Questions about Okta API and universal directory Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Mukund PareekMukund Pareek 

Questions about Okta API and universal directory

I have couple of questions about universal directory and Okta API;

1) Is there a way the universal directory for our domain can be accessible from ldap browser?

2) Is there a way to retrieve the complete dump of users from universal directory? I did not see any option in the Admin section to export users and  the APIs also have a limit while extracting user records.

3) We have Okta User profile and App User Profile. I see there are APIs to retrieve App User Profiles for users assigned to a particular application. But when I tried to execute it, there are no errors but I dont get any attribute in the returned profile. I see an attribute named userName in the App profile and I also added a custom attribute named testattribute. But I dont get either of them in the returned data but I get correct number of users and Id of user. I am using following API

"https://${org}<AppInstanceId>/users/<User Id>"

4) How can we do group provisioning (fine grained acces provisioning) for any application using APIs? I see the API to assign application takes group information in the request data. But is there any API which will do only groups management (assignment and removal) for any application? 

I see there are APIs which can assign an application to a user group in Okta directory but I am looking for a group assignment inside the application.
Wils DawsonWils Dawson (Okta, Inc.)
Hi Mukund,

1) Okta does not offer this functionality today.

2) You can use pagination ( with the Users API ( to get all of your users. Make sure to keep rate limitting ( in mind.

3) My guess is that you're not seeing the attributes on that particular App User because they don't have values for the attributes. To my knowledge, that API should return the full UD profile if it exists.

4) Not quite sure what you mean here. Do you want to manipulate groups inside of the application, e.g. If Box is the application, you want to manage groups within Box? Or do you want to assign users directly to the application without going through a group? Or do you want to assign users to a group that is assigned to an app?

Hope that helps!
Mukund PareekMukund Pareek
Thanks for answering first 2 points.

For point 3, I used the API to update profile assigned to application and updated one custom attribute added. It did not give any error. But after that when I tried to get the App User profile, I did not get this attribute. ALso at least I should get the userName attribute because that is alwasy present.

For point 4, yes I want to manage the groups present inside any applicaion eg. Box. So I want to assign/remove groups inside an application to the user account for that application.
James GarvinJames Garvin (Okta)
For point 3 - Is the App actually UD enabled?  Not all apps are UD enabled yet.  What app is it and what exactly are you trying to do?

For point 4 - Only applications with Provisioning enabled and Group Push have the functionality.  If you wish to push a group from Okta to another app, without Group Push functionality built in, you would need to use the Okta API and the SP API.