Integration with Okta (User APIs) in Salesforce
1. User Fetching from Okta -
Get User API -
- API URL - https://{!comapny}.okta.com/api/v1/users/{!username}
- Method - GET
- Headers -
- Accept, application/json
- Authorization, SSWS token
- Content-Type, application/json
We will get to SSWS token later
- Response Body if the user is already there:
{ "id": "00up6awprUdDQJw9v355", "status": "ACTIVE", "created": "2018-08-13T16:08:52.000Z", "activated": "2018-08-13T16:08:52.000Z", "statusChanged": "2018-08-13T16:08:52.000Z", "lastLogin": null, "lastUpdated": "2018-08-13T16:08:52.000Z", "passwordChanged": "2018-08-13T16:08:52.000Z", "profile": { "firstName": "Isaac", "lastName": "Brock", "mobilePhone": null, "secondEmail": null, "login": "[email protected]", "email": "[email protected]" }, "credentials": { "password": {}, "recovery_question": { "question": "" }, "provider": { "type": "OKTA", "name": "OKTA" } }, "_links": { "suspend": { "href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/lifecycle/suspend", "method": "POST" }, "resetPassword": { "href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/lifecycle/reset_password", "method": "POST" }, "forgotPassword": { "href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/credentials/forgot_password", "method": "POST" }, "expirePassword": { "href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/lifecycle/expire_password", "method": "POST" }, "changeRecoveryQuestion": { "href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/credentials/change_recovery_question", "method": "POST" }, "self": { "href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355" }, "changePassword": { "href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/credentials/change_password", "method": "POST" }, "deactivate": { "href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/lifecycle/deactivate", "method": "POST" } } }
You can map the required fields to your wrapper class.
Sample code in Salesforce:
Http testHttp2 = new Http();
HttpRequest testreq2 = new HttpRequest();
testreq2.setEndpoint(‘https://{!comapny}.okta.com/api/v1/users/{!username}’);
testreq2 .setMethod('GET');
testreq2 .setHeader('Accept', 'application/json');
testreq2 .setHeader('Authorization', 'SSWS '+{!Token});
testreq2 .setHeader('Content-Type', 'application/json');
HttpResponse testres2 = testHttp2 .send(testreq2 );
System.debug('body22222===='+testres2 .getBody());
I am getting user through its okta Username, you can also get the user by its okta user Id. just replace the username in endpoint with Id. For example -
https://{!comapny}.okta.com/api/v1/users/{!OktaUserId}
2. User Creation in Okta -
Note - I am creating User in Okta with these following fields, you can include more fields if you want -
- Username
- FirstName
- LastName
When Users are created, they will get mail from Okta to activate their account.
- API url - https://{!company}.okta.com/api/v1/users?activate=true
- Method - POST
- Headers -
- Accept, application/jsonAuthorization, SSWS token
- Content-Type, application/json
- Body - '{ "profile": { "firstName": "'+u.FirstName+'", "lastName": "'+u.LastName+'", "email": "'+u.Email+'", "login": "'+u.Username+'" } }'
- Response Body -
{ "id": "00up6awprUdDQJw9v355", "status": "ACTIVE", "created": "2018-08-13T16:08:52.000Z", "activated": "2018-08-13T16:08:52.000Z", "statusChanged": "2018-08-13T16:08:52.000Z", "lastLogin": null, "lastUpdated": "2018-08-13T16:08:52.000Z", "passwordChanged": "2018-08-13T16:08:52.000Z", "profile": { "firstName": "Isaac", "lastName": "Brock", "mobilePhone": null, "secondEmail": null, "login": "[email protected]", "email": "[email protected]" }, "credentials": { "password": {}, "recovery_question": { "question": "" }, "provider": { "type": "OKTA", "name": "OKTA" } }, "_links": { "suspend": { "href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/lifecycle/suspend", "method": "POST" }, "resetPassword": { "href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/lifecycle/reset_password", "method": "POST" }, "forgotPassword": { "href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/credentials/forgot_password", "method": "POST" }, "expirePassword": { "href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/lifecycle/expire_password", "method": "POST" }, "changeRecoveryQuestion": { "href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/credentials/change_recovery_question", "method": "POST" }, "self": { "href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355" }, "changePassword": { "href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/credentials/change_password", "method": "POST" }, "deactivate": { "href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/lifecycle/deactivate", "method": "POST" } } }
Similarly, the mapped required fields to your wrapper class as earlier.
Sample code in Salesforce:
Http testhttp3 = new Http();
HttpRequest testreq3 = new HttpRequest();
testreq3.setEndpoint(‘https://{!company}.okta.com/api/v1/users?activate=true’);
testreq3 .setMethod('POST');
testreq3 .setHeader('Accept', 'application/json');
testreq3 .setHeader('Authorization', 'SSWS '+{!Token});
testreq3 .setHeader('Content-Type', 'application/json');
testreq3 .setBody('{ "profile": { "firstName": "'+u.FirstName+'", "lastName": "'+u.LastName+'", "email": "'+u.Email+'", "login": "'+u.Username+'" } }');
HttpResponse testres3 = testhttp3.send(testreq3 );
System.debug('body22222===='+testres3 .getBody());
Note - You can create only one user per API hit in Okta, so for creating multiple users write the above code in batch and run the batch with a maximum of 100 batch size.
3. User Updation in Okta -
User updating API -
Note - I am updating User in Okta with these following fields -
- Username
- FirstName
- LastName
You can provide more fields in the request body.
- API url - https://{!company}.okta.com/api/v1/users/{!username}
- Method - POST
- Headers -
- Accept, application/json
- Authorization, SSWS token
- Content-Type, application/json
- Body - '{ "profile": { "firstName": "'+u.FirstName+'", "lastName": "'+u.LastName+'", "email": "'+u.Email+'", "login": "'+u.Username+'" } }'
- Response Body -
{ "id": "00up6awprUdDQJw9v355", "status": "ACTIVE", "created": "2018-08-13T16:08:52.000Z", "activated": "2018-08-13T16:08:52.000Z", "statusChanged": "2018-08-13T16:08:52.000Z", "lastLogin": null, "lastUpdated": "2018-08-13T16:08:52.000Z", "passwordChanged": "2018-08-13T16:08:52.000Z", "profile": { "firstName": "Isaac", "lastName": "Brock", "mobilePhone": null, "secondEmail": null, "login": "[email protected]", "email": "[email protected]" }, "credentials": { "password": {}, "recovery_question": { "question": "" }, "provider": { "type": "OKTA", "name": "OKTA" } }, "_links": { "suspend": { "href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/lifecycle/suspend", "method": "POST" }, "resetPassword": { "href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/lifecycle/reset_password", "method": "POST" }, "forgotPassword": { "href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/credentials/forgot_password", "method": "POST" }, "expirePassword": { "href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/lifecycle/expire_password", "method": "POST" }, "changeRecoveryQuestion": { "href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/credentials/change_recovery_question", "method": "POST" }, "self": { "href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355" }, "changePassword": { "href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/credentials/change_password", "method": "POST" } "deactivate": { "href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/lifecycle/deactivate", "method": "POST" } } }
As earlier I have discussed you can get a user with its username or its Id, similarly, we can update the user with its username or its Okta user Id, just change the API Url to this - ‘https://{!company}.okta.com/api/v1/users/{!OktaUserId}’.
How to get SSWS Token to access Okta APIs?
Steps:
- Go to the Security tab on your Okta account and click API in the dropdown menu.
- Click on Create Token button.
- This will open a pop-up, where you have to provide a name for your token
- Click Create Token on pop up.
- Copy the token, click on OK, got it button (Remember this token is visible only the time of creating it so save it somewhere).
Now use this token in the header to access the Okta User APIs.
Hi shariq,
Is there a method to receive the SSWS Access Token during Okta sign-in, on the fly?
Without manually creating an Token in Okta.
Regards,
Parikhit.