We’re currently connecting to Okta using the Okta Java SDK and an API Token provided by our user/customer. We pull Users, Groups, and the default Schema. An API Token generated by a Super Administrator allows us these 3 permissions, but an API Token created by, for example, a Read-Only Administrator, only gives us okta.groups.read and okta.users.read permissions, not okta.schemas.read.
Is there any way to add okta.schemas.read permissions to a role in Okta?
Hi @tjpspf !
Okta has a couple options that might help you out:
Custom Admin Roles
This allows you to give specific permissions to your admin users, it sounds like your “Read-Only” admin is missing a few things:
OAuth for Okta APIs (Recommended)
You can access Okta’s API using an OAuth access token.
TL;DR You would define a new OAuth Application and use the related credentials instead of a static API token. (You would scope this application’s access to just the 3 permissions your application needs access to)
Yes, but are Custom Admin Roles able to view Schemas? I wasn’t seeing Schema permissions anywhere when I went to make a Custom Admin Role.