Scopes for Okta Devices connector cards
Your Okta Devices connector accesses the Okta API using scoped OAuth 2.0 access tokens. Each access token enables the bearer to perform specific actions on specific Okta endpoints. The scopes contained in the access token control the ability to perform these actions.
Grant the required scopes for each of the event and action cards that you want to use in your Okta Devices connector.
For an existing connection, you must reauthorize the connection to pick up any scope changes.
The OAuth 2.0 Scopes topic in the Okta developer documentation contains detailed descriptions for all available scopes.
Default scopes
These default scopes are automatically granted. You don't need to grant them through the Okta Workflows OAuth app. They appear in the Permissions tab of the Okta Devices connector.
The connection authorization fails if you revoke any of these automatically granted scopes from the OAuth app.
- address
- groups
- offline_access
- openid
- phone
- profile
Event cards
The event cards for the Okta Devices connector require the scopes indicated in the following table.
|
Connector card |
Required scopes |
|---|---|
|
okta.eventHooks.manage |
Action cards
The action cards for the Okta Devices connector require the scopes indicated in the following table.
|
Connector card |
Required scopes |
|---|---|
|
okta.devices.manage |
|
|
Any scopes required by the API endpoint. |
|
|
okta.devices.manage |
|
|
okta.devices.manage |
|
|
okta.devices.read |
|
|
okta.devices.read |
|
|
okta.devices.read |
|
|
okta.devices.manage |
|
|
okta.devices.manage |