okta_api v0.1.14 Okta.Users View Source
The Okta.Users module provides access methods to the Okta Users API.
All methods require a Tesla Client struct created with Okta.client(base_url, api_key).
Examples
client = Okta.Client("https://dev-000000.okta.com", "thisismykeycreatedinokta")
{:ok, result, _env} = Okta.Users.list_users(client)Link to this section Summary
Functions
Activates a user.
Changes a user's password by validating the user's current password
Changes a user's recovery question & answer credential by validating the user's current password.
Removes all active identity provider sessions. This forces the user to authenticate on the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user.
Creates a new user in your Okta organization with or without credentials.
Creates a user without a recovery question & answer.
Creates a new passwordless user with a SOCIAL or FEDERATION authentication
provider that must be authenticated via a trusted Identity Provider.
Deactivates a user.
Deletes a user permanently. This operation can only be performed on users
that have a DEPROVISIONED status. This action cannot be recovered!.
This operation transitions the user status to PASSWORD_EXPIRED so that the user is required to change their password at their next login.
Shortcut method to use list_users with a filter parameter. Lists all users
that match the filter criteria.
Shortcut method to use list_users with a q parameter.
Generates a one-time token (OTT) that can be used to reset a user's password.
Sets a new password for a user by validating the user's answer to their current recovery question.
Fetches appLinks for all direct or indirect (via group membership) assigned applications.
Fetches the current user linked to API token or session cookie.
Fetches the groups of which the user is a member.
Fetch a user by id, login, or login shortname if the short name is unambiguous.
Lists all active users. ie. Users that have a status of ACTIVE.
Lists all deprovisioned users. ie. Users that have a status of DEPROVISIONED.
Lists all locked out users. ie. Users that have a status of LOCKED_OUT.
Lists all password expired users. ie. Users that have a status of PASSWORD_EXPIRED.
Lists all provisioned users. ie. Users that have a status of PROVISIONED.
Lists all password recovery users. ie. Users that have a status of RECOVERY.
Lists all staged users. ie. Users that have a status of STAGED.
Lists users in your organization with pagination in most cases
Lists all users who are active and were updated after a certain date and time.
Reactivates a user.
Generates a one-time token (OTT) that can be used to reset a user's password. The OTT link can be automatically emailed to the user or returned to the API caller and distributed using a custom flow.
Shortcut method to use list_users with a search parameter. Searches for
users based on the properties specified in the search_term.
Sets passwords without validating existing user credentials
Sets recovery question and answer without validating existing user credentials.
Suspends a user
Unlocks a user with a LOCKED_OUT status and returns them to ACTIVE status.
Users will be able to login with their current password.
Unsuspends a user and returns them to the ACTIVE state.
Updates a user's profile or credentials with partial update semantics.
Updates a user's profile and/or credentials using strict-update semantics.
Link to this section Functions
activate_user(client, user_id, send_email \\ false)
View Sourceactivate_user(Okta.client(), String.t(), boolean()) :: Okta.result()
Activates a user.
This operation can only be performed on users with a STAGED status.
Activation of a user is an asynchronous operation.
The user's transitioningToStatus property has a value of ACTIVE during
activation to indicate that the user hasn't completed the asynchronous
operation.
The user's status is ACTIVE when the activation process is complete.
Users who don't have a password must complete the welcome flow by visiting
the activation link to complete the transition to ACTIVE status.
https://developer.okta.com/docs/reference/api/users/#activate-user
change_password(client, user_id, old_password, new_password, strict \\ false)
View Sourcechange_password(Okta.client(), String.t(), String.t(), String.t(), boolean()) :: Okta.result()
Changes a user's password by validating the user's current password
This operation can only be performed on users in STAGED, ACTIVE,
PASSWORD_EXPIRED, or RECOVERY status that have a valid password credential.
https://developer.okta.com/docs/reference/api/users/#change-password
change_recovery_credential(client, user_id, password, question, answer)
View Sourcechange_recovery_credential( Okta.client(), String.t(), String.t(), String.t(), String.t() ) :: Okta.result()
Changes a user's recovery question & answer credential by validating the user's current password.
This operation can only be performed on users in STAGED, ACTIVE or
RECOVERY status that have a valid password credential.
https://developer.okta.com/docs/reference/api/users/#change-recovery-question
clear_user_sessions(client, user_id, oauth_tokens \\ false)
View Sourceclear_user_sessions(Okta.client(), String.t(), boolean()) :: Okta.result()
Removes all active identity provider sessions. This forces the user to authenticate on the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user.
https://developer.okta.com/docs/reference/api/users/#clear-user-sessions
create_user(client, profile, activate \\ true, opts \\ [])
View Sourcecreate_user(Okta.client(), map(), boolean(), keyword()) :: Okta.result()
Creates a new user in your Okta organization with or without credentials.
https://developer.okta.com/docs/reference/api/users/#create-user
create_user_with_password(client, profile, password, activate \\ true, opts \\ [])
View Sourcecreate_user_with_password( Okta.client(), map(), String.t(), boolean(), keyword() ) :: Okta.result()
Creates a user without a recovery question & answer.
https://developer.okta.com/docs/reference/api/users/#create-user-with-password
create_user_with_provider(client, profile, provider_type, provider_name, activate \\ true, opts \\ [])
View Sourcecreate_user_with_provider( Okta.client(), map(), String.t(), String.t(), boolean(), keyword() ) :: Okta.result()
Creates a new passwordless user with a SOCIAL or FEDERATION authentication
provider that must be authenticated via a trusted Identity Provider.
https://developer.okta.com/docs/reference/api/users/#create-user-with-authentication-provider
deactivate_user(client, user_id, send_email \\ false)
View Sourcedeactivate_user(Okta.client(), String.t(), boolean()) :: Okta.result()
Deactivates a user.
This operation can only be performed on users that do not have a
DEPROVISIONED status. Deactivation of a user is an asynchronous operation.
The user's transitioningToStatus property is DEPROVISIONED during
deactivation to indicate that the user hasn't completed the asynchronous
operation.
The user's status is DEPROVISIONED when the deactivation process is
complete.
https://developer.okta.com/docs/reference/api/users/#deactivate-user
delete_user(client, user_id, send_email \\ false)
View Sourcedelete_user(Okta.client(), String.t(), boolean()) :: Okta.result()
Deletes a user permanently. This operation can only be performed on users
that have a DEPROVISIONED status. This action cannot be recovered!.
https://developer.okta.com/docs/reference/api/users/#delete-user
expire_passsword(client, user_id, temp_password \\ false)
View Sourceexpire_passsword(Okta.client(), String.t(), boolean()) :: Okta.result()
This operation transitions the user status to PASSWORD_EXPIRED so that the user is required to change their password at their next login.
If tempPassword is included in the request, the user's password is reset to a temporary password that is returned, and then the temporary password is expired.
https://developer.okta.com/docs/reference/api/users/#expire-password
filter_users(client, filter, opts \\ [])
View Sourcefilter_users(Okta.client(), String.t(), keyword()) :: Okta.result()
Shortcut method to use list_users with a filter parameter. Lists all users
that match the filter criteria.
See https://developer.okta.com/docs/reference/api/users/#list-users-with-a-filter for details.
And https://developer.okta.com/docs/reference/api-overview/#filtering on how Okta supports filters
find_users(client, query, opts \\ [])
View Sourcefind_users(Okta.client(), String.t(), keyword()) :: Okta.result()
Shortcut method to use list_users with a q parameter.
Finds users who match the specified query with a simple lookup of users by name, for example when creating a people picker. The value of query is matched against firstName, lastName, or email.
https://developer.okta.com/docs/reference/api/users/#find-users
forgot_password(client, user_id, send_email \\ true)
View Sourceforgot_password(Okta.client(), String.t(), boolean()) :: Okta.result()
Generates a one-time token (OTT) that can be used to reset a user's password.
The user will be required to validate their security question's answer when
visiting the reset link. This operation can only be performed on users with
an ACTIVE status and a valid recovery question credential.
https://developer.okta.com/docs/reference/api/users/#forgot-password
forgot_password_with_security_answer(client, user_id, security_answer, new_password)
View Sourceforgot_password_with_security_answer( Okta.client(), String.t(), String.t(), String.t() ) :: Okta.result()
Sets a new password for a user by validating the user's answer to their current recovery question.
https://developer.okta.com/docs/reference/api/users/#forgot-password
get_assigned_applinks(client, user_id)
View Sourceget_assigned_applinks(Okta.client(), String.t()) :: Okta.result()
Fetches appLinks for all direct or indirect (via group membership) assigned applications.
https://developer.okta.com/docs/reference/api/users/#get-assigned-app-links
get_current_user(client)
View Sourceget_current_user(Okta.client()) :: Okta.result()
Fetches the current user linked to API token or session cookie.
https://developer.okta.com/docs/reference/api/users/#get-current-user
get_groups_for_user(client, user_id)
View Sourceget_groups_for_user(Okta.client(), String.t()) :: Okta.result()
Fetches the groups of which the user is a member.
https://developer.okta.com/docs/reference/api/users/#get-user-s-groups
get_user(client, user)
View Sourceget_user(Okta.client(), String.t()) :: Okta.result()
Fetch a user by id, login, or login shortname if the short name is unambiguous.
https://developer.okta.com/docs/reference/api/users/#get-user
list_active_users(client, opts \\ [])
View Sourcelist_active_users(Okta.client(), keyword()) :: Okta.result()
Lists all active users. ie. Users that have a status of ACTIVE.
list_deprovisioned_users(client, opts \\ [])
View Sourcelist_deprovisioned_users(Okta.client(), keyword()) :: Okta.result()
Lists all deprovisioned users. ie. Users that have a status of DEPROVISIONED.
list_locked_users(client, opts \\ [])
View Sourcelist_locked_users(Okta.client(), keyword()) :: Okta.result()
Lists all locked out users. ie. Users that have a status of LOCKED_OUT.
list_password_expired_users(client, opts \\ [])
View Sourcelist_password_expired_users(Okta.client(), keyword()) :: Okta.result()
Lists all password expired users. ie. Users that have a status of PASSWORD_EXPIRED.
list_provisioned_users(client, opts \\ [])
View Sourcelist_provisioned_users(Okta.client(), keyword()) :: Okta.result()
Lists all provisioned users. ie. Users that have a status of PROVISIONED.
list_recovery_users(client, opts \\ [])
View Sourcelist_recovery_users(Okta.client(), keyword()) :: Okta.result()
Lists all password recovery users. ie. Users that have a status of RECOVERY.
list_staged_users(client, opts \\ [])
View Sourcelist_staged_users(Okta.client(), keyword()) :: Okta.result()
Lists all staged users. ie. Users that have a status of STAGED.
list_users(client, opts \\ [])
View Sourcelist_users(Okta.client(), keyword()) :: Okta.result()
Lists users in your organization with pagination in most cases
A subset of users can be returned that match a supported filter expression or search criteria.
See https://developer.okta.com/docs/reference/api/users/#list-users for optional parameters that can be passed in.
##Example
{:ok, result} = Okta.Users.list_users(client, q: "Noah", limit: 10, after: 200)list_users_updated_after(client, updated_at, opts \\ [])
View Sourcelist_users_updated_after(Okta.client(), Calendar.datetime(), keyword()) :: Okta.result()
Lists all users who are active and were updated after a certain date and time.
reactivate_user(client, user_id, send_email \\ false)
View Sourcereactivate_user(Okta.client(), String.t(), boolean()) :: Okta.result()
Reactivates a user.
This operation can only be performed on users with a PROVISIONED status.
This operation restarts the activation workflow if for some reason the user
activation was not completed when using the activationToken from Activate User.
Users that don't have a password must complete the flow by completing Reset
Password and MFA enrollment steps to transition the user to ACTIVE status.
https://developer.okta.com/docs/reference/api/users/#reactivate-user
reset_password(client, user_id, send_email \\ false)
View Sourcereset_password(Okta.client(), String.t(), boolean()) :: Okta.result()
Generates a one-time token (OTT) that can be used to reset a user's password. The OTT link can be automatically emailed to the user or returned to the API caller and distributed using a custom flow.
This operation will transition the user to the status of RECOVERY and the
user will not be able to login or initiate a forgot password flow until they
complete the reset flow.
https://developer.okta.com/docs/reference/api/users/#reset-password
search_users(client, search_term, opts \\ [])
View Sourcesearch_users(Okta.client(), String.t(), keyword()) :: Okta.result()
Shortcut method to use list_users with a search parameter. Searches for
users based on the properties specified in the search_term.
See https://developer.okta.com/docs/reference/api/users/#list-users-with-search for details.
set_password(client, user_id, password)
View Sourceset_password(Okta.client(), String.t(), String.t()) :: Okta.result()
Sets passwords without validating existing user credentials
This is an administrative operation. For an operation that requires validation
see change_password/4.
https://developer.okta.com/docs/reference/api/users/#set-password
set_recovery_credential(client, user_id, question, answer)
View Sourceset_recovery_credential(Okta.client(), String.t(), String.t(), String.t()) :: Okta.result()
Sets recovery question and answer without validating existing user credentials.
This is an administrative operation. For an operation that requires validation
see change_recovery_credential/5
https://developer.okta.com/docs/reference/api/users/#set-recovery-question-answer
suspend_user(client, user_id)
View Sourcesuspend_user(Okta.client(), String.t()) :: Okta.result()
Suspends a user
This operation can only be performed on users with an ACTIVE status. The
user has a status of SUSPENDED when the process is complete.
https://developer.okta.com/docs/reference/api/users/#suspend-user
unlock_user(client, user_id)
View Sourceunlock_user(Okta.client(), String.t()) :: Okta.result()
Unlocks a user with a LOCKED_OUT status and returns them to ACTIVE status.
Users will be able to login with their current password.
https://developer.okta.com/docs/reference/api/users/#unlock-user
unsuspend_user(client, user_id)
View Sourceunsuspend_user(Okta.client(), String.t()) :: Okta.result()
Unsuspends a user and returns them to the ACTIVE state.
https://developer.okta.com/docs/reference/api/users/#unsuspend-user
update_profile(client, user_id, data, query_params \\ [])
View Sourceupdate_profile(Okta.client(), String.t(), map(), keyword()) :: Okta.result()
Updates a user's profile or credentials with partial update semantics.
https://developer.okta.com/docs/reference/api/users/#update-profile
update_user(client, user_id, data, query_params \\ [])
View Sourceupdate_user(Okta.client(), String.t(), map(), keyword()) :: Okta.result()
Updates a user's profile and/or credentials using strict-update semantics.
All profile properties must be specified, any property not specified in the request is deleted.
https://developer.okta.com/docs/reference/api/users/#update-user