This article provides instructions for creating a scope for an Authorization Server. Scopes represent high-level operations performed on Application Programming Interface (API) endpoints that access policies grant or deny. This guide applies to Okta environments with the API Access Management feature.
 

• Okta Identity Engine (OIE)
• Okta Classic Engine
• API Access Management
• Authorization Server
• Application Programming Interface (API)

Scopes define high-level operations on API endpoints. An administrator creates additional scopes when the reserved scopes do not meet requirements.

To create a scope for the Authorization Server in Okta, follow these steps or watch the video:
 

1. Login to the Okta Admin Console.
2. Go to Security > API > Authorization Servers.
3. Select the name of the Authorization Server and then click the pencil icon to edit it.

4. On the Authorization Server details page, click on the Scopes tab and then click the Add Scope button.

5. Enter a name and description for the new scope.
   • Optionally, select the Default scope checkbox to allow Okta to grant authorization requests to apps that do not specify scopes on an authorization request. If the scope parameter is not included in an authorization request, Okta will return all default scopes in the Access Token that are permitted by the access policy rule.
6. Select a User Consent option:
   • Implicit: The default setting. The user is not asked to grant the app access to the information. The user's consent is implied for this scope.
   • Optional: Users can skip accepting this scope when they see the consent screen on the Sign-In Widget.
   • Required: User consent is required for this scope, and users may not change their consent option. Click the Create button to create the new scope.

NOTE: If the selection is Optional or Required, clear the Block services from requesting this scope checkbox.

7. Click Create.

Related References

• API Access Management

• Create API access scopes