okta
Okta Management API
Version bump 2026.06.2 → 2026.06.3, SKU metadata cleared
The API version was incremented from 2026.06.2 to 2026.06.3, and the SKUs field in the x-okta-lifecycle metadata was changed from listing ["API Access Management"] to an empty array [] across all authorization server endpoints. This is a metadata change with no impact on endpoint behavior, request/response schemas, or authentication requirements.
Alert history
- Informational
Version bump 2026.06.2 → 2026.06.3, SKU metadata cleared
The API version was incremented from 2026.06.2 to 2026.06.3, and the
SKUsfield in thex-okta-lifecyclemetadata was changed from listing["API Access Management"]to an empty array[]across all authorization server endpoints. This is a metadata change with no impact on endpoint behavior, request/response schemas, or authentication requirements. - Informational
DevicePostureCheck endpoints lifecycle status updated to LIMITED_GA
Three DevicePostureCheck endpoints (GET and DELETE on device posture checks collection and detail resource) have been reclassified from general availability (GA) to limited general availability (LIMITED_GA), and now require the Okta Identity Engine SKU. This is a product availability change that may affect feature access planning, though it does not alter the functional API contract.
- Informational
DevicePostureCheck endpoints moved from EA to GA
Three DevicePostureCheck endpoints (
GET /api/v1/device-posture-checks,GET /api/v1/device-posture-checks/{id}, andDELETE /api/v1/device-posture-checks/{id}) transitioned from Early Access (EA) to General Availability (GA). Thex-okta-lifecyclemetadata changed fromlifecycle: EAwithisGenerallyAvailable: falsetolifecycle: GAwithisGenerallyAvailable: true, and theSKUsfield was removed. This is a status update indicating feature maturation but does not change the functional API contract. - Informational
Update lifecycle status for bot protection and telephony provider APIs
The specification updates lifecycle statuses for three feature groups: Bot Protection endpoints transition from
EAtoLIMITED_GA; Custom Telephony Provider endpoints transition fromEAtoGA; and SCIM submission examples along with related schemas transition fromisGenerallyAvailable: falsetoisGenerallyAvailable: true. These are documentation-only changes indicating maturity progression of existing APIs with no impact on API functionality or contracts. - Breaking
Okta Management API 2026.05.1: schema changes, scope removals, new tag
This version bump (2026.03.0 → 2026.05.1) includes several potentially breaking changes alongside additive ones:
WorkflowsValidationErrorschema breaking change: Theresultproperty (a$reftoWorkflowsValidationErrorTypeenum) is removed and replaced with new required string fieldscode,flowName,message, andlink. TheWorkflowsValidationErrorTypeenum schema is also removed entirely. Any code deserializing this response shape will break.- OAuth scopes removed:
okta.authenticators.manage.self,okta.manifests.manage,okta.manifests.read,okta.operations.read,okta.privilegedResources.manage,okta.privilegedResources.read,okta.riskEvents.manage,okta.riskProviders.manage,okta.riskProviders.read,okta.users.manage.self, andokta.users.read.selfare no longer listed in the security scheme scopes — clients requesting these scopes may receive errors. - New
OktaManagedUserAccounttag added (new API surface for managing Okta users via Okta Privileged Access) — purely additive. - Documentation updates: Policy type
SIGN_ONrenamed toOKTA_SIGN_ONin docs; newSESSION_VIOLATION_DETECTIONandIDENTITY_CLAIM_SOURCINGpolicy types documented; WebAuthn rebrand to Passkey (FIDO2 WebAuthn) finalized with no parameter name changes.