Okta Group Push via API



we are using the recently released Group Push functionality through which you can push groups from Okta to an AD thus making Okta the owner of the group.

What I haven’t found yet is a way to trigger that push via API as we need to do that for more than 1000 groups…

Has anyone figured out if and how it works?

Best regards,


Hello, I have the same problem.

Easiest way is to trigger admin panel private API. Be careful with that as private API’s are for internal use only and can change without any notice as well as harm your instance if used with errors.

In my case it looks like:

curl ‘https://{{tenant-admin}}.okta.com/api/internal/instance/{{appId}}/grouppush/{{mappingId}}’
-H ‘Cookie: {{cookies}}’
-H ‘Origin: https://{{tenant-admin}}.okta.com’
-H ‘Accept-Encoding: gzip, deflate, br’
-H ‘X-Okta-XsrfToken: {{token}}’
-H ‘Accept-Language: en-US,en;q=0.9,ru;q=0.8’
-H ‘User-Agent: {{userAgent}}’
-H ‘Content-Type: application/json’
-H ‘Accept: application/json, text/javascript, /; q=0.01’
-H ‘Referer: https://{{tenant-admin}}.okta.com/admin/app/{{appName}}/instance/{{appId}}/’
-H ‘X-Requested-With: XMLHttpRequest’
-H ‘Connection: keep-alive’
–data-binary ‘{“action”:“PUSH”}’


Hi Andrey,

thanks for this!
First time I hear about this. Do you know if there is any documentation on that? Just googled it but couldn’t find anything.
Apart from making sure not to cause any harm, I’m wondering what values I would populate
And how do you get the group’s {{mappingId}}?
Thanks a lot!
Best regards,


Also interested in other private API functions


Private APIs are not documented publicly.

{{cookies}}, {{userAgent}}, {{mappingId}} are your own cookie, browser userAgent and group mappingId from your tenant.

You can use Chrome DevTools to track these fields and copy necessary data to Postman or curl. Just check there what is happening when you do click on ‘Push now’ button in Okta UI.