OneOf
- type OrgService
- type Password
- type PasswordAction
- type PasswordRule
- type People
- type Permissions
- type PoliciesService
- func (p *PoliciesService) ActivatePolicy(id string) (*Response, error)
- func (p *PoliciesService) ActivatePolicyRule(policyId string, ruleId string) (*Response, error)
- func (p *PoliciesService) CreatePolicy(policy interface{}) (*Policy, *Response, error)
- func (p *PoliciesService) CreatePolicyRule(id string, rule interface{}) (*Rule, *Response, error)
- func (p *PoliciesService) DeactivatePolicy(id string) (*Response, error)
- func (p *PoliciesService) DeactivatePolicyRule(policyId string, ruleId string) (*Response, error)
- func (p *PoliciesService) DeletePolicy(id string) (*Response, error)
- func (p *PoliciesService) DeletePolicyRule(policyId string, ruleId string) (*Response, error)
- func (p *PoliciesService) GetPoliciesByType(policyType string) (*PolicyCollection, *Response, error)
- func (p *PoliciesService) GetPolicy(id string) (*Policy, *Response, error)
- func (p *PoliciesService) GetPolicyRule(policyId string, ruleId string) (*Rule, *Response, error)
- func (p *PoliciesService) GetPolicyRules(id string) (*rules, *Response, error)
- func (p *PoliciesService) MfaPolicy() Policy
- func (p *PoliciesService) MfaRule() MfaRule
- func (p *PoliciesService) PasswordPolicy() Policy
- func (p *PoliciesService) PasswordRule() PasswordRule
- func (p *PoliciesService) SignOnPolicy() Policy
- func (p *PoliciesService) SignOnRule() SignOnRule
- func (p *PoliciesService) UpdatePolicy(id string, policy interface{}) (*Policy, *Response, error)
- func (p *PoliciesService) UpdatePolicyRule(policyId string, ruleId string, rule interface{}) (*Rule, *Response, error)
- type Policy
- type PolicyCollection
- type PolicyConditions
- type PolicyGroups
- type PolicyLinks
- type PolicySettings
- type Protocol
- type Provisioning
- type Rate
- type RateLimitError
- type Recovery
- type Response
- type Rule
- type Schema
- type SchemasService
- func (p *SchemasService) BaseSubSchema() BaseSubSchema
- func (p *SchemasService) CustomSubSchema() CustomSubSchema
- func (s *SchemasService) DeleteUserCustomSubSchema(index string) (*Schema, *Response, error)
- func (s *SchemasService) GetRawUserSchema() (map[string]interface{}, *Response, error)
- func (s *SchemasService) GetUserBaseSubSchema(index string, obj map[string]interface{}) (*BaseSubSchema, error)
- func (s *SchemasService) GetUserCustomSubSchema(index string, obj map[string]interface{}) (*CustomSubSchema, error)
- func (s *SchemasService) GetUserSchema() (*Schema, *Response, error)
- func (s *SchemasService) GetUserSubSchemaIndex(scope string) ([]string, *Response, error)
- func (s *SchemasService) GetUserSubSchemaPropMap(scope string, index string) (map[string]interface{}, *Response, error)
- func (p *SchemasService) OneOf() OneOf
- func (p *SchemasService) Permissions() Permissions
- func (s *SchemasService) UpdateUserBaseSubSchema(update BaseSubSchema) (*Schema, *Response, error)
- func (s *SchemasService) UpdateUserCustomSubSchema(update CustomSubSchema) (*Schema, *Response, error)
- type SignOn
- type SignOnRule
- type Subject
- type Suspended
- type Token
- type TrustedOrigin
- type TrustedOriginDeactive
- type TrustedOriginHints
- type TrustedOriginLinks
- type TrustedOriginSelf
- type TrustedOriginsService
- func (p *TrustedOriginsService) ActivateTrustedOrigin(id string, activate bool) (*Response, error)
- func (p *TrustedOriginsService) CreateTrustedOrigin(trustedOrigin interface{}) (*TrustedOrigin, *Response, error)
- func (p *TrustedOriginsService) DeleteTrustedOrigin(id string) (*Response, error)
- func (p *TrustedOriginsService) GetTrustedOrigin(id string) (*TrustedOrigin, *Response, error)
- func (p *TrustedOriginsService) ListTrustedOrigins() (*Response, error)
- func (p *TrustedOriginsService) TrustedOrigin() TrustedOrigin
- func (p *TrustedOriginsService) UpdateTrustedOrigin(id string, trustedOrigin interface{}) (*TrustedOrigin, *Response, error)
- type User
- type UserListFilterOptions
- type UserNameTemplate
- type Users
- type UsersService
- func (s *UsersService) Activate(id string, sendEmail bool) (*activationResponse, *Response, error)
- func (s *UsersService) AssignRole(id string, role string) (*Response, error)
- func (s *UsersService) Create(userIn NewUser, createAsActive bool) (*User, *Response, error)
- func (s *UsersService) Deactivate(id string) (*Response, error)
- func (s *UsersService) Delete(id string) (*Response, error)
- func (s *UsersService) GetByID(id string) (*User, *Response, error)
- func (s *UsersService) ListRoles(id string) (*userRoles, *Response, error)
- func (s *UsersService) ListWithFilter(opt *UserListFilterOptions) ([]User, *Response, error)
- func (s *UsersService) NewUser() NewUser
- func (s *UsersService) PopulateEnrolledFactors(user *User) (*Response, error)
- func (s *UsersService) PopulateGroups(user *User) (*Response, error)
- func (s *UsersService) PopulateMFAFactors(user *User) (*Response, error)
- func (s *UsersService) ResetPassword(id string, sendEmail bool) (*resetPasswordResponse, *Response, error)
- func (s *UsersService) SetPassword(id string, newPassword string) (*User, *Response, error)
- func (s *UsersService) Suspend(id string) (*Response, error)
- func (s *UsersService) UnAssignRole(id string, role string) (*Response, error)
- func (s *UsersService) Unlock(id string) (*Response, error)
- func (s *UsersService) Unsuspend(id string) (*Response, error)
- func (s *UsersService) Update(userIn NewUser, id string) (*User, *Response, error)
- func (s *UsersService) UserListFilterOptions() UserListFilterOptions
Constants ¶
const ( // MFAStatusActive is a constant to represent OKTA User State returned by the API MFAStatusActive = "ACTIVE" // MFAStatusPending is a user MFA Status of NOT Active MFAStatusPending = "PENDING_ACTIVATION" )
const ( // GroupTypeOKTA - group type constant for an OKTA Mastered Group GroupTypeOKTA = "OKTA_GROUP" // GroupTypeBuiltIn - group type constant for a Built in OKTA groups GroupTypeBuiltIn = "BUILT_IN" // GroupTypeApp -- group type constant for app mastered group GroupTypeApp = "APP_GROUP" )
const ( DuoFactor = "duo" FidoU2fFactor = "fido_u2f" FidoWebauthnFactor = "fido_webauthn" GoogleOtpFactor = "google_otp" OktaCallFactor = "okta_call" OktaOtpFactor = "okta_otp" OktaPushFactor = "okta_push" OktaQuestionFactor = "okta_question" OktaSmsFactor = "okta_sms" RsaTokenFactor = "rsa_token" SymantecVipFactor = "symantec_vip" YubikeyTokenFactor = "yubikey_token" )
Current available factors for MFA
const ( // FilterEqualOperator Filter Operatorid for "equal" FilterEqualOperator = "eq" // FilterStartsWithOperator - filter operator for "starts with" FilterStartsWithOperator = "sw" // FilterGreaterThanOperator - filter operator for "greater than" FilterGreaterThanOperator = "gt" // FilterLessThanOperator - filter operator for "less than" FilterLessThanOperator = "lt" )
const ( // UserStatusActive is a constant to represent OKTA User State returned by the API UserStatusActive = "ACTIVE" // UserStatusStaged is a constant to represent OKTA User State returned by the API UserStatusStaged = "STAGED" // UserStatusProvisioned is a constant to represent OKTA User State returned by the API UserStatusProvisioned = "PROVISIONED" // UserStatusRecovery is a constant to represent OKTA User State returned by the API UserStatusRecovery = "RECOVERY" // UserStatusLockedOut is a constant to represent OKTA User State returned by the API UserStatusLockedOut = "LOCKED_OUT" // UserStatusPasswordExpired is a constant to represent OKTA User State returned by the API UserStatusPasswordExpired = "PASSWORD_EXPIRED" // UserStatusSuspended is a constant to represent OKTA User State returned by the API UserStatusSuspended = "SUSPENDED" // UserStatusDeprovisioned is a constant to represent OKTA User State returned by the API UserStatusDeprovisioned = "DEPROVISIONED" )
Variables ¶
This section is empty.
Functions ¶
func CheckResponse ¶
CheckResponse checks the API response for errors, and returns them if present. A response is considered an error if it has a status code outside the 200 range. API error responses are expected to have either no response body, or a JSON response body that maps to ErrorResponse. Any other response body will be silently ignored.
The error type will be *RateLimitError for rate limit exceeded errors, and *TwoFactorAuthError for two-factor authentication errors. TODO - check un-authorized
Types ¶
type AccountLink ¶ added in v1.0.1
type App ¶
type App struct { ID string `json:"id"` Name string `json:"name"` Label string `json:"label"` Status string `json:"status"` LastUpdated time.Time `json:"lastUpdated"` Created time.Time `json:"created"` Accessibility struct { SelfService bool `json:"selfService"` ErrorRedirectURL interface{} `json:"errorRedirectUrl"` LoginRedirectURL interface{} `json:"loginRedirectUrl"` } `json:"accessibility"` Visibility struct { AutoSubmitToolbar bool `json:"autoSubmitToolbar"` Hide struct { IOS bool `json:"iOS"` Web bool `json:"web"` } `json:"hide"` AppLinks struct { TestorgoneCustomsaml20App1Link bool `json:"testorgone_customsaml20app_1_link"` } `json:"appLinks"` } `json:"visibility"` Features []interface{} `json:"features"` SignOnMode string `json:"signOnMode"` Credentials struct { UserNameTemplate struct { Template string `json:"template"` Type string `json:"type"` } `json:"userNameTemplate"` Signing struct { } `json:"signing"` } `json:"credentials"` Settings struct { App struct { } `json:"app"` Notifications struct { Vpn struct { Network struct { Connection string `json:"connection"` } `json:"network"` Message interface{} `json:"message"` HelpURL interface{} `json:"helpUrl"` } `json:"vpn"` } `json:"notifications"` SignOn struct { DefaultRelayState string `json:"defaultRelayState"` SsoAcsURL string `json:"ssoAcsUrl"` IdpIssuer string `json:"idpIssuer"` Audience string `json:"audience"` Recipient string `json:"recipient"` Destination string `json:"destination"` SubjectNameIDTemplate string `json:"subjectNameIdTemplate"` SubjectNameIDFormat string `json:"subjectNameIdFormat"` ResponseSigned bool `json:"responseSigned"` AssertionSigned bool `json:"assertionSigned"` SignatureAlgorithm string `json:"signatureAlgorithm"` DigestAlgorithm string `json:"digestAlgorithm"` HonorForceAuthn bool `json:"honorForceAuthn"` AuthnContextClassRef string `json:"authnContextClassRef"` SpIssuer interface{} `json:"spIssuer"` RequestCompressed bool `json:"requestCompressed"` AttributeStatements []interface{} `json:"attributeStatements"` } `json:"signOn"` } `json:"settings"` Links struct { Logo []struct { Name string `json:"name"` Href string `json:"href"` Type string `json:"type"` } `json:"logo"` AppLinks []struct { Name string `json:"name"` Href string `json:"href"` Type string `json:"type"` } `json:"appLinks"` Help struct { Href string `json:"href"` Type string `json:"type"` } `json:"help"` Users struct { Href string `json:"href"` } `json:"users"` Deactivate struct { Href string `json:"href"` } `json:"deactivate"` Groups struct { Href string `json:"href"` } `json:"groups"` Metadata struct { Href string `json:"href"` Type string `json:"type"` } `json:"metadata"` } `json:"_links"` }
type AppFilterOptions ¶
type AppFilterOptions struct { NextURL *url.URL `url:"-"` GetAllPages bool `url:"-"` NumberOfPages int `url:"-"` Limit int `url:"limit,omitempty"` }
AppFilterOptions is used to generate a "Filter" to search for different Apps The values here coorelate to API Search paramgters on the group API
type AppUser ¶
type AppUser struct { ID string `json:"id"` ExternalID string `json:"externalId"` Created time.Time `json:"created"` LastUpdated time.Time `json:"lastUpdated"` Scope string `json:"scope"` Status string `json:"status"` StatusChanged *time.Time `json:"statusChanged"` PasswordChanged *time.Time `json:"passwordChanged"` SyncState string `json:"syncState"` LastSync *time.Time `json:"lastSync"` Credentials struct { UserName string `json:"userName"` Password struct { } `json:"password"` } `json:"credentials"` Profile struct { SecondEmail interface{} `json:"secondEmail"` LastName string `json:"lastName"` MobilePhone interface{} `json:"mobilePhone"` Email string `json:"email"` SalesforceGroups []string `json:"salesforceGroups"` Role string `json:"role"` FirstName string `json:"firstName"` Profile string `json:"profile"` } `json:"profile"` Links struct { App struct { Href string `json:"href"` } `json:"app"` User struct { Href string `json:"href"` } `json:"user"` } `json:"_links"` }
type AppsService ¶
type AppsService service
func (*AppsService) GetByID ¶
func (a *AppsService) GetByID(appID string) (*App, *Response, error)
GetByID gets a group from OKTA by the Gropu ID. An error is returned if the group is not found
func (*AppsService) GetUsers ¶
func (a *AppsService) GetUsers(appID string, opt *AppFilterOptions) (appUsers []AppUser, resp *Response, err error)
GetUsers returns the members in an App
Pass in an optional AppFilterOptions struct to filter the results The Users in the app are returned
type AuthContext ¶ added in v1.0.1
type AuthContext struct {
AuthType string `json:"authType,omitempty"`
}
type AuthProvider ¶
type AuthProvider struct { Provider string `json:"provider,omitempty"` Include []string `json:"include,omitempty"` }
policy & rule conditions authProvider obj
type Authorization ¶ added in v1.0.1
type BaseSubSchema ¶
type BaseSubSchema struct { Index string `json:"-"` Title string `json:"title"` Type string `json:"type"` Format string `json:"format,omitempty"` Required bool `json:"required,omitempty"` Mutability string `json:"mutablity,omitempty"` Scope string `json:"scope,omitempty"` MinLength int `json:"minLength,omitempty"` MaxLength int `json:"maxLength,omitempty"` Permissions []Permissions `json:"permissions"` Master *Master `json:"master,omitempty"` }
User Profiles Base SubSchema
type Client ¶
type Client struct { // Base URL for API requests. // This will be built automatically based on inputs to NewClient // If needed you can override this if needed (your URL is not *.okta.com or *.oktapreview.com) BaseURL *url.URL // User agent used when communicating with the GitHub API. UserAgent string PauseOnRateLimit bool // From the http response, populate this var with the okta error code, if applicable // https://developer.okta.com/reference/error_codes/ OktaErrorCode string // RateRemainingFloor - If the API returns a "X-Rate-Limit-Remaining" header less than this the SDK will either pause // Or throw RateLimitError depending on the client.PauseOnRateLimit value. It defaults to 30 // One client doing too much work can lock out all API Access for every other client // We are trying to be a "good API User Citizen" RateRemainingFloor int Limit int // Services used for talking to different parts of the API. // Service for Working with Users Users *UsersService // Service for Working with Groups Groups *GroupsService // Service for Working with Apps Apps *AppsService // Service for Working with Policies Policies *PoliciesService // Service for Working with Schemas Schemas *SchemasService // Service for Working with Identity Providers IdentityProviders *IdentityProvidersService // Service for Working with Trusted Origins TrustedOrigins *TrustedOriginsService // Org service for administrating org level resources Org *OrgService // contains filtered or unexported fields }
A Client manages communication with the API.
func NewClient ¶
NewClient returns a new OKTA API client. If a nil httpClient is provided, http.DefaultClient will be used.
func NewClientWithBaseURL ¶
NewClientWithBaseURL creates a client based on the full base URL and api token
func NewClientWithDomain ¶
func NewClientWithDomain(httpClient *http.Client, orgName string, domain string, apiToken string) (*Client, error)
NewClientWithDomain creates a client based on the organziation name and base domain for requests (okta.com, okta-emea.com, oktapreview.com, etc).
func (*Client) Do ¶
Do sends an API request and returns the API response. The API response is JSON decoded and stored in the value pointed to by v, or returned as an error if an API error has occurred. If v implements the io.Writer interface, the raw response body will be written to v, without attempting to first decode it. If rate limit is exceeded and reset time is in the future, Do returns rate immediately without making a network API call.
func (*Client) NewRequest ¶
NewRequest creates an API request. A relative URL can be provided in urlStr, in which case it is resolved relative to the BaseURL of the Client. Relative URLs should always be specified without a preceding slash. If specified, the value pointed to by body is JSON encoded and included as the request body.
type ClientRedirectUri ¶ added in v1.0.1
type Conditions ¶ added in v1.0.1
type Conditions struct { Deprovisioned *Deprovisioned `json:"deprovisioned,omitempty"` Suspended *Suspended `json:"suspended,omitempty"` }
type Consent ¶
type Consent struct { Terms struct { Format string `json:"format,omitempty"` Value string `json:"value,omitempty"` } `json:"terms,omitempty"` Type string `json:"type,omitempty"` }
Mfa policy factors consent obj
type Credentials ¶ added in v1.0.1
type Credentials struct {
Client *IdpClient `json:"client,omitempty"`
}
type CustomSubSchema ¶
type CustomSubSchema struct { Index string `json:"-"` Title string `json:"title"` Type string `json:"type"` Description string `json:"description,omitempty"` Format string `json:"format,omitempty"` Required bool `json:"required,omitempty"` Mutability string `json:"mutablity,omitempty"` Scope string `json:"scope,omitempty"` MinLength int `json:"minLength,omitempty"` MaxLength int `json:"maxLength,omitempty"` Items struct { Type string `json:"type,omitempty"` } `json:"items,omitempty"` Union string `json:"union,omitempty"` Enum []string `json:"enum,omitempty"` OneOf []OneOf `json:"oneOf,omitempty"` Permissions []Permissions `json:"permissions"` Master *Master `json:"master,omitempty"` }
User Profiles Custom SubSchema
type Delegation ¶
type Delegation struct { Options struct { SkipUnlock bool `json:"skipUnlock,omitempty"` } `json:"options,omitempty"` }
password policy settings delegation obj
type Deprovisioned ¶ added in v1.0.1
type Deprovisioned struct {
Action string `json:"action,omitempty"`
}
type Endpoints ¶ added in v1.0.1
type Endpoints struct { Authorization *Authorization `json:"authorization,omitempty"` Token *Token `json:"token,omitempty"` }
type Enroll ¶
type Enroll struct {
Self string `json:"self,omitempty"`
}
Mfa policy & rule factors enroll obj
type FactorProvider ¶ added in v1.0.1
FactorProvider represents a FactorProvider
type Factors ¶
type Factors struct { Duo *FactorProvider `json:"duo,omitempty"` FidoU2f *FactorProvider `json:"fido_u2f,omitempty"` FidoWebauthn *FactorProvider `json:"fido_webauthn,omitempty"` GoogleOtp *FactorProvider `json:"google_otp,omitempty"` OktaCall *FactorProvider `json:"okta_call,omitempty"` OktaOtp *FactorProvider `json:"okta_otp,omitempty"` OktaPassword *FactorProvider `json:"okta_password,omitempty"` OktaPush *FactorProvider `json:"okta_push,omitempty"` OktaQuestion *FactorProvider `json:"okta_question,omitempty"` OktaSms *FactorProvider `json:"okta_sms,omitempty"` RsaToken *FactorProvider `json:"rsa_token,omitempty"` SymantecVip *FactorProvider `json:"symantec_vip,omitempty"` YubikeyToken *FactorProvider `json:"yubikey_token,omitempty"` }
Mfa policy settings factors obj
type Group ¶
type Group struct { ID string `json:"id"` Created time.Time `json:"created"` LastUpdated time.Time `json:"lastUpdated"` LastMembershipUpdated time.Time `json:"lastMembershipUpdated"` ObjectClass []string `json:"objectClass"` Type string `json:"type"` GroupProfile *GroupProfile `json:"profile"` GroupLinks *GroupLinks `json:"_links"` }
Group represents the Group Object from the OKTA API
type GroupFilterOptions ¶
type GroupFilterOptions struct { // This will be built by internal - may not need to export FilterString string `url:"filter,omitempty"` NextURL *url.URL `url:"-"` GetAllPages bool `url:"-"` NumberOfPages int `url:"-"` Limit int `url:"limit,omitempty"` NameStartsWith string `url:"q,omitempty"` GroupTypeEqual string `url:"-"` LastUpdated dateFilter `url:"-"` LastMembershipUpdated dateFilter `url:"-"` }
GroupFilterOptions is used to generate a "Filter" to search for different groups The values here coorelate to API Search paramgters on the group API
type GroupLinks ¶ added in v1.0.1
type GroupProfile ¶ added in v1.0.1
type GroupProfile struct { Name string `json:"name"` Description string `json:"description"` SamAccountName string `json:"samAccountName,omitempty"` Dn string `json:"dn,omitempty"` WindowsDomainQualifiedName string `json:"windowsDomainQualifiedName,omitempty"` ExternalID string `json:"externalId,omitempty"` }
type GroupUserFilterOptions ¶
type GroupUserFilterOptions struct { Limit int `url:"limit,omitempty"` NextURL *url.URL `url:"-"` GetAllPages bool `url:"-"` NumberOfPages int `url:"-"` }
GroupUserFilterOptions is a struct that you populate which will limit or control group fetches and searches
The values here will coorelate to the search filtering allowed in the OKTA API. These values are turned into Query Parameters
type Groups ¶
type Groups struct { Include []string `json:"include,omitempty"` Exclude []string `json:"exclude,omitempty"` }
policy & rule conditions people groups obj when creating an obj, Include & Exclude are exclusive
type GroupsService ¶
type GroupsService service
GroupsService handles communication with the Groups data related methods of the OKTA API.
func (*GroupsService) Add ¶
Add - Adds an OKTA Mastered Group with name and description. GroupName is required.
func (*GroupsService) Delete ¶
func (g *GroupsService) Delete(groupID string) (*Response, error)
Delete - Deletes an OKTA Mastered Group with ID
func (*GroupsService) GetByID ¶
func (g *GroupsService) GetByID(groupID string) (*Group, *Response, error)
GetByID gets a group from OKTA by the Gropu ID. An error is returned if the group is not found
func (*GroupsService) GetUsers ¶
func (g *GroupsService) GetUsers(groupID string, opt *GroupUserFilterOptions) (users []User, resp *Response, err error)
GetUsers returns the members in a group
Pass in an optional GroupFilterOptions struct to filter the results The Users in the group are returned
func (*GroupsService) ListGroups ¶
func (s *GroupsService) ListGroups(filter string) (*groups, *Response, error)
func (*GroupsService) ListWithFilter ¶
func (g *GroupsService) ListWithFilter(opt *GroupFilterOptions) ([]Group, *Response, error)
ListWithFilter - Method to list groups with different filter options.
Pass in a GroupFilterOptions to specify filters. Values in that struct will turn into Query parameters
type IdentityProvider ¶ added in v1.0.1
type IdentityProvider struct { ID string `json:"id,omitempty"` Type string `json:"type,omitempty"` Status string `json:"status,omitempty"` IssuerMode string `json:"issuerMode,omitempty"` Name string `json:"name,omitempty"` Created *time.Time `json:"created,omitempty"` LastUpdated *time.Time `json:"lastUpdated,omitempty"` Protocol *Protocol `json:"protocol,omitempty"` Policy *IdpPolicy `json:"policy,omitempty"` Links *IdpLinks `json:"_links,omitempty"` }
Note - time.Time fields are pointers due to the issue described at link below https://stackoverflow.com/questions/32643815/golang-json-omitempty-with-time-time-field
type IdentityProvidersService ¶ added in v1.0.1
type IdentityProvidersService service
func (*IdentityProvidersService) CreateIdentityProvider ¶ added in v1.0.1
func (p *IdentityProvidersService) CreateIdentityProvider(idp interface{}) (*IdentityProvider, *Response, error)
CreateIdentityProvider: Create an Identity Provider You must pass in the IdentityProvider object created from the desired input IdentityProvider
func (*IdentityProvidersService) DeleteIdentityProvider ¶ added in v1.0.1
func (p *IdentityProvidersService) DeleteIdentityProvider(id string) (*Response, error)
DeleteIdentityProvider: Delete an Identity Provider Requires IdentityProvider ID from IdentityProvider object
func (*IdentityProvidersService) GetIdentityProvider ¶ added in v1.0.1
func (p *IdentityProvidersService) GetIdentityProvider(id string) (*IdentityProvider, *Response, error)
GetIdentityProvider: Get an Identity Provider Requires IdentityProvider ID from IdentityProvider object
func (*IdentityProvidersService) IdentityProvider ¶ added in v1.0.1
func (p *IdentityProvidersService) IdentityProvider() IdentityProvider
func (*IdentityProvidersService) UpdateIdentityProvider ¶ added in v1.0.1
func (p *IdentityProvidersService) UpdateIdentityProvider(id string, idp interface{}) (*IdentityProvider, *Response, error)
UpdateIdentityProvider: Update an Identity Provider Requires IdentityProvider ID from IdentityProvider object & IdentityProvider object from the desired input IdentityProvider
type IdpLinks ¶ added in v1.0.1
type IdpLinks struct { Authorize *Authorize `json:"authorize,omitempty"` ClientRedirectUri *ClientRedirectUri `json:"clientRedirectUri,omitempty"` }
type IdpPolicy ¶ added in v1.0.1
type IdpPolicy struct { Provisioning *Provisioning `json:"provisioning,omitempty"` AccountLink *AccountLink `json:"accountLink,omitempty"` Subject *Subject `json:"subject,omitempty"` MaxClockSkew int `json:"maxClockSkew,omitempty"` }
type MfaRule ¶
type MfaRule struct { Type string `json:"type,omitempty"` Status string `json:"status,omitempty"` Name string `json:"name,omitempty"` Priority int `json:"priority,omitempty"` Conditions *PolicyConditions `json:"conditions,omitempty"` Actions *MfaRuleActions `json:"actions,omitempty"` }
MfaRule represents the Rule Object from the OKTA API used to create or update a mfa rule
func (*MfaRule) PeopleCondition ¶
MfaRule PeopleCondition updates the People condition for the input mfa rule requires inputs string "users" or "groups & "include" or "exclude" plus a string slice of Okta group or user IDs
type MfaRuleActions ¶ added in v1.0.1
type MfaRuleActions struct {
Enroll *Enroll `json:"enroll,omitempty"`
}
MfaRuleActions represents actions that can be performed against an MFA Policy Rule
type Network ¶
type Network struct { Connection string `json:"connection,omitempty"` Include []string `json:"include,omitempty"` Exclude []string `json:"exclude,omitempty"` }
policy & rule conditions network obj when creating an obj, Include & Exclude are exclusive TODO: Include & Exclude not supported as only needed when Connection is "ZONE". zone requires the zone api (not implemented atm)
type NewUser ¶
type NewUser struct { Profile userProfile `json:"profile"` Credentials *credentials `json:"credentials,omitempty"` }
NewUser object to create user objects in OKTA
func (*NewUser) SetPassword ¶
SetPassword Adds a specified password to the new User
func (*NewUser) SetRecoveryQuestion ¶
SetRecoveryQuestion - Sets a custom security question and answer on a user object
type OrgService ¶ added in v1.0.1
type OrgService service
OrgService allows you to perform actions against resources at the organization level.
func (*OrgService) ActivateFactor ¶ added in v1.0.1
func (s *OrgService) ActivateFactor(id string) (*Factor, *Response, error)
ActivateFactor ability to activate factor provider for an organization. For valid providers IDs see API docs https://developer.okta.com/docs/api/resources/factor_admin.
func (*OrgService) DeactivateFactor ¶ added in v1.0.1
func (s *OrgService) DeactivateFactor(id string) (*Factor, *Response, error)
DeactivateFactor ability to deactivate factor provider for an organization. For valid provider IDs see API docs https://developer.okta.com/docs/api/resources/factor_admin.
func (*OrgService) ListFactors ¶ added in v1.0.1
func (s *OrgService) ListFactors() ([]*Factor, *Response, error)
ListFactors lists information around factors for organization.
type Password ¶
type Password struct { Complexity struct { MinLength *int `json:"minLength,omitempty"` // omitempty considers zero values on primitives empty. Thus if you have a value like one of these where the // default is 1 but 0 is valid, you would never be able to set them to 0 because it would omit them and the // API would default them. Same goes for other primitives. MinLowerCase *int `json:"minLowerCase"` MinUpperCase *int `json:"minUpperCase"` MinNumber *int `json:"minNumber"` MinSymbol *int `json:"minSymbol"` ExcludeUsername bool `json:"excludeUsername"` ExcludeAttributes []string `json:"excludeAttributes,omitempty"` Dictionary struct { Common struct { Exclude bool `json:"exclude"` } `json:"common,omitempty"` } `json:"dictionary,omitempty"` } `json:"complexity,omitempty"` Age struct { MaxAgeDays *int `json:"maxAgeDays,omitempty"` ExpireWarnDays *int `json:"expireWarnDays,omitempty"` MinAgeMinutes *int `json:"minAgeMinutes,omitempty"` HistoryCount *int `json:"historyCount,omitempty"` } `json:"age,omitempty"` Lockout struct { MaxAttempts *int `json:"maxAttempts,omitempty"` AutoUnlockMinutes *int `json:"autoUnlockMinutes,omitempty"` ShowLockoutFailures bool `json:"showLockoutFailures,omitempty"` UserLockoutNotificationChannels []string `json:"UserLockoutNotificationChannels,omitempty"` } `json:"lockout,omitempty"` }
Password policy settings password obj
type PasswordAction ¶
type PasswordAction struct {
Access string `json:"access,omitempty"`
}
rule actions for passwords use the same passwordAction obj
type PasswordRule ¶
type PasswordRule struct { Type string `json:"type,omitempty"` Status string `json:"status,omitempty"` Name string `json:"name,omitempty"` Priority int `json:"priority,omitempty"` Conditions *PolicyConditions `json:"conditions,omitempty"` Actions struct { PasswordChange PasswordAction `json:"passwordChange,omitempty"` SelfServicePasswordReset PasswordAction `json:"selfServicePasswordReset,omitempty"` SelfServiceUnlock PasswordAction `json:"selfServiceUnlock,omitempty"` } `json:"actions,omitempty"` }
PasswordRule represents the Rule Object from the OKTA API used to create or update a password rule
type People ¶
policy & rule conditions people obj when creating an obj, Groups & Users are exclusive
type Permissions ¶
Permissions obj for User Profiles SubSchemas
type PoliciesService ¶
type PoliciesService service
PoliciesService handles communication with the Policy data related methods of the OKTA API.
func (*PoliciesService) ActivatePolicy ¶
func (p *PoliciesService) ActivatePolicy(id string) (*Response, error)
ActivatePolicy: Activate a policy Requires Policy ID from Policy object
func (*PoliciesService) ActivatePolicyRule ¶
func (p *PoliciesService) ActivatePolicyRule(policyId string, ruleId string) (*Response, error)
ActivatePolicyRule: Activate a policy rule Requires Policy ID from Policy object and Rule ID from Rule object
func (*PoliciesService) CreatePolicy ¶
func (p *PoliciesService) CreatePolicy(policy interface{}) (*Policy, *Response, error)
CreatePolicy: Create a policy You must pass in the Policy object created from the desired input policy
func (*PoliciesService) CreatePolicyRule ¶
func (p *PoliciesService) CreatePolicyRule(id string, rule interface{}) (*Rule, *Response, error)
CreatePolicyRule: Create a policy rule Requires Policy ID from Policy object You must pass in the Rule object created from the desired input rule
func (*PoliciesService) DeactivatePolicy ¶
func (p *PoliciesService) DeactivatePolicy(id string) (*Response, error)
DeactivatePolicy: Deactivate a policy Requires Policy ID from Policy object
func (*PoliciesService) DeactivatePolicyRule ¶
func (p *PoliciesService) DeactivatePolicyRule(policyId string, ruleId string) (*Response, error)
DeactivatePolicyRule: Deactivate a policy rule Requires Policy ID from Policy object and Rule ID from Rule object
func (*PoliciesService) DeletePolicy ¶
func (p *PoliciesService) DeletePolicy(id string) (*Response, error)
DeletePolicy: Delete a policy Requires Policy ID from Policy object
func (*PoliciesService) DeletePolicyRule ¶
func (p *PoliciesService) DeletePolicyRule(policyId string, ruleId string) (*Response, error)
DeletePolicyRule: Delete a rule Requires Policy ID from Policy object and Rule ID from Rule object
func (*PoliciesService) GetPoliciesByType ¶
func (p *PoliciesService) GetPoliciesByType(policyType string) (*PolicyCollection, *Response, error)
GetPoliciesByType: Get all policies by type Allowed types are OKTA_SIGN_ON, PASSWORD, MFA_ENROLL, or OAUTH_AUTHORIZATION_POLICY
func (*PoliciesService) GetPolicy ¶
func (p *PoliciesService) GetPolicy(id string) (*Policy, *Response, error)
GetPolicy: Get a policy Requires Policy ID from Policy object
func (*PoliciesService) GetPolicyRule ¶
GetPolicyRule: Get a policy rule Requires Policy ID from Policy object and Rule ID from Rule object
func (*PoliciesService) GetPolicyRules ¶
func (p *PoliciesService) GetPolicyRules(id string) (*rules, *Response, error)
GetPolicyRules: Get policy rules Requires Policy ID from Policy object
func (*PoliciesService) MfaPolicy ¶
func (p *PoliciesService) MfaPolicy() Policy
Return the MfaPolicy object. Used to create & update the mfa policy
func (*PoliciesService) MfaRule ¶
func (p *PoliciesService) MfaRule() MfaRule
Return the MfaRule object. Used to create & update the mfa rule
func (*PoliciesService) PasswordPolicy ¶
func (p *PoliciesService) PasswordPolicy() Policy
Return the PasswordPolicy object. Used to create & update the password policy
func (*PoliciesService) PasswordRule ¶
func (p *PoliciesService) PasswordRule() PasswordRule
Return the PasswordRule object. Used to create & update the password rule
func (*PoliciesService) SignOnPolicy ¶
func (p *PoliciesService) SignOnPolicy() Policy
Return the SignOnPolicy object. Used to create & update the signon policy
func (*PoliciesService) SignOnRule ¶
func (p *PoliciesService) SignOnRule() SignOnRule
Return the SignOnRule object. Used to create & update the signon rule
func (*PoliciesService) UpdatePolicy ¶
func (p *PoliciesService) UpdatePolicy(id string, policy interface{}) (*Policy, *Response, error)
UpdatePolicy: Update a policy Requires Policy ID from Policy object & Policy object from the desired input policy
func (*PoliciesService) UpdatePolicyRule ¶
func (p *PoliciesService) UpdatePolicyRule(policyId string, ruleId string, rule interface{}) (*Rule, *Response, error)
UpdatePolicyRule: Update a policy rule Requires Policy ID from Policy object and Rule ID from Rule object You must pass in the Rule object from the desited input rule
type Policy ¶
type Policy struct { ID string `json:"id,omitempty"` Type string `json:"type,omitempty"` Name string `json:"name,omitempty"` System bool `json:"system,omitempty"` Description string `json:"description,omitempty"` Priority int `json:"priority,omitempty"` Status string `json:"status,omitempty"` Created time.Time `json:"created,omitempty"` LastUpdated time.Time `json:"lastUpdated,omitempty"` Conditions *PolicyConditions `json:"conditions,omitempty"` Settings *PolicySettings `json:"settings,omitempty"` Links *PolicyLinks `json:"_links,omitempty"` }
Policy represents the complete Policy Object from the OKTA API used to return policy data from a GET request
type PolicyCollection ¶ added in v1.0.1
type PolicyCollection struct {
Policies []Policy `json:"-,omitempty"`
}
a slice of Policy objs used by GetPoliciesByType
type PolicyConditions ¶ added in v1.0.1
type PolicyConditions struct { People *People `json:"people,omitempty"` AuthContext *AuthContext `json:"authContext,omitempty"` Network *Network `json:"network,omitempty"` AuthProvider *AuthProvider `json:"authProvider,omitempty"` }
type PolicyGroups ¶ added in v1.0.1
type PolicyGroups struct {
Include []string `json:"include,omitempty"`
}
type PolicyLinks ¶ added in v1.0.1
type PolicyLinks struct { Self struct { Href string `json:"href,omitempty"` Hints struct { Allow []string `json:"allow,omitempty"` } `json:"hints,omitempty"` } `json:"self,omitempty"` Activate struct { Href string `json:"href,omitempty"` Hints struct { Allow []string `json:"allow,omitempty"` } `json:"hints,omitempty"` } `json:"activate",omitempty` Deactivate struct { Href string `json:"href,omitempty"` Hints struct { Allow []string `json:"allow,omitempty"` } `json:"hints,omitempty"` } `json:"deactivate,omitempty"` Rules struct { Href string `json:"href,omitempty"` Hints struct { Allow []string `json:"allow,omitempty"` } `json:"hints,omitempty"` } `json:"rules,omitempty"` }
Policy & Rule obj use the same links obj
type PolicySettings ¶ added in v1.0.1
type PolicySettings struct { Factors *Factors `json:"factors,omitempty"` Password *Password `json:"password,omitempty"` Recovery *Recovery `json:"recovery,omitempty"` Delegation *Delegation `json:"delegation,omitempty"` }
type Protocol ¶ added in v1.0.1
type Protocol struct { Type string `json:"type,omitempty"` Endpoints *Endpoints `json:"endpoints,omitempty"` Scopes []string `json:"scopes,omitempty"` Credentials *Credentials `json:"credentials,omitempty"` }
type Provisioning ¶ added in v1.0.1
type Provisioning struct { Action string `json:"action,omitempty"` ProfileMaster bool `json:"profileMaster,omitempty"` Groups *IdpGroups `json:"groups,omitempty"` Conditions *Conditions `json:"conditions,omitempty"` }
type Rate ¶
type Rate struct { // The number of requests per minute the client is currently limited to. RatePerMinuteLimit int // The number of remaining requests the client can make this minute Remaining int // The time at which the current rate limit will reset. ResetTime time.Time }
Rate represents the rate limit for the current client.
type RateLimitError ¶
type RateLimitError struct { Rate Rate // Rate specifies last known rate limit for the client ErrorDetail apiError Response *http.Response // }
RateLimitError occurs when OKTA returns 429 "Too Many Requests" response with a rate limit remaining value of 0, and error message starts with "API rate limit exceeded for ".
func (*RateLimitError) Error ¶
func (r *RateLimitError) Error() string
type Recovery ¶
type Recovery struct { Factors struct { RecoveryQuestion struct { Status string `json:"status,omitempty"` Properties struct { Complexity struct { MinLength *int `json:"minLength,omitempty"` } `json:"complexity,omitempty"` } `json:"properties,omitempty"` } `json:"recovery_question,omitempty"` OktaEmail struct { Status string `json:"status,omitempty"` Properties struct { RecoveryToken struct { TokenLifetimeMinutes int `json:"tokenLifetimeMinutes,omitempty"` } `json:"recoveryToken,omitempty"` } `json:"properties,omitempty"` } `json:"okta_email,omitempty"` OktaSms struct { Status string `json:"status,omitempty"` } `json:"okta_sms,omitempty"` } `json:"factors,omitempty"` }
Password policy settings recover obj
type Response ¶
type Response struct { *http.Response NextURL *url.URL // PrevURL *url.URL SelfURL *url.URL OKTARequestID string Rate }
Response is a OKTA API response. This wraps the standard http.Response returned from OKTA and provides convenient access to things like pagination links.
type Rule ¶
type Rule struct { ID string `json:"id,omitempty"` Type string `json:"type,omitempty"` Status string `json:"status,omitempty"` Priority int `json:"priority,omitempty"` Name string `json:"name,omitempty"` System bool `json:"system,omitempty"` Created time.Time `json:"created,omitempty"` LastUpdated time.Time `json:"lastUpdated,omitempty"` Conditions *PolicyConditions `json:"conditions,omitempty"` Actions struct { SignOn `json:"signon,omitempty"` Enroll `json:"enroll,omitempty"` PasswordChange PasswordAction `json:"passwordChange,omitempty"` SelfServicePasswordReset PasswordAction `json:"selfServicePasswordReset,omitempty"` SelfServiceUnlock PasswordAction `json:"selfServiceUnlock,omitempty"` } `json:"actions,omitempty"` Links *PolicyLinks `json:"_links,omitempty"` }
Rule represents the complete Rule Object from the OKTA API used to return rule data from a GET request
type Schema ¶
type Schema struct { ID string `json:"id"` Schema string `json:"$schema"` Name string `json:"name"` Title string `json:"title"` Created time.Time `json:"created"` LastUpdated time.Time `json:"lastUpdated"` Definitions struct { Base struct { ID string `json:"id"` Type string `json:"type"` Properties []BaseSubSchema `json:"properties"` Required []string `json:"required"` } Custom struct { ID string `json:"id"` Type string `json:"type"` Properties []CustomSubSchema `json:"properties"` Required []string `json:"required"` } `json:"custom"` } `json:"definitions"` Type string `json:"type"` }
User Profiles Schema obj
type SchemasService ¶
type SchemasService service
SchemasService handles communication with the Schema data related methods of the OKTA API.
func (*SchemasService) BaseSubSchema ¶
func (p *SchemasService) BaseSubSchema() BaseSubSchema
Return the BaseSubSchema object. Used to update the Base User SubSchema
func (*SchemasService) CustomSubSchema ¶
func (p *SchemasService) CustomSubSchema() CustomSubSchema
Return the CustomSubSchema object. Used to create & update Custom User SubSchema
func (*SchemasService) DeleteUserCustomSubSchema ¶
func (s *SchemasService) DeleteUserCustomSubSchema(index string) (*Schema, *Response, error)
DeleteUserCustomSubSchema deletes a Custom SubSchema input is a string of the custom subschema index key
func (*SchemasService) GetRawUserSchema ¶
func (s *SchemasService) GetRawUserSchema() (map[string]interface{}, *Response, error)
GetRawUserSchema returns the User Profile Schema as a map[string]interface{}
func (*SchemasService) GetUserBaseSubSchema ¶
func (s *SchemasService) GetUserBaseSubSchema(index string, obj map[string]interface{}) (*BaseSubSchema, error)
GetUserBaseSubSchema returns the User Base Profile SubSchema as a BaseSubSchema struct inputs are a string index key for the SubSchema & a map[string]interface{} for the User Profile SubSchema, such as from GetUserSubSchemaPropMap()
func (*SchemasService) GetUserCustomSubSchema ¶
func (s *SchemasService) GetUserCustomSubSchema(index string, obj map[string]interface{}) (*CustomSubSchema, error)
GetUserCustomSubSchema returns the User Custom Profile SubSchema as a CustomSubSchema struct inputs are a string index key for the SubSchema & a map[string]interface{} for the User Profile SubSchema, such as from GetUserSubSchemaPropMap()
func (*SchemasService) GetUserSchema ¶
func (s *SchemasService) GetUserSchema() (*Schema, *Response, error)
GetUserSchema returns the User Profile Schema as a Schema struct
func (*SchemasService) GetUserSubSchemaIndex ¶
func (s *SchemasService) GetUserSubSchemaIndex(scope string) ([]string, *Response, error)
GetUserSubSchemaIndex returns an array of User Profile SubSchema index keys input is a string subschema scope "base" or "custom"
func (*SchemasService) GetUserSubSchemaPropMap ¶
func (s *SchemasService) GetUserSubSchemaPropMap(scope string, index string) (map[string]interface{}, *Response, error)
GetUserSubSchemaPropMap returns the User Profile SubSchema as a map[string]interface{} inputs are a string subschema scope "base" or "custom" & the index key for the User Profile SubSchema
func (*SchemasService) OneOf ¶
func (p *SchemasService) OneOf() OneOf
Return the OneOf object. Used to create & update Custom User SubSchema OneOf
func (*SchemasService) Permissions ¶
func (p *SchemasService) Permissions() Permissions
Return the Permissions object. Used to create & update User SubSchemas Permissions
func (*SchemasService) UpdateUserBaseSubSchema ¶
func (s *SchemasService) UpdateUserBaseSubSchema(update BaseSubSchema) (*Schema, *Response, error)
UpdateUserBaseSubSchema Updates a Base SubSchema can only update subschema permissions & the nullability of the firstName and lastName subschemas input is a BaseSubSchema struct
func (*SchemasService) UpdateUserCustomSubSchema ¶
func (s *SchemasService) UpdateUserCustomSubSchema(update CustomSubSchema) (*Schema, *Response, error)
UpdateUserCustomSubSchema Adds or Updates a Custom SubSchema input is a CustomSubSchema struct
type SignOn ¶
type SignOn struct { Access string `json:"access,omitempty"` RequireFactor bool `json:"requireFactor,omitempty"` FactorPromptMode string `json:"factorPromptMode,omitempty"` RememberDeviceByDefault bool `json:"rememberDeviceByDefault,omitempty"` FactorLifetime int `json:"factorLifetime,omitempty"` Session struct { MaxSessionIdleMinutes int `json:"maxSessionIdleMinutes,omitempty"` MaxSessionLifetimeMinutes int `json:"maxSessionLifetimeMinutes,omitempty"` UsePersistentCookie bool `json:"usePersistentCookie"` // field must have a value } `json:"session,omitempty"` }
signon rule actions signon obj
type SignOnRule ¶
type SignOnRule struct { Type string `json:"type,omitempty"` Status string `json:"status,omitempty"` Name string `json:"name,omitempty"` Priority int `json:"priority,omitempty"` Conditions *PolicyConditions `json:"conditions,omitempty"` Actions struct { SignOn `json:"signon,omitempty"` } `json:"actions,omitempty"` }
SignOnRule represents the Rule Object from the OKTA API used to create or update a signon rule
type Subject ¶ added in v1.0.1
type Subject struct { UserNameTemplate *UserNameTemplate `json:"userNameTemplate,omitempty"` Filter string `json:"filter,omitempty"` MatchType string `json:"matchType,omitempty"` }
type TrustedOrigin ¶ added in v1.0.1
type TrustedOrigin struct { ID string `json:"id,omitempty"` Status string `json:"status,omitempty"` Name string `json:"name,omitempty"` Origin string `json:"origin,omitempty"` Scopes []map[string]string `json:"scopes,omitempty"` Created *time.Time `json:"created,omitempty"` CreatedBy string `json:"createdBy,omitempty"` LastUpdated *time.Time `json:"lastUpdated,omitempty"` LastUpdatedBy string `json:"lastUpdated,omitempty"` Links *TrustedOriginLinks `json:"_links,omitempty"` }
type TrustedOriginDeactive ¶ added in v1.0.1
type TrustedOriginDeactive struct { Href string `json:"href,omitempty"` Hints *TrustedOriginHints `json:"hints,omitempty"` }
type TrustedOriginHints ¶ added in v1.0.1
type TrustedOriginHints struct {
Allow []string `json:"allow,omitempty"`
}
type TrustedOriginLinks ¶ added in v1.0.1
type TrustedOriginLinks struct { Self *TrustedOriginSelf `json:"self,omitempty"` Deactivate *TrustedOriginDeactive `json:"deactive,omitempty"` }
type TrustedOriginSelf ¶ added in v1.0.1
type TrustedOriginSelf struct { Href string `json:"href,omitempty"` Hints *TrustedOriginHints `json:"hints,omitempty"` }
type TrustedOriginsService ¶ added in v1.0.1
type TrustedOriginsService service
func (*TrustedOriginsService) ActivateTrustedOrigin ¶ added in v1.0.1
func (p *TrustedOriginsService) ActivateTrustedOrigin(id string, activate bool) (*Response, error)
ActivateTrustedOrigin: Activate/Deactivate a Trusted Origin Requires TrustedOrigin ID from TrustedOrigin object and a boolean to activate or deactivate
func (*TrustedOriginsService) CreateTrustedOrigin ¶ added in v1.0.1
func (p *TrustedOriginsService) CreateTrustedOrigin(trustedOrigin interface{}) (*TrustedOrigin, *Response, error)
CreateTrustedOrigin: Create a Trusted Origin You must pass in the Trusted Origin object created from the desired input trustedOrigin
func (*TrustedOriginsService) DeleteTrustedOrigin ¶ added in v1.0.1
func (p *TrustedOriginsService) DeleteTrustedOrigin(id string) (*Response, error)
DeleteTrustedOrigin: Delete a Trusted Origin Requires TrustedOrigin ID from TrustedOrigin object
func (*TrustedOriginsService) GetTrustedOrigin ¶ added in v1.0.1
func (p *TrustedOriginsService) GetTrustedOrigin(id string) (*TrustedOrigin, *Response, error)
GetTrustedOrigin: Get a Trusted Origin entry Requires TrustedOrigins ID from TrustedOrigins object
func (*TrustedOriginsService) ListTrustedOrigins ¶ added in v1.0.1
func (p *TrustedOriginsService) ListTrustedOrigins() (*Response, error)
ListTrustedOrigins: Lists all Trusted Origins from an Okta Account
func (*TrustedOriginsService) TrustedOrigin ¶ added in v1.0.1
func (p *TrustedOriginsService) TrustedOrigin() TrustedOrigin
func (*TrustedOriginsService) UpdateTrustedOrigin ¶ added in v1.0.1
func (p *TrustedOriginsService) UpdateTrustedOrigin(id string, trustedOrigin interface{}) (*TrustedOrigin, *Response, error)
UpdateTrustedOrigin: Update a Trusted Origin Requires TrustedOrigin ID from TrustedOrigin object & TrustedOrigin object from the desired input policy
type User ¶
type User struct { Activated string `json:"activated,omitempty"` Created string `json:"created,omitempty"` Credentials credentials `json:"credentials,omitempty"` ID string `json:"id,omitempty"` LastLogin string `json:"lastLogin,omitempty"` LastUpdated string `json:"lastUpdated,omitempty"` PasswordChanged string `json:"passwordChanged,omitempty"` Profile userProfile `json:"profile"` Status string `json:"status,omitempty"` StatusChanged string `json:"statusChanged,omitempty"` Links userLinks `json:"_links,omitempty"` MFAFactors []userMFAFactor `json:"-,omitempty"` Groups []Group `json:"-,omitempty"` }
User is a struct that represents a user object from OKTA.
type UserListFilterOptions ¶
type UserListFilterOptions struct { Limit int `url:"limit,omitempty"` EmailEqualTo string `url:"-"` LoginEqualTo string `url:"-"` StatusEqualTo string `url:"-"` IDEqualTo string `url:"-"` FirstNameEqualTo string `url:"-"` LastNameEqualTo string `url:"-"` // This will be built by internal - may not need to export FilterString string `url:"filter,omitempty"` NextURL *url.URL `url:"-"` GetAllPages bool `url:"-"` NumberOfPages int `url:"-"` LastUpdated dateFilter `url:"-"` }
UserListFilterOptions is a struct that you can populate which will "filter" user searches the exported struct fields should allow you to do different filters based on what is allowed in the OKTA API.
The filter OKTA API is limited in the fields it can search NOTE: In the current form you can't add parenthesis and ordering
OKTA API Supports only a limited number of properties: status, lastUpdated, id, profile.login, profile.email, profile.firstName, and profile.lastName. http://developer.okta.com/docs/api/resources/users.html#list-users-with-a-filter
type UserNameTemplate ¶ added in v1.0.1
type UserNameTemplate struct {
Template string `json:"template,omitempty"`
}
type Users ¶
type Users struct { Include []string `json:"include,omitempty"` Exclude []string `json:"exclude,omitempty"` }
policy & rule conditions people users obj when creating an obj, Include & Exclude are exclusive
type UsersService ¶
type UsersService service
UsersService handles communication with the User data related methods of the OKTA API.
func (*UsersService) Activate ¶
func (s *UsersService) Activate(id string, sendEmail bool) (*activationResponse, *Response, error)
Activate Activates a user. You can have OKTA send an email by including a "sendEmail=true" If you pass in sendEmail=false, then activationResponse.ActivationURL will have a string URL that can be sent to the end user. You can discard response if sendEmail=true
func (*UsersService) AssignRole ¶
func (s *UsersService) AssignRole(id string, role string) (*Response, error)
Assign Role to User. id must be User.ID
func (*UsersService) Create ¶
Create - Creates a new user. You must pass in a "newUser" object created from Users.NewUser() There are many differnt reasons that OKTA may reject the request so you have to check the error messages
func (*UsersService) Deactivate ¶
func (s *UsersService) Deactivate(id string) (*Response, error)
Deactivate - Deactivates a user
func (*UsersService) Delete ¶
func (s *UsersService) Delete(id string) (*Response, error)
Delete - Delete a user. Does not check for user status DEPROVISIONED.
func (*UsersService) GetByID ¶
func (s *UsersService) GetByID(id string) (*User, *Response, error)
GetByID returns a user object for a specific OKTA ID. Generally the id input string is the cryptic OKTA key value from User.ID. However, the OKTA API may accept other values like "me", or login shortname
func (*UsersService) ListRoles ¶
func (s *UsersService) ListRoles(id string) (*userRoles, *Response, error)
List User Roles. id must be User.ID will return a struct containing a slice for each role assigned to the user if the user has no roles, return nil
func (*UsersService) ListWithFilter ¶
func (s *UsersService) ListWithFilter(opt *UserListFilterOptions) ([]User, *Response, error)
ListWithFilter will use the input UserListFilterOptions to find users and return a paged result set
func (*UsersService) NewUser ¶
func (s *UsersService) NewUser() NewUser
NewUser - Returns a new user object. This is used to create users in OKTA. It only has the properties that OKTA will take as input. The "User" object has more feilds that are OKTA returned like the ID, etc
func (*UsersService) PopulateEnrolledFactors ¶
func (s *UsersService) PopulateEnrolledFactors(user *User) (*Response, error)
PopulateEnrolledFactors will populate the Enrolled MFA Factors a user is a member of. You pass in a pointer to an existing users http://developer.okta.com/docs/api/resources/factors.html#list-enrolled-factors
func (*UsersService) PopulateGroups ¶
func (s *UsersService) PopulateGroups(user *User) (*Response, error)
PopulateGroups will populate the groups a user is a member of. You pass in a pointer to an existing users
func (*UsersService) PopulateMFAFactors ¶
func (s *UsersService) PopulateMFAFactors(user *User) (*Response, error)
PopulateMFAFactors will populate the MFA Factors a user is a member of. You pass in a pointer to an existing users
func (*UsersService) ResetPassword ¶
func (s *UsersService) ResetPassword(id string, sendEmail bool) (*resetPasswordResponse, *Response, error)
ResetPassword - Generates a one-time token (OTT) that can be used to reset a user’s password. The OTT link can be automatically emailed to the user or returned to the API caller and distributed using a custom flow. http://developer.okta.com/docs/api/resources/users.html#reset-password If you pass in sendEmail=false, then resetPasswordResponse.resetPasswordUrl will have a string URL that can be sent to the end user. You can discard response if sendEmail=true
func (*UsersService) SetPassword ¶
SetPassword - Sets a user password to an Admin provided String
func (*UsersService) Suspend ¶
func (s *UsersService) Suspend(id string) (*Response, error)
Suspend - Suspends a user - If user is NOT active an Error will come back based on OKTA API: http://developer.okta.com/docs/api/resources/users.html#suspend-user
func (*UsersService) UnAssignRole ¶
func (s *UsersService) UnAssignRole(id string, role string) (*Response, error)
Unassign Role from User. id must be User.ID, role must be []userRole.ID from ListRoles
func (*UsersService) Unlock ¶
func (s *UsersService) Unlock(id string) (*Response, error)
Unlock - Unlocks a user - Per docs, only for OKTA Mastered Account http://developer.okta.com/docs/api/resources/users.html#unlock-user
func (*UsersService) Unsuspend ¶
func (s *UsersService) Unsuspend(id string) (*Response, error)
Unsuspend - Unsuspends a user - If user is NOT SUSPENDED, an Error will come back based on OKTA API: http://developer.okta.com/docs/api/resources/users.html#unsuspend-user
func (*UsersService) Update ¶
Update - Update an existing user. We use the same "newUser" object as we do to create a user since the update api endpopint requires the same data structure (profile & credentials) in its body. The request uses POST and not PUT because POST supports partial updates.
func (*UsersService) UserListFilterOptions ¶
func (s *UsersService) UserListFilterOptions() UserListFilterOptions
UserListFilterOptions - Returns the filter options object. This is used by ListWithFilter to search for users in OKTA