REST API: Getting SAML user role ARNs from AWS app

wolfwin · October 19, 2020, 5:32pm

Hello,
I would like to use the rest api to get the list of AWS IAM role ARNs assigned to a particular application user. I am able to do this in the somewhat piecemeal way below – but is there is a better way of doing this?

Get the app:
GET /api/v1/apps/<my app id>
Locate and extract the aws account id from the identity provider arn in the response to 1:
“settings” -> “app” -> “identityProviderArn”
Get the app user:
GET /api/v1/apps/<my app id>/users
Locate the SAML roles from the user profile in the response from 3.
"profile" -> "samlRoles"
Construct the aws role arns from 2. and 4.

Lijia · October 21, 2020, 4:31pm

@wolfwin Can you please open a support ticket through an email to support@okta.com with this issue? One of our Technical Support Engineers will take the case and assist you in narrowing down the cause of the issue.

bruno.souza · January 19, 2022, 9:23pm

https://{url}/api/v1/apps?filter=user.id+eq+"{userid}"&expand=user/{userid}

system · February 8, 2024, 9:19pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.