Accessing Admin controls using OAuth

hananel · February 23, 2022, 3:26pm

Hi,

Is there a way to access the following endpoints using an OAuth? (e.g. an “app integration” of the “OIDC - OpenID Connect” type):

Security notifications - a way to see if configurations such as “Report suspicious activity via email” are enabled?
API tokens - who issued? are they active? did an admin issue an API token?
Missing supported saml apps - a way to see (via OAuth API) if my apps have the “SIGN ON METHODS” configured to support “SAML”
Threat insights - a way to see the Okta ThreatInsight Settings such as “Log and block authentication attempts from malicious IPs”?
Multi factors - access and see all my MFA in the multifactor authentication section under security?
Health check - all the HealthInsight section, any way to consume it?

It just seems that the endpoints are very limited, and don’t include all we need. Is there a way to formally request to expose these endpoints?

Thank you!

erik · February 23, 2022, 6:41pm

Hello,

All of the Okta “supported” public APIs can be found here.
All APIs support the use of an API Token and most also support OAuth.
Instructions to setup OAuth integration for Okta APIs can be found here.

Usually I will first use an API Token to get a particular API to work. After that I will test with OAuth for a super admin user using an OIDC application with all Okta scopes granted. If the call works with the API Token, but not OAuth then that endpoint might not support OAuth yet. If you run into this let us know the exact endpoint and we can verify if it should work or not.

hananel · February 24, 2022, 7:16am

Hi @erik,

Thank you for your response! Much appreciated.
Threat insights is a supported API token that doesn’t work for me in OAuth.

While not an official end-point, I was able to access using an API token the following:
https://{my_domain}.okta.com/api/internal/admin/notification
but this doesn’t work in OAuth. Is there a reason for this? A workaround? A way to request making this an official supported OAuth end-point?

Thank you!

andrea · February 24, 2022, 4:29pm

Important note: Internal endpoints like this are not publicly supported and their implementation can change at any time, thus we do not recommend that any solutions be built around them as they can stop working without notification.

As this is not a public endpoint, it is also not intended for use with OAuth tokens.

hananel · February 24, 2022, 4:41pm

Thanks, @andrea.
Makes perfect sense. Is there a way to request specific Internal endpoints to become Publicly supported?

erik · February 24, 2022, 8:59pm

Any type of feature request can be done at ideas.okta.com.

system · February 25, 2022, 8:59pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.