Integration with Okta (User APIs) in Salesforce

Integration with Okta (User APIs) in Salesforce

1. User Fetching from Okta - Get User API -

  • API url - https://{!comapny}.okta.com/api/v1/users/{!username}
  • Method - GET
  • Headers -
    • Accept, application/json
    •  Authorization, SSWS token
    • Content-Type, application/json

We will get to SSWS token later

  • Response Body if user already there - ‘{

"id": "00up6awprUdDQJw9v355",

"status": "ACTIVE",

"created": "2018-08-13T16:08:52.000Z",

"activated": "2018-08-13T16:08:52.000Z",

"statusChanged": "2018-08-13T16:08:52.000Z",

"lastLogin": null,

"lastUpdated": "2018-08-13T16:08:52.000Z",

"passwordChanged": "2018-08-13T16:08:52.000Z",

"profile": {

"firstName": "Isaac",

"lastName": "Brock",

"mobilePhone": null,

"secondEmail": null,

"login": "[email protected]",

"email": "[email protected]"

},

"credentials": {

"password": {},

"recovery_question": {

"question": ""

},

"provider": {

"type": "OKTA",

"name": "OKTA"

}

},

"_links": {

"suspend": {

"href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/lifecycle/suspend",

"method": "POST"

},

"resetPassword": {

"href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/lifecycle/reset_password",

"method": "POST"

},

"forgotPassword": {

"href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/credentials/forgot_password",

"method": "POST"

},

"expirePassword": {

"href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/lifecycle/expire_password",

"method": "POST"

},

"changeRecoveryQuestion": {

"href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/credentials/change_recovery_question",

"method": "POST"

},

"self": {

"href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355"

},

"changePassword": {

"href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/credentials/change_password",

"method": "POST"

},

"deactivate": {

"href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/lifecycle/deactivate",

"method": "POST"

}

}

}

You can map the required fields to your wrapper class.

Sample code in salesforce -

Http testHttp2 = new Http();

HttpRequest testreq2 = new HttpRequest();

testreq2.setEndpoint(‘https://{!comapny}.okta.com/api/v1/users/{!username}’);

testreq2 .setMethod('GET');

testreq2 .setHeader('Accept', 'application/json');

testreq2 .setHeader('Authorization', 'SSWS '+{!Token});

testreq2 .setHeader('Content-Type', 'application/json');

HttpResponse testres2 = testHttp2 .send(testreq2 );

System.debug('body22222===='+testres2 .getBody());

I am getting user through its okta Username, you can also get user by its okta user Id. just replace the username in endpoint with Id. For example -

https://{!comapny}.okta.com/api/v1/users/{!OktaUserId}

2.  User Creation in Okta-

Note - I am creating User in Okta with these following fields, you can include more fields if you want -

  • Username
  • FirstName
  • LastName
  • Email

When Users are created, they will get mail from Okta to activate their account.

  • API url - https://{!company}.okta.com/api/v1/users?activate=true
  • Method - POST
  • Headers -
    • Accept, application/jsonAuthorization, SSWS token
    • Content-Type, application/json
    • Body -   '{ "profile": { "firstName": "'+u.FirstName+'", "lastName": "'+u.LastName+'", "email": "'+u.Email+'", "login": "'+u.Username+'" } }'
  • Response Body - ‘{

"id": "00up6awprUdDQJw9v355",

"status": "ACTIVE",

"created": "2018-08-13T16:08:52.000Z",

"activated": "2018-08-13T16:08:52.000Z",

"statusChanged": "2018-08-13T16:08:52.000Z",

"lastLogin": null,

"lastUpdated": "2018-08-13T16:08:52.000Z",

"passwordChanged": "2018-08-13T16:08:52.000Z",

"profile": {

"firstName": "Isaac",

"lastName": "Brock",

"mobilePhone": null,

"secondEmail": null,

"login": "[email protected]",

"email": "[email protected]"

},

"credentials": {

"password": {},

"recovery_question": {

"question": ""

},

"provider": {

"type": "OKTA",

"name": "OKTA"

}

},

"_links": {

"suspend": {

"href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/lifecycle/suspend",

"method": "POST"

},

"resetPassword": {

"href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/lifecycle/reset_password",

"method": "POST"

},

"forgotPassword": {

"href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/credentials/forgot_password",

"method": "POST"

},

"expirePassword": {

"href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/lifecycle/expire_password",

"method": "POST"

},

"changeRecoveryQuestion": {

"href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/credentials/change_recovery_question",

"method": "POST"

},

"self": {

"href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355"

},

"changePassword": {

"href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/credentials/change_password",

"method": "POST"

},

"deactivate": {

"href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/lifecycle/deactivate",

"method": "POST"

}

}

}

Similarly the mapped required fields to your wrapper class as earlier.

Sample code in salesforce -

Http testhttp3 = new Http();

HttpRequest testreq3 = new HttpRequest();

testreq3.setEndpoint(‘https://{!company}.okta.com/api/v1/users?activate=true’);

testreq3 .setMethod('POST');

testreq3 .setHeader('Accept', 'application/json');

testreq3 .setHeader('Authorization', 'SSWS '+{!Token});

testreq3 .setHeader('Content-Type', 'application/json');

testreq3 .setBody('{ "profile": { "firstName": "'+u.FirstName+'", "lastName":   "'+u.LastName+'", "email": "'+u.Email+'", "login": "'+u.Username+'" } }');

HttpResponse testres3 = testhttp3.send(testreq3 );

System.debug('body22222===='+testres3 .getBody());

Note - You can create only one user per API hit in Okta, so for creating multiple users write the above code in batch and run the batch with maximum 100 batch size.

3.  User Updation in Okta -

User updating API -

Note - I am updating User in Okta with these following fields -

  • Username
  • FirstName
  • LastName
  • Email

You can provide more fields in the request body.

  • API url - https://{!company}.okta.com/api/v1/users/{!username}
  • Method - POST
  • Headers -
    • Accept, application/json
    • Authorization, SSWS token
    • Content-Type, application/json
  • Body -  '{ "profile": { "firstName": "'+u.FirstName+'", "lastName": "'+u.LastName+'", "email": "'+u.Email+'", "login": "'+u.Username+'" } }'
  • Response Body - ‘{

"id": "00up6awprUdDQJw9v355",

"status": "ACTIVE",

"created": "2018-08-13T16:08:52.000Z",

"activated": "2018-08-13T16:08:52.000Z",

"statusChanged": "2018-08-13T16:08:52.000Z",

"lastLogin": null,

"lastUpdated": "2018-08-13T16:08:52.000Z",

"passwordChanged": "2018-08-13T16:08:52.000Z",

"profile": {

"firstName": "Isaac",

"lastName": "Brock",

"mobilePhone": null,

"secondEmail": null,

"login": "[email protected]",

"email": "[email protected]"

},

"credentials": {

"password": {},

"recovery_question": {

"question": ""

},

"provider": {

"type": "OKTA",

"name": "OKTA"

}

},

"_links": {

"suspend": {

"href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/lifecycle/suspend",

"method": "POST"

},

"resetPassword": {

"href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/lifecycle/reset_password",

"method": "POST"

},

"forgotPassword": {

"href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/credentials/forgot_password",

"method": "POST"

},

"expirePassword": {

"href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/lifecycle/expire_password",

"method": "POST"

},

"changeRecoveryQuestion": {

"href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/credentials/change_recovery_question",

"method": "POST"

},

"self": {

"href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355"

},

"changePassword": {

"href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/credentials/change_password",

"method": "POST"

},

"deactivate": {

"href": "https://algoworks.okta.com/api/v1/users/00up6awprUdDQJw9v355/lifecycle/deactivate",

"method": "POST"

}

}

}

As earlier I have discussed you can get user with its username or its Id, similarly we can update user with its username or its  Okta user Id, just change the API Url to this - ‘https://{!company}.okta.com/api/v1/users/{!OktaUserId}’.

How to get SSWS Token to access Okta APIs?

Steps :-

  • Go to Security tab on your Okta account and click API in dropdown menu.

  • Click on Create Token button.
  • This will open a pop up, where you have to provide name for your token
  • .Click Create Token on pop up.

  • Copy the token, click on OK, got it button (Remember this token is visible only the time of creating it so save it somewhere).

Now use this token in header to access the Okta User APIs.

Responses

Popular Salesforce Blogs