All URIs are relative to https://subdomain.okta.com
| Method | HTTP request | Description |
|---|---|---|
| Invoke-OktaActivateUser | POST /api/v1/users/{userId}/lifecycle/activate | Activate a User |
| Rename-OktaPassword | POST /api/v1/users/{userId}/credentials/change_password | Change Password |
| Rename-OktaRecoveryQuestion | POST /api/v1/users/{userId}/credentials/change_recovery_question | Change Recovery Question |
| Clear-OktaUserSessions | DELETE /api/v1/users/{userId}/sessions | Delete all User Sessions |
| New-OktaUser | POST /api/v1/users | Create a User |
| Invoke-OktaDeactivateOrDeleteUser | DELETE /api/v1/users/{userId} | Delete a User |
| Invoke-OktaDeactivateUser | POST /api/v1/users/{userId}/lifecycle/deactivate | Deactivate a User |
| Invoke-OktaExpirePassword | POST /api/v1/users/{userId}/lifecycle/expire_password | Expire Password |
| Invoke-OktaExpirePasswordAndGetTemporaryPassword | POST /api/v1/users/{userId}/lifecycle/expire_password_with_temp_password | Expire Password and Set Temporary Password |
| Invoke-OktaForgotPassword | POST /api/v1/users/{userId}/credentials/forgot_password | Initiate Forgot Password |
| Invoke-OktaForgotPasswordSetNewPassword | POST /api/v1/users/{userId}/credentials/forgot_password_recovery_question | Reset Password with Recovery Question |
| Get-OktaLinkedObjectsForUser | GET /api/v1/users/{userId}/linkedObjects/{relationshipName} | List all Linked Objects |
| Get-OktaRefreshTokenForUserAndClient | GET /api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId} | Retrieve a Refresh Token for a Client |
| Get-OktaUser | GET /api/v1/users/{userId} | Retrieve a User |
| Get-OktaUserGrant | GET /api/v1/users/{userId}/grants/{grantId} | Retrieve a User Grant |
| Invoke-OktaListAppLinks | GET /api/v1/users/{userId}/appLinks | List all Assigned Application Links |
| Invoke-OktaListGrantsForUserAndClient | GET /api/v1/users/{userId}/clients/{clientId}/grants | List all Grants for a Client |
| Invoke-OktaListRefreshTokensForUserAndClient | GET /api/v1/users/{userId}/clients/{clientId}/tokens | List all Refresh Tokens for a Client |
| Invoke-OktaListUserClients | GET /api/v1/users/{userId}/clients | List all Clients |
| Invoke-OktaListUserGrants | GET /api/v1/users/{userId}/grants | List all User Grants |
| Invoke-OktaListUserGroups | GET /api/v1/users/{userId}/groups | List all Groups |
| Invoke-OktaListUserIdentityProviders | GET /api/v1/users/{userId}/idps | List all Identity Providers |
| Invoke-OktaListUsers | GET /api/v1/users | List all Users |
| Invoke-OktaPartialUpdateUser | POST /api/v1/users/{userId} | Update a User |
| Invoke-OktaReactivateUser | POST /api/v1/users/{userId}/lifecycle/reactivate | Reactivate a User |
| Remove-OktaLinkedObjectForUser | DELETE /api/v1/users/{userId}/linkedObjects/{relationshipName} | Delete a Linked Object |
| Reset-OktaFactors | POST /api/v1/users/{userId}/lifecycle/reset_factors | Reset all Factors |
| Reset-OktaPassword | POST /api/v1/users/{userId}/lifecycle/reset_password | Reset Password |
| Revoke-OktaGrantsForUserAndClient | DELETE /api/v1/users/{userId}/clients/{clientId}/grants | Revoke all Grants for a Client |
| Revoke-OktaTokenForUserAndClient | DELETE /api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId} | Revoke a Token for a Client |
| Revoke-OktaTokensForUserAndClient | DELETE /api/v1/users/{userId}/clients/{clientId}/tokens | Revoke all Refresh Tokens for a Client |
| Revoke-OktaUserGrant | DELETE /api/v1/users/{userId}/grants/{grantId} | Revoke a User Grant |
| Revoke-OktaUserGrants | DELETE /api/v1/users/{userId}/grants | Revoke all User Grants |
| Set-OktaLinkedObjectForUser | PUT /api/v1/users/{associatedUserId}/linkedObjects/{primaryRelationshipName}/{primaryUserId} | Create a Linked Object for two User |
| Suspend-OktaUser | POST /api/v1/users/{userId}/lifecycle/suspend | Suspend a User |
| Unlock-OktaUser | POST /api/v1/users/{userId}/lifecycle/unlock | Unlock a User |
| Invoke-OktaUnsuspendUser | POST /api/v1/users/{userId}/lifecycle/unsuspend | Unsuspend a User |
| Update-OktaUser | PUT /api/v1/users/{userId} | Replace a User |
UserActivationToken Invoke-OktaActivateUser
[-UserId]
[-SendEmail]
Activate a User
Activates a user. This operation can only be performed on users with a STAGED status. Activation of a user is an asynchronous operation. The user will have the transitioningToStatus property with a value of ACTIVE during activation to indicate that the user hasn't completed the asynchronous operation. The user will have a status of ACTIVE when the activation process is complete.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
$SendEmail = $true # Boolean | Sends an activation email to the user if true (default to $true)
# Activate a User
try {
$Result = Invoke-OktaActivateUser -UserId $UserId -SendEmail $SendEmail
} catch {
Write-Host ("Exception occurred when calling Invoke-OktaActivateUser: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String | ||
| SendEmail | Boolean | Sends an activation email to the user if true | [default to $true] |
UserActivationToken (PSCustomObject)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
UserCredentials Rename-OktaPassword
[-UserId]
[-ChangePasswordRequest]
[-Strict] <System.Nullable[Boolean]>
Change Password
Changes a user's password by validating the user's current password. This operation can only be performed on users in STAGED, ACTIVE, PASSWORD_EXPIRED, or RECOVERY status that have a valid password credential
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
$PasswordCredentialHash = Initialize-PasswordCredentialHash -Algorithm "BCRYPT" -Salt "MySalt" -SaltOrder "MySaltOrder" -Value "MyValue" -WorkFactor 0
$PasswordCredentialHook = Initialize-PasswordCredentialHook -Type "MyType"
$PasswordCredential = Initialize-PasswordCredential -Hash $PasswordCredentialHash -Hook $PasswordCredentialHook -Value "MyValue"
$ChangePasswordRequest = Initialize-ChangePasswordRequest -NewPassword $PasswordCredential -OldPassword $PasswordCredential -RevokeSessions $false # ChangePasswordRequest |
$Strict = $true # Boolean | (optional)
# Change Password
try {
$Result = Rename-OktaPassword -UserId $UserId -ChangePasswordRequest $ChangePasswordRequest -Strict $Strict
} catch {
Write-Host ("Exception occurred when calling Rename-OktaPassword: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String | ||
| ChangePasswordRequest | ChangePasswordRequest | ||
| Strict | Boolean | [optional] |
UserCredentials (PSCustomObject)
- Content-Type: application/json
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
UserCredentials Rename-OktaRecoveryQuestion
[-UserId]
[-UserCredentials]
Change Recovery Question
Changes a user's recovery question & answer credential by validating the user's current password. This operation can only be performed on users in STAGED, ACTIVE or RECOVERY status that have a valid password credential
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
$PasswordCredentialHash = Initialize-PasswordCredentialHash -Algorithm "BCRYPT" -Salt "MySalt" -SaltOrder "MySaltOrder" -Value "MyValue" -WorkFactor 0
$PasswordCredentialHook = Initialize-PasswordCredentialHook -Type "MyType"
$PasswordCredential = Initialize-PasswordCredential -Hash $PasswordCredentialHash -Hook $PasswordCredentialHook -Value "MyValue"
$AuthenticationProvider = Initialize-AuthenticationProvider -Name "MyName" -Type "ACTIVE_DIRECTORY"
$RecoveryQuestionCredential = Initialize-RecoveryQuestionCredential -Answer "MyAnswer" -Question "MyQuestion"
$UserCredentials = Initialize-UserCredentials -Password $PasswordCredential -Provider $AuthenticationProvider -RecoveryQuestion $RecoveryQuestionCredential # UserCredentials |
# Change Recovery Question
try {
$Result = Rename-OktaRecoveryQuestion -UserId $UserId -UserCredentials $UserCredentials
} catch {
Write-Host ("Exception occurred when calling Rename-OktaRecoveryQuestion: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String | ||
| UserCredentials | UserCredentials |
UserCredentials (PSCustomObject)
- Content-Type: application/json
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
void Clear-OktaUserSessions
[-UserId]
[-OauthTokens] <System.Nullable[Boolean]>
Delete all User Sessions
Removes all active identity provider sessions. This forces the user to authenticate on the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
$OauthTokens = $true # Boolean | Revoke issued OpenID Connect and OAuth refresh and access tokens (optional) (default to $false)
# Delete all User Sessions
try {
$Result = Clear-OktaUserSessions -UserId $UserId -OauthTokens $OauthTokens
} catch {
Write-Host ("Exception occurred when calling Clear-OktaUserSessions: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String | ||
| OauthTokens | Boolean | Revoke issued OpenID Connect and OAuth refresh and access tokens | [optional] [default to $false] |
void (empty response body)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
User New-OktaUser
[-Body]
[-Activate] <System.Nullable[Boolean]>
[-Provider] <System.Nullable[Boolean]>
[-NextLogin]
Create a User
Creates a new user in your Okta organization with or without credentials.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$PasswordCredentialHash = Initialize-PasswordCredentialHash -Algorithm "BCRYPT" -Salt "MySalt" -SaltOrder "MySaltOrder" -Value "MyValue" -WorkFactor 0
$PasswordCredentialHook = Initialize-PasswordCredentialHook -Type "MyType"
$PasswordCredential = Initialize-PasswordCredential -Hash $PasswordCredentialHash -Hook $PasswordCredentialHook -Value "MyValue"
$AuthenticationProvider = Initialize-AuthenticationProvider -Name "MyName" -Type "ACTIVE_DIRECTORY"
$RecoveryQuestionCredential = Initialize-RecoveryQuestionCredential -Answer "MyAnswer" -Question "MyQuestion"
$UserCredentials = Initialize-UserCredentials -Password $PasswordCredential -Provider $AuthenticationProvider -RecoveryQuestion $RecoveryQuestionCredential
$UserType = Initialize-UserType -Created (Get-Date) -CreatedBy "MyCreatedBy" -Default $false -Description "MyDescription" -DisplayName "MyDisplayName" -Id "MyId" -LastUpdated (Get-Date) -LastUpdatedBy "MyLastUpdatedBy" -Name "MyName" -Links @{ key_example = }
$CreateUserRequest = Initialize-CreateUserRequest -Credentials $UserCredentials -GroupIds "MyGroupIds" -VarProfile -Type $UserType # CreateUserRequest |
$Activate = $true # Boolean | Executes activation lifecycle operation when creating the user (optional) (default to $true)
$Provider = $true # Boolean | Indicates whether to create a user with a specified authentication provider (optional) (default to $false)
$NextLogin = "changePassword" # UserNextLogin | With activate=true, set nextLogin to ""changePassword"" to have the password be EXPIRED, so user must change it the next time they log in. (optional)
# Create a User
try {
$Result = New-OktaUser -Body $Body -Activate $Activate -Provider $Provider -NextLogin $NextLogin
} catch {
Write-Host ("Exception occurred when calling New-OktaUser: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| Body | CreateUserRequest | ||
| Activate | Boolean | Executes activation lifecycle operation when creating the user | [optional] [default to $true] |
| Provider | Boolean | Indicates whether to create a user with a specified authentication provider | [optional] [default to $false] |
| NextLogin | UserNextLogin | With activate=true, set nextLogin to ""changePassword"" to have the password be EXPIRED, so user must change it the next time they log in. | [optional] |
User (PSCustomObject)
- Content-Type: application/json
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
void Invoke-OktaDeactivateOrDeleteUser
[-UserId]
[-SendEmail] <System.Nullable[Boolean]>
Delete a User
Deletes a user permanently. This operation can only be performed on users that have a DEPROVISIONED status. This action cannot be recovered!
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
$SendEmail = $true # Boolean | (optional) (default to $false)
# Delete a User
try {
$Result = Invoke-OktaDeactivateOrDeleteUser -UserId $UserId -SendEmail $SendEmail
} catch {
Write-Host ("Exception occurred when calling Invoke-OktaDeactivateOrDeleteUser: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String | ||
| SendEmail | Boolean | [optional] [default to $false] |
void (empty response body)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
void Invoke-OktaDeactivateUser
[-UserId]
[-SendEmail] <System.Nullable[Boolean]>
Deactivate a User
Deactivates a user. This operation can only be performed on users that do not have a DEPROVISIONED status. While the asynchronous operation (triggered by HTTP header Prefer: respond-async) is proceeding the user's transitioningToStatus property is DEPROVISIONED. The user's status is DEPROVISIONED when the deactivation process is complete.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
$SendEmail = $true # Boolean | (optional) (default to $false)
# Deactivate a User
try {
$Result = Invoke-OktaDeactivateUser -UserId $UserId -SendEmail $SendEmail
} catch {
Write-Host ("Exception occurred when calling Invoke-OktaDeactivateUser: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String | ||
| SendEmail | Boolean | [optional] [default to $false] |
void (empty response body)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
User Invoke-OktaExpirePassword
[-UserId]
Expire Password
This operation transitions the user to the status of PASSWORD_EXPIRED so that the user is required to change their password at their next login.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
# Expire Password
try {
$Result = Invoke-OktaExpirePassword -UserId $UserId
} catch {
Write-Host ("Exception occurred when calling Invoke-OktaExpirePassword: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String |
User (PSCustomObject)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
TempPassword Invoke-OktaExpirePasswordAndGetTemporaryPassword
[-UserId]
Expire Password and Set Temporary Password
This operation transitions the user to the status of PASSWORD_EXPIRED so that the user is required to change their password at their next login, and also sets the user's password to a temporary password returned in the response.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
# Expire Password and Set Temporary Password
try {
$Result = Invoke-OktaExpirePasswordAndGetTemporaryPassword -UserId $UserId
} catch {
Write-Host ("Exception occurred when calling Invoke-OktaExpirePasswordAndGetTemporaryPassword: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String |
TempPassword (PSCustomObject)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
ForgotPasswordResponse Invoke-OktaForgotPassword
[-UserId]
[-SendEmail] <System.Nullable[Boolean]>
Initiate Forgot Password
Initiate forgot password flow. Generates a one-time token (OTT) that can be used to reset a user's password.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
$SendEmail = $true # Boolean | (optional) (default to $true)
# Initiate Forgot Password
try {
$Result = Invoke-OktaForgotPassword -UserId $UserId -SendEmail $SendEmail
} catch {
Write-Host ("Exception occurred when calling Invoke-OktaForgotPassword: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String | ||
| SendEmail | Boolean | [optional] [default to $true] |
ForgotPasswordResponse (PSCustomObject)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
UserCredentials Invoke-OktaForgotPasswordSetNewPassword
[-UserId]
[-UserCredentials]
[-SendEmail] <System.Nullable[Boolean]>
Reset Password with Recovery Question
Resets the user's password to the specified password if the provided answer to the recovery question is correct.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
$PasswordCredentialHash = Initialize-PasswordCredentialHash -Algorithm "BCRYPT" -Salt "MySalt" -SaltOrder "MySaltOrder" -Value "MyValue" -WorkFactor 0
$PasswordCredentialHook = Initialize-PasswordCredentialHook -Type "MyType"
$PasswordCredential = Initialize-PasswordCredential -Hash $PasswordCredentialHash -Hook $PasswordCredentialHook -Value "MyValue"
$AuthenticationProvider = Initialize-AuthenticationProvider -Name "MyName" -Type "ACTIVE_DIRECTORY"
$RecoveryQuestionCredential = Initialize-RecoveryQuestionCredential -Answer "MyAnswer" -Question "MyQuestion"
$UserCredentials = Initialize-UserCredentials -Password $PasswordCredential -Provider $AuthenticationProvider -RecoveryQuestion $RecoveryQuestionCredential # UserCredentials |
$SendEmail = $true # Boolean | (optional) (default to $true)
# Reset Password with Recovery Question
try {
$Result = Invoke-OktaForgotPasswordSetNewPassword -UserId $UserId -UserCredentials $UserCredentials -SendEmail $SendEmail
} catch {
Write-Host ("Exception occurred when calling Invoke-OktaForgotPasswordSetNewPassword: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String | ||
| UserCredentials | UserCredentials | ||
| SendEmail | Boolean | [optional] [default to $true] |
UserCredentials (PSCustomObject)
- Content-Type: application/json
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
SystemCollectionsHashtable[] Get-OktaLinkedObjectsForUser
[-UserId]
[-RelationshipName]
[-After]
[-Limit] <System.Nullable[Int32]>
List all Linked Objects
Get linked objects for a user, relationshipName can be a primary or associated relationship name
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
$RelationshipName = "MyRelationshipName" # String |
$After = "MyAfter" # String | (optional)
$Limit = 56 # Int32 | (optional) (default to -1)
# List all Linked Objects
try {
$Result = Get-OktaLinkedObjectsForUser -UserId $UserId -RelationshipName $RelationshipName -After $After -Limit $Limit
} catch {
Write-Host ("Exception occurred when calling Get-OktaLinkedObjectsForUser: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String | ||
| RelationshipName | String | ||
| After | String | [optional] | |
| Limit | Int32 | [optional] [default to -1] |
SystemCollectionsHashtable[] (PSCustomObject)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
OAuth2RefreshToken Get-OktaRefreshTokenForUserAndClient
[-UserId]
[-ClientId]
[-TokenId]
[-Expand]
[-Limit] <System.Nullable[Int32]>
[-After]
Retrieve a Refresh Token for a Client
Gets a refresh token issued for the specified User and Client.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
$ClientId = "MyClientId" # String |
$TokenId = "MyTokenId" # String |
$Expand = "MyExpand" # String | (optional)
$Limit = 56 # Int32 | (optional) (default to 20)
$After = "MyAfter" # String | (optional)
# Retrieve a Refresh Token for a Client
try {
$Result = Get-OktaRefreshTokenForUserAndClient -UserId $UserId -ClientId $ClientId -TokenId $TokenId -Expand $Expand -Limit $Limit -After $After
} catch {
Write-Host ("Exception occurred when calling Get-OktaRefreshTokenForUserAndClient: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String | ||
| ClientId | String | ||
| TokenId | String | ||
| Expand | String | [optional] | |
| Limit | Int32 | [optional] [default to 20] | |
| After | String | [optional] |
OAuth2RefreshToken (PSCustomObject)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
User Get-OktaUser
[-UserId]
Retrieve a User
Fetches a user from your Okta organization.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
# Retrieve a User
try {
$Result = Get-OktaUser -UserId $UserId
} catch {
Write-Host ("Exception occurred when calling Get-OktaUser: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String |
User (PSCustomObject)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
OAuth2ScopeConsentGrant Get-OktaUserGrant
[-UserId]
[-GrantId]
[-Expand]
Retrieve a User Grant
Gets a grant for the specified user
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
$GrantId = "MyGrantId" # String |
$Expand = "MyExpand" # String | (optional)
# Retrieve a User Grant
try {
$Result = Get-OktaUserGrant -UserId $UserId -GrantId $GrantId -Expand $Expand
} catch {
Write-Host ("Exception occurred when calling Get-OktaUserGrant: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String | ||
| GrantId | String | ||
| Expand | String | [optional] |
OAuth2ScopeConsentGrant (PSCustomObject)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
AppLink[] Invoke-OktaListAppLinks
[-UserId]
List all Assigned Application Links
Fetches appLinks for all direct or indirect (via group membership) assigned applications.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
# List all Assigned Application Links
try {
$Result = Invoke-OktaListAppLinks -UserId $UserId
} catch {
Write-Host ("Exception occurred when calling Invoke-OktaListAppLinks: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String |
AppLink[] (PSCustomObject)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
OAuth2ScopeConsentGrant[] Invoke-OktaListGrantsForUserAndClient
[-UserId]
[-ClientId]
[-Expand]
[-After]
[-Limit] <System.Nullable[Int32]>
List all Grants for a Client
Lists all grants for a specified user and client
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
$ClientId = "MyClientId" # String |
$Expand = "MyExpand" # String | (optional)
$After = "MyAfter" # String | (optional)
$Limit = 56 # Int32 | (optional) (default to 20)
# List all Grants for a Client
try {
$Result = Invoke-OktaListGrantsForUserAndClient -UserId $UserId -ClientId $ClientId -Expand $Expand -After $After -Limit $Limit
} catch {
Write-Host ("Exception occurred when calling Invoke-OktaListGrantsForUserAndClient: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String | ||
| ClientId | String | ||
| Expand | String | [optional] | |
| After | String | [optional] | |
| Limit | Int32 | [optional] [default to 20] |
OAuth2ScopeConsentGrant[] (PSCustomObject)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
OAuth2RefreshToken[] Invoke-OktaListRefreshTokensForUserAndClient
[-UserId]
[-ClientId]
[-Expand]
[-After]
[-Limit] <System.Nullable[Int32]>
List all Refresh Tokens for a Client
Lists all refresh tokens issued for the specified User and Client.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
$ClientId = "MyClientId" # String |
$Expand = "MyExpand" # String | (optional)
$After = "MyAfter" # String | (optional)
$Limit = 56 # Int32 | (optional) (default to 20)
# List all Refresh Tokens for a Client
try {
$Result = Invoke-OktaListRefreshTokensForUserAndClient -UserId $UserId -ClientId $ClientId -Expand $Expand -After $After -Limit $Limit
} catch {
Write-Host ("Exception occurred when calling Invoke-OktaListRefreshTokensForUserAndClient: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String | ||
| ClientId | String | ||
| Expand | String | [optional] | |
| After | String | [optional] | |
| Limit | Int32 | [optional] [default to 20] |
OAuth2RefreshToken[] (PSCustomObject)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
OAuth2Client[] Invoke-OktaListUserClients
[-UserId]
List all Clients
Lists all client resources for which the specified user has grants or tokens.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
# List all Clients
try {
$Result = Invoke-OktaListUserClients -UserId $UserId
} catch {
Write-Host ("Exception occurred when calling Invoke-OktaListUserClients: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String |
OAuth2Client[] (PSCustomObject)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
OAuth2ScopeConsentGrant[] Invoke-OktaListUserGrants
[-UserId]
[-ScopeId]
[-Expand]
[-After]
[-Limit] <System.Nullable[Int32]>
List all User Grants
Lists all grants for the specified user
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
$ScopeId = "MyScopeId" # String | (optional)
$Expand = "MyExpand" # String | (optional)
$After = "MyAfter" # String | (optional)
$Limit = 56 # Int32 | (optional) (default to 20)
# List all User Grants
try {
$Result = Invoke-OktaListUserGrants -UserId $UserId -ScopeId $ScopeId -Expand $Expand -After $After -Limit $Limit
} catch {
Write-Host ("Exception occurred when calling Invoke-OktaListUserGrants: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String | ||
| ScopeId | String | [optional] | |
| Expand | String | [optional] | |
| After | String | [optional] | |
| Limit | Int32 | [optional] [default to 20] |
OAuth2ScopeConsentGrant[] (PSCustomObject)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
Group[] Invoke-OktaListUserGroups
[-UserId]
List all Groups
Fetches the groups of which the user is a member.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
# List all Groups
try {
$Result = Invoke-OktaListUserGroups -UserId $UserId
} catch {
Write-Host ("Exception occurred when calling Invoke-OktaListUserGroups: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String |
Group[] (PSCustomObject)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
IdentityProvider[] Invoke-OktaListUserIdentityProviders
[-UserId]
List all Identity Providers
Lists the IdPs associated with the user.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
# List all Identity Providers
try {
$Result = Invoke-OktaListUserIdentityProviders -UserId $UserId
} catch {
Write-Host ("Exception occurred when calling Invoke-OktaListUserIdentityProviders: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String |
IdentityProvider[] (PSCustomObject)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
User[] Invoke-OktaListUsers
[-Q]
[-After]
[-Limit] <System.Nullable[Int32]>
[-Filter]
[-Search]
[-SortBy]
[-SortOrder]
List all Users
Lists users in your organization with pagination in most cases. A subset of users can be returned that match a supported filter expression or search criteria.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$Q = "MyQ" # String | Finds a user that matches firstName, lastName, and email properties (optional)
$After = "MyAfter" # String | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](/#pagination) for more information. (optional)
$Limit = 56 # Int32 | Specifies the number of results returned. Defaults to 10 if `q` is provided. (optional) (default to 200)
$Filter = "MyFilter" # String | Filters users with a supported expression for a subset of properties (optional)
$Search = "MySearch" # String | Searches for users with a supported filtering expression for most properties. Okta recommends using this parameter for search for best performance. (optional)
$SortBy = "MySortBy" # String | (optional)
$SortOrder = "MySortOrder" # String | (optional)
# List all Users
try {
$Result = Invoke-OktaListUsers -Q $Q -After $After -Limit $Limit -Filter $Filter -Search $Search -SortBy $SortBy -SortOrder $SortOrder
} catch {
Write-Host ("Exception occurred when calling Invoke-OktaListUsers: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| Q | String | Finds a user that matches firstName, lastName, and email properties | [optional] |
| After | String | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See Pagination for more information. | [optional] |
| Limit | Int32 | Specifies the number of results returned. Defaults to 10 if `q` is provided. | [optional] [default to 200] |
| Filter | String | Filters users with a supported expression for a subset of properties | [optional] |
| Search | String | Searches for users with a supported filtering expression for most properties. Okta recommends using this parameter for search for best performance. | [optional] |
| SortBy | String | [optional] | |
| SortOrder | String | [optional] |
User[] (PSCustomObject)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
User Invoke-OktaPartialUpdateUser
[-UserId]
[-User]
[-Strict] <System.Nullable[Boolean]>
Update a User
Fetch a user by id, login, or login shortname if the short name is unambiguous.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
$PasswordCredentialHash = Initialize-PasswordCredentialHash -Algorithm "BCRYPT" -Salt "MySalt" -SaltOrder "MySaltOrder" -Value "MyValue" -WorkFactor 0
$PasswordCredentialHook = Initialize-PasswordCredentialHook -Type "MyType"
$PasswordCredential = Initialize-PasswordCredential -Hash $PasswordCredentialHash -Hook $PasswordCredentialHook -Value "MyValue"
$AuthenticationProvider = Initialize-AuthenticationProvider -Name "MyName" -Type "ACTIVE_DIRECTORY"
$RecoveryQuestionCredential = Initialize-RecoveryQuestionCredential -Answer "MyAnswer" -Question "MyQuestion"
$UserCredentials = Initialize-UserCredentials -Password $PasswordCredential -Provider $AuthenticationProvider -RecoveryQuestion $RecoveryQuestionCredential
$UpdateUserRequest = Initialize-UpdateUserRequest -Credentials $UserCredentials -VarProfile # UpdateUserRequest |
$Strict = $true # Boolean | (optional)
# Update a User
try {
$Result = Invoke-OktaPartialUpdateUser -UserId $UserId -User $User -Strict $Strict
} catch {
Write-Host ("Exception occurred when calling Invoke-OktaPartialUpdateUser: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String | ||
| User | UpdateUserRequest | ||
| Strict | Boolean | [optional] |
User (PSCustomObject)
- Content-Type: application/json
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
UserActivationToken Invoke-OktaReactivateUser
[-UserId]
[-SendEmail] <System.Nullable[Boolean]>
Reactivate a User
Reactivates a user. This operation can only be performed on users with a PROVISIONED status. This operation restarts the activation workflow if for some reason the user activation was not completed when using the activationToken from Activate User.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
$SendEmail = $true # Boolean | Sends an activation email to the user if true (optional) (default to $false)
# Reactivate a User
try {
$Result = Invoke-OktaReactivateUser -UserId $UserId -SendEmail $SendEmail
} catch {
Write-Host ("Exception occurred when calling Invoke-OktaReactivateUser: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String | ||
| SendEmail | Boolean | Sends an activation email to the user if true | [optional] [default to $false] |
UserActivationToken (PSCustomObject)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
void Remove-OktaLinkedObjectForUser
[-UserId]
[-RelationshipName]
Delete a Linked Object
Delete linked objects for a user, relationshipName can be ONLY a primary relationship name
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
$RelationshipName = "MyRelationshipName" # String |
# Delete a Linked Object
try {
$Result = Remove-OktaLinkedObjectForUser -UserId $UserId -RelationshipName $RelationshipName
} catch {
Write-Host ("Exception occurred when calling Remove-OktaLinkedObjectForUser: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String | ||
| RelationshipName | String |
void (empty response body)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
void Reset-OktaFactors
[-UserId]
Reset all Factors
This operation resets all factors for the specified user. All MFA factor enrollments returned to the unenrolled state. The user's status remains ACTIVE. This link is present only if the user is currently enrolled in one or more MFA factors.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
# Reset all Factors
try {
$Result = Reset-OktaFactors -UserId $UserId
} catch {
Write-Host ("Exception occurred when calling Reset-OktaFactors: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String |
void (empty response body)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
ResetPasswordToken Reset-OktaPassword
[-UserId]
[-SendEmail]
Reset Password
Generates a one-time token (OTT) that can be used to reset a user's password. The OTT link can be automatically emailed to the user or returned to the API caller and distributed using a custom flow.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
$SendEmail = $true # Boolean |
# Reset Password
try {
$Result = Reset-OktaPassword -UserId $UserId -SendEmail $SendEmail
} catch {
Write-Host ("Exception occurred when calling Reset-OktaPassword: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String | ||
| SendEmail | Boolean |
ResetPasswordToken (PSCustomObject)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
void Revoke-OktaGrantsForUserAndClient
[-UserId]
[-ClientId]
Revoke all Grants for a Client
Revokes all grants for the specified user and client
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
$ClientId = "MyClientId" # String |
# Revoke all Grants for a Client
try {
$Result = Revoke-OktaGrantsForUserAndClient -UserId $UserId -ClientId $ClientId
} catch {
Write-Host ("Exception occurred when calling Revoke-OktaGrantsForUserAndClient: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String | ||
| ClientId | String |
void (empty response body)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
void Revoke-OktaTokenForUserAndClient
[-UserId]
[-ClientId]
[-TokenId]
Revoke a Token for a Client
Revokes the specified refresh token.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
$ClientId = "MyClientId" # String |
$TokenId = "MyTokenId" # String |
# Revoke a Token for a Client
try {
$Result = Revoke-OktaTokenForUserAndClient -UserId $UserId -ClientId $ClientId -TokenId $TokenId
} catch {
Write-Host ("Exception occurred when calling Revoke-OktaTokenForUserAndClient: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String | ||
| ClientId | String | ||
| TokenId | String |
void (empty response body)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
void Revoke-OktaTokensForUserAndClient
[-UserId]
[-ClientId]
Revoke all Refresh Tokens for a Client
Revokes all refresh tokens issued for the specified User and Client.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
$ClientId = "MyClientId" # String |
# Revoke all Refresh Tokens for a Client
try {
$Result = Revoke-OktaTokensForUserAndClient -UserId $UserId -ClientId $ClientId
} catch {
Write-Host ("Exception occurred when calling Revoke-OktaTokensForUserAndClient: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String | ||
| ClientId | String |
void (empty response body)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
void Revoke-OktaUserGrant
[-UserId]
[-GrantId]
Revoke a User Grant
Revokes one grant for a specified user
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
$GrantId = "MyGrantId" # String |
# Revoke a User Grant
try {
$Result = Revoke-OktaUserGrant -UserId $UserId -GrantId $GrantId
} catch {
Write-Host ("Exception occurred when calling Revoke-OktaUserGrant: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String | ||
| GrantId | String |
void (empty response body)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
void Revoke-OktaUserGrants
[-UserId]
Revoke all User Grants
Revokes all grants for a specified user
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
# Revoke all User Grants
try {
$Result = Revoke-OktaUserGrants -UserId $UserId
} catch {
Write-Host ("Exception occurred when calling Revoke-OktaUserGrants: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String |
void (empty response body)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
void Set-OktaLinkedObjectForUser
[-AssociatedUserId]
[-PrimaryRelationshipName]
[-PrimaryUserId]
Create a Linked Object for two User
Sets a linked object for two users.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$AssociatedUserId = "MyAssociatedUserId" # String |
$PrimaryRelationshipName = "MyPrimaryRelationshipName" # String |
$PrimaryUserId = "MyPrimaryUserId" # String |
# Create a Linked Object for two User
try {
$Result = Set-OktaLinkedObjectForUser -AssociatedUserId $AssociatedUserId -PrimaryRelationshipName $PrimaryRelationshipName -PrimaryUserId $PrimaryUserId
} catch {
Write-Host ("Exception occurred when calling Set-OktaLinkedObjectForUser: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| AssociatedUserId | String | ||
| PrimaryRelationshipName | String | ||
| PrimaryUserId | String |
void (empty response body)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
void Suspend-OktaUser
[-UserId]
Suspend a User
Suspends a user. This operation can only be performed on users with an ACTIVE status. The user will have a status of SUSPENDED when the process is complete.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
# Suspend a User
try {
$Result = Suspend-OktaUser -UserId $UserId
} catch {
Write-Host ("Exception occurred when calling Suspend-OktaUser: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String |
void (empty response body)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
void Unlock-OktaUser
[-UserId]
Unlock a User
Unlocks a user with a LOCKED_OUT status and returns them to ACTIVE status. Users will be able to login with their current password.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
# Unlock a User
try {
$Result = Unlock-OktaUser -UserId $UserId
} catch {
Write-Host ("Exception occurred when calling Unlock-OktaUser: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String |
void (empty response body)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
void Invoke-OktaUnsuspendUser
[-UserId]
Unsuspend a User
Unsuspends a user and returns them to the ACTIVE state. This operation can only be performed on users that have a SUSPENDED status.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
# Unsuspend a User
try {
$Result = Invoke-OktaUnsuspendUser -UserId $UserId
} catch {
Write-Host ("Exception occurred when calling Invoke-OktaUnsuspendUser: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String |
void (empty response body)
- Content-Type: Not defined
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]
User Update-OktaUser
[-UserId]
[-User]
[-Strict] <System.Nullable[Boolean]>
Replace a User
Update a user's profile and/or credentials using strict-update semantics.
# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-OktaConfiguration
# Configure your client ID and scope for authorization
$Configuration.ClientId = "YOUR_CLIENT_ID"
$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
$UserId = "MyUserId" # String |
$PasswordCredentialHash = Initialize-PasswordCredentialHash -Algorithm "BCRYPT" -Salt "MySalt" -SaltOrder "MySaltOrder" -Value "MyValue" -WorkFactor 0
$PasswordCredentialHook = Initialize-PasswordCredentialHook -Type "MyType"
$PasswordCredential = Initialize-PasswordCredential -Hash $PasswordCredentialHash -Hook $PasswordCredentialHook -Value "MyValue"
$AuthenticationProvider = Initialize-AuthenticationProvider -Name "MyName" -Type "ACTIVE_DIRECTORY"
$RecoveryQuestionCredential = Initialize-RecoveryQuestionCredential -Answer "MyAnswer" -Question "MyQuestion"
$UserCredentials = Initialize-UserCredentials -Password $PasswordCredential -Provider $AuthenticationProvider -RecoveryQuestion $RecoveryQuestionCredential
$UserType = Initialize-UserType -Created (Get-Date) -CreatedBy "MyCreatedBy" -Default $false -Description "MyDescription" -DisplayName "MyDisplayName" -Id "MyId" -LastUpdated (Get-Date) -LastUpdatedBy "MyLastUpdatedBy" -Name "MyName" -Links @{ key_example = }
$User = Initialize-User -Activated (Get-Date) -Created (Get-Date) -Credentials $UserCredentials -Id "MyId" -LastLogin (Get-Date) -LastUpdated (Get-Date) -PasswordChanged (Get-Date) -VarProfile -Status "ACTIVE" -StatusChanged (Get-Date) -TransitioningToStatus "ACTIVE" -Type $UserType -Embedded @{ key_example = } -Links @{ key_example = } # User |
$Strict = $true # Boolean | (optional)
# Replace a User
try {
$Result = Update-OktaUser -UserId $UserId -User $User -Strict $Strict
} catch {
Write-Host ("Exception occurred when calling Update-OktaUser: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}| Name | Type | Description | Notes |
|---|---|---|---|
| UserId | String | ||
| User | User | ||
| Strict | Boolean | [optional] |
User (PSCustomObject)
- Content-Type: application/json
- Accept: application/json
[Back to top] [Back to API list] [Back to Model list] [Back to README]