> ## Documentation Index
> Fetch the complete documentation index at: https://specterops-bp-2735-release-notes.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Schema

> Okta extension schema definition

<img noZoom src="https://mintcdn.com/specterops-bp-2735-release-notes/2djt2Sp9UeFPjBFr/assets/enterprise-AND-community-edition-pill-tag.svg?fit=max&auto=format&n=2djt2Sp9UeFPjBFr&q=85&s=a791748158fde5ff3b3b82b51497ab39" alt="Applies to BloodHound Enterprise and CE" width="482" height="45" data-path="assets/enterprise-AND-community-edition-pill-tag.svg" />

## Metadata

**Name:** SOOkta<br />
**Display Name:** Okta Extension (by SpecterOps)<br />
**Version:** v2.8.1<br />
**Namespace:** Okta<br />
**Environment Kind:** Okta\_Organization<br />
**Source Kind:** Okta

<Info>
  This file is automatically generated from the [extension schema definition file](https://github.com/SpecterOps/openhound-okta/blob/main/extension/schema.json).
</Info>

## Nodes

| Icon                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | Node Kind                                                                                  | Display Name                 |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------ | ---------------------------- |
| <img src="https://mintcdn.com/specterops-bp-2735-release-notes/SvzZMnif6hz1cTxm/images/extensions/okta/okta_agent.png?fit=max&auto=format&n=SvzZMnif6hz1cTxm&q=85&s=ea4d722bfffbaed151afe9e516e0ea01" alt="Okta_Agent" width="32" height="32" data-path="images/extensions/okta/okta_agent.png" />                                                                                                                                                 | [Okta\_Agent](/opengraph/extensions/okta/nodes/okta_agent)                                 | Okta Agent                   |
| <img src="https://mintcdn.com/specterops-bp-2735-release-notes/SvzZMnif6hz1cTxm/images/extensions/okta/okta_agentpool.png?fit=max&auto=format&n=SvzZMnif6hz1cTxm&q=85&s=ace9d96c8fdf2cacc2dc8222991edc1c" alt="Okta_AgentPool" width="32" height="32" data-path="images/extensions/okta/okta_agentpool.png" />                                                                                                             | [Okta\_AgentPool](/opengraph/extensions/okta/nodes/okta_agentpool)                         | Okta Agent Pool              |
| <img src="https://mintcdn.com/specterops-bp-2735-release-notes/SvzZMnif6hz1cTxm/images/extensions/okta/okta_apiserviceintegration.png?fit=max&auto=format&n=SvzZMnif6hz1cTxm&q=85&s=01ba1713c4bcb51fb6e046c3cd377c37" alt="Okta_ApiServiceIntegration" width="32" height="32" data-path="images/extensions/okta/okta_apiserviceintegration.png" /> | [Okta\_ApiServiceIntegration](/opengraph/extensions/okta/nodes/okta_apiserviceintegration) | Okta API Service Integration |
| <img src="https://mintcdn.com/specterops-bp-2735-release-notes/SvzZMnif6hz1cTxm/images/extensions/okta/okta_apitoken.png?fit=max&auto=format&n=SvzZMnif6hz1cTxm&q=85&s=57de0cc148b035c9a4a53ed8dfcd976e" alt="Okta_ApiToken" width="32" height="32" data-path="images/extensions/okta/okta_apitoken.png" />                                                                                                                      | [Okta\_ApiToken](/opengraph/extensions/okta/nodes/okta_apitoken)                           | Okta API Token               |
| <img src="https://mintcdn.com/specterops-bp-2735-release-notes/JRxjxGtPjT-Lu7sy/images/extensions/okta/okta_application.png?fit=max&auto=format&n=JRxjxGtPjT-Lu7sy&q=85&s=0948035797febff691aa48428f2ff95c" alt="Okta_Application" width="32" height="32" data-path="images/extensions/okta/okta_application.png" />                                                                                           | [Okta\_Application](/opengraph/extensions/okta/nodes/okta_application)                     | Okta Application             |
| <img src="https://mintcdn.com/specterops-bp-2735-release-notes/JRxjxGtPjT-Lu7sy/images/extensions/okta/okta_authorizationserver.png?fit=max&auto=format&n=JRxjxGtPjT-Lu7sy&q=85&s=6f06da60c839bc8c13a3ce55eec5b87b" alt="Okta_AuthorizationServer" width="32" height="32" data-path="images/extensions/okta/okta_authorizationserver.png" />                   | [Okta\_AuthorizationServer](/opengraph/extensions/okta/nodes/okta_authorizationserver)     | Okta Authorization Server    |
| <img src="https://mintcdn.com/specterops-bp-2735-release-notes/JRxjxGtPjT-Lu7sy/images/extensions/okta/okta_clientsecret.png?fit=max&auto=format&n=JRxjxGtPjT-Lu7sy&q=85&s=33442d7c419c73c29bc3da3db91c2cfc" alt="Okta_ClientSecret" width="32" height="32" data-path="images/extensions/okta/okta_clientsecret.png" />                                                                                  | [Okta\_ClientSecret](/opengraph/extensions/okta/nodes/okta_clientsecret)                   | Okta Client Secret           |
| <img src="https://mintcdn.com/specterops-bp-2735-release-notes/JRxjxGtPjT-Lu7sy/images/extensions/okta/okta_customrole.png?fit=max&auto=format&n=JRxjxGtPjT-Lu7sy&q=85&s=ec4bc5f0c1190a1463a4c9113e6f7057" alt="Okta_CustomRole" width="32" height="32" data-path="images/extensions/okta/okta_customrole.png" />                                                                                                    | [Okta\_CustomRole](/opengraph/extensions/okta/nodes/okta_customrole)                       | Okta Custom Role             |
| <img src="https://mintcdn.com/specterops-bp-2735-release-notes/JRxjxGtPjT-Lu7sy/images/extensions/okta/okta_device.png?fit=max&auto=format&n=JRxjxGtPjT-Lu7sy&q=85&s=b0bd2fa1d9ba87e07fb200af5bf610fa" alt="Okta_Device" width="32" height="32" data-path="images/extensions/okta/okta_device.png" />                                                                                                                                        | [Okta\_Device](/opengraph/extensions/okta/nodes/okta_device)                               | Okta Device                  |
| <img src="https://mintcdn.com/specterops-bp-2735-release-notes/JRxjxGtPjT-Lu7sy/images/extensions/okta/okta_group.png?fit=max&auto=format&n=JRxjxGtPjT-Lu7sy&q=85&s=51ce08552732fa6b00eb418c7bba852e" alt="Okta_Group" width="32" height="32" data-path="images/extensions/okta/okta_group.png" />                                                                                                                                                 | [Okta\_Group](/opengraph/extensions/okta/nodes/okta_group)                                 | Okta Group                   |
| <img src="https://mintcdn.com/specterops-bp-2735-release-notes/JRxjxGtPjT-Lu7sy/images/extensions/okta/okta_identityprovider.png?fit=max&auto=format&n=JRxjxGtPjT-Lu7sy&q=85&s=6fc193af115f685e9717721e18c7490f" alt="Okta_IdentityProvider" width="32" height="32" data-path="images/extensions/okta/okta_identityprovider.png" />                                              | [Okta\_IdentityProvider](/opengraph/extensions/okta/nodes/okta_identityprovider)           | Okta Identity Provider       |
| <img src="https://mintcdn.com/specterops-bp-2735-release-notes/JRxjxGtPjT-Lu7sy/images/extensions/okta/okta_jwk.png?fit=max&auto=format&n=JRxjxGtPjT-Lu7sy&q=85&s=c44b12769d9fc0b4dd9a60a7a59fa1fc" alt="Okta_JWK" width="32" height="32" data-path="images/extensions/okta/okta_jwk.png" />                                                                                                                                                                   | [Okta\_JWK](/opengraph/extensions/okta/nodes/okta_jwk)                                     | Okta JWK                     |
| <img src="https://mintcdn.com/specterops-bp-2735-release-notes/JRxjxGtPjT-Lu7sy/images/extensions/okta/okta_organization.png?fit=max&auto=format&n=JRxjxGtPjT-Lu7sy&q=85&s=9c5221fdd337d0498ef5ab46b9c0ec6c" alt="Okta_Organization" width="32" height="32" data-path="images/extensions/okta/okta_organization.png" />                                                                                  | [Okta\_Organization](/opengraph/extensions/okta/nodes/okta_organization)                   | Okta Organization            |
| <img src="https://mintcdn.com/specterops-bp-2735-release-notes/JRxjxGtPjT-Lu7sy/images/extensions/okta/okta_policy.png?fit=max&auto=format&n=JRxjxGtPjT-Lu7sy&q=85&s=ca795daab781fccadeb518ca92328941" alt="Okta_Policy" width="32" height="32" data-path="images/extensions/okta/okta_policy.png" />                                                                                                                                        | [Okta\_Policy](/opengraph/extensions/okta/nodes/okta_policy)                               | Okta Policy                  |
| <img src="https://mintcdn.com/specterops-bp-2735-release-notes/JRxjxGtPjT-Lu7sy/images/extensions/okta/okta_realm.png?fit=max&auto=format&n=JRxjxGtPjT-Lu7sy&q=85&s=1ce8bbbd0b3ce4dffba08a9a1b4dd2b1" alt="Okta_Realm" width="32" height="32" data-path="images/extensions/okta/okta_realm.png" />                                                                                                                                                 | [Okta\_Realm](/opengraph/extensions/okta/nodes/okta_realm)                                 | Okta Realm                   |
| <img src="https://mintcdn.com/specterops-bp-2735-release-notes/JRxjxGtPjT-Lu7sy/images/extensions/okta/okta_resourceset.png?fit=max&auto=format&n=JRxjxGtPjT-Lu7sy&q=85&s=83cc957765d125cdd1078febca6a5d0d" alt="Okta_ResourceSet" width="32" height="32" data-path="images/extensions/okta/okta_resourceset.png" />                                                                                           | [Okta\_ResourceSet](/opengraph/extensions/okta/nodes/okta_resourceset)                     | Okta Resource Set            |
| <img src="https://mintcdn.com/specterops-bp-2735-release-notes/JRxjxGtPjT-Lu7sy/images/extensions/okta/okta_role.png?fit=max&auto=format&n=JRxjxGtPjT-Lu7sy&q=85&s=b8a6104ff00b6477b94e7576aaf38751" alt="Okta_Role" width="32" height="32" data-path="images/extensions/okta/okta_role.png" />                                                                                                                                                          | [Okta\_Role](/opengraph/extensions/okta/nodes/okta_role)                                   | Okta Role                    |
| <img src="https://mintcdn.com/specterops-bp-2735-release-notes/JRxjxGtPjT-Lu7sy/images/extensions/okta/okta_roleassignment.png?fit=max&auto=format&n=JRxjxGtPjT-Lu7sy&q=85&s=40ee995035162d336e8c3c5a5ffcf5b1" alt="Okta_RoleAssignment" width="32" height="32" data-path="images/extensions/okta/okta_roleassignment.png" />                                                                | [Okta\_RoleAssignment](/opengraph/extensions/okta/nodes/okta_roleassignment)               | Okta Role Assignment         |
| <img src="https://mintcdn.com/specterops-bp-2735-release-notes/JRxjxGtPjT-Lu7sy/images/extensions/okta/okta_user.png?fit=max&auto=format&n=JRxjxGtPjT-Lu7sy&q=85&s=fe13115507daa1e584edf0bbb4bf62cb" alt="Okta_User" width="32" height="32" data-path="images/extensions/okta/okta_user.png" />                                                                                                                                                          | [Okta\_User](/opengraph/extensions/okta/nodes/okta_user)                                   | Okta User                    |

## Edges

| Relationship Kind                                                                        | Traversable | Description                                                                            |
| ---------------------------------------------------------------------------------------- | :---------: | -------------------------------------------------------------------------------------- |
| [Okta\_AddMember](/opengraph/extensions/okta/edges/okta_addmember)                       |      ✅      | Ability to add or remove members in scoped Okta groups                                 |
| [Okta\_AgentMemberOf](/opengraph/extensions/okta/edges/okta_agentmemberof)               |      ✅      | Membership of an Okta agent in an agent pool                                           |
| [Okta\_AgentPoolFor](/opengraph/extensions/okta/edges/okta_agentpoolfor)                 |      ✅      | Relationship between an AD agent pool and its backing AD application                   |
| [Okta\_ApiTokenFor](/opengraph/extensions/okta/edges/okta_apitokenfor)                   |      ✅      | User ownership of an Okta API token                                                    |
| [Okta\_AppAdmin](/opengraph/extensions/okta/edges/okta_appadmin)                         |      ✅      | Application administrator role assignment                                              |
| [Okta\_AppAssignment](/opengraph/extensions/okta/edges/okta_appassignment)               |      ❌      | Assignment of users or groups to an Okta application                                   |
| [Okta\_Contains](/opengraph/extensions/okta/edges/okta_contains)                         |      ✅      | Contains relationship between the Okta organization and its objects                    |
| [Okta\_CreatorOf](/opengraph/extensions/okta/edges/okta_creatorof)                       |      ❌      | Creator relationship for API service integrations                                      |
| [Okta\_DeviceOf](/opengraph/extensions/okta/edges/okta_deviceof)                         |      ❌      | Ownership relationship between a device and its assigned user                          |
| [Okta\_GroupAdmin](/opengraph/extensions/okta/edges/okta_groupadmin)                     |      ✅      | Group administrator role assignment                                                    |
| [Okta\_GroupMembershipAdmin](/opengraph/extensions/okta/edges/okta_groupmembershipadmin) |      ✅      | Group membership administrator role assignment                                         |
| [Okta\_GroupPull](/opengraph/extensions/okta/edges/okta_grouppull)                       |      ✅      | Import of group memberships from an external application                               |
| [Okta\_GroupPush](/opengraph/extensions/okta/edges/okta_grouppush)                       |      ❌      | Provisioning of group memberships to an external application                           |
| [Okta\_HasRole](/opengraph/extensions/okta/edges/okta_hasrole)                           |      ❌      | Assignment of a built-in or custom role to a principal                                 |
| [Okta\_HasRoleAssignment](/opengraph/extensions/okta/edges/okta_hasroleassignment)       |      ❌      | Relationship between a principal and a role assignment                                 |
| [Okta\_HelpDeskAdmin](/opengraph/extensions/okta/edges/okta_helpdeskadmin)               |      ✅      | Help desk administrator role assignment                                                |
| [Okta\_HostsAgent](/opengraph/extensions/okta/edges/okta_hostsagent)                     |      ✅      | Relationship between an AD server and the Okta agent running on that host              |
| [Okta\_IdentityProviderFor](/opengraph/extensions/okta/edges/okta_identityproviderfor)   |      ✅      | Trust relationship between an identity provider and Okta users                         |
| [Okta\_IdpGroupAssignment](/opengraph/extensions/okta/edges/okta_idpgroupassignment)     |      ❌      | Identity provider group assignment to an Okta group                                    |
| [Okta\_InboundOrgSSO](/opengraph/extensions/okta/edges/okta_inboundorgsso)               |      ✅      | Single sign-on from an external organization into Okta                                 |
| [Okta\_InboundSSO](/opengraph/extensions/okta/edges/okta_inboundsso)                     |      ✅      | Single sign-on from an external identity provider into Okta                            |
| [Okta\_KerberosSSO](/opengraph/extensions/okta/edges/okta_kerberossso)                   |      ✅      | Agentless desktop SSO relationship from on-prem AD user account to Okta AD application |
| [Okta\_KeyOf](/opengraph/extensions/okta/edges/okta_keyof)                               |      ✅      | JSON Web Key associated with an Okta application                                       |
| [Okta\_ManageApp](/opengraph/extensions/okta/edges/okta_manageapp)                       |      ✅      | Ability to manage scoped Okta applications                                             |
| [Okta\_ManagerOf](/opengraph/extensions/okta/edges/okta_managerof)                       |      ❌      | Manager relationship between Okta users                                                |
| [Okta\_MemberOf](/opengraph/extensions/okta/edges/okta_memberof)                         |      ✅      | Membership of a user in an Okta group                                                  |
| [Okta\_MembershipSync](/opengraph/extensions/okta/edges/okta_membershipsync)             |      ✅      | Bidirectional synchronization between Okta groups and external groups                  |
| [Okta\_MobileAdmin](/opengraph/extensions/okta/edges/okta_mobileadmin)                   |      ✅      | Mobile administrator role assignment                                                   |
| [Okta\_OrgAdmin](/opengraph/extensions/okta/edges/okta_orgadmin)                         |      ✅      | Organization administrator role assignment                                             |
| [Okta\_OrgSWA](/opengraph/extensions/okta/edges/okta_orgswa)                             |      ❌      | Secure Web Authentication from an Okta application to an external organization         |
| [Okta\_OutboundOrgSSO](/opengraph/extensions/okta/edges/okta_outboundorgsso)             |      ✅      | Single sign-on from an Okta application to an external organization                    |
| [Okta\_OutboundSSO](/opengraph/extensions/okta/edges/okta_outboundsso)                   |      ✅      | Single sign-on from Okta to an external identity provider                              |
| [Okta\_PasswordSync](/opengraph/extensions/okta/edges/okta_passwordsync)                 |      ✅      | Password synchronization between user accounts via AD integration, Org2Org, or SCIM    |
| [Okta\_PolicyMapping](/opengraph/extensions/okta/edges/okta_policymapping)               |      ❌      | Association of a policy with an Okta application                                       |
| [Okta\_ReadClientSecret](/opengraph/extensions/okta/edges/okta_readclientsecret)         |      ✅      | Ability to read client secrets for scoped Okta applications                            |
| [Okta\_ReadPasswordUpdates](/opengraph/extensions/okta/edges/okta_readpasswordupdates)   |      ✅      | Application can read password updates over the SCIM protocol                           |
| [Okta\_RealmContains](/opengraph/extensions/okta/edges/okta_realmcontains)               |      ✅      | Contains relationship between an Okta realm and its users                              |
| [Okta\_ResetFactors](/opengraph/extensions/okta/edges/okta_resetfactors)                 |      ✅      | Ability to reset MFA factors for scoped Okta users                                     |
| [Okta\_ResetPassword](/opengraph/extensions/okta/edges/okta_resetpassword)               |      ✅      | Ability to reset passwords or temporary credentials for scoped Okta users              |
| [Okta\_ResourceSetContains](/opengraph/extensions/okta/edges/okta_resourcesetcontains)   |      ✅      | Membership of objects within an Okta resource set                                      |
| [Okta\_ScopedTo](/opengraph/extensions/okta/edges/okta_scopedto)                         |      ❌      | Scope relationship between a role assignment and its target                            |
| [Okta\_SecretOf](/opengraph/extensions/okta/edges/okta_secretof)                         |      ✅      | Client secret associated with an application or service integration                    |
| [Okta\_SuperAdmin](/opengraph/extensions/okta/edges/okta_superadmin)                     |      ✅      | Super administrator role assignment                                                    |
| [Okta\_SWA](/opengraph/extensions/okta/edges/okta_swa)                                   |      ❌      | Secure Web Authentication from Okta to an external application                         |
| [Okta\_UserPull](/opengraph/extensions/okta/edges/okta_userpull)                         |      ❌      | Import of users from an external application                                           |
| [Okta\_UserPush](/opengraph/extensions/okta/edges/okta_userpush)                         |      ❌      | Provisioning of users to an external application                                       |
| [Okta\_UserSync](/opengraph/extensions/okta/edges/okta_usersync)                         |      ❌      | Bidirectional synchronization between Okta users and external identities               |
