> ## Documentation Index > Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt > Use this file to discover all available pages before exploring further. # Okta_RoleAssignment > A set of permissions assigned to a user, group, or an application in Okta Applies to BloodHound Enterprise and CE ## Overview To help visualize role assignments in BloodHound, Okta\_RoleAssignment nodes are created for each role assignment in Okta. These nodes represent the relationship between a [user](/opengraph/extensions/okta/nodes/okta_user), [group](/opengraph/extensions/okta/nodes/okta_group), or [application](/opengraph/extensions/okta/nodes/okta_application) and a role ([built-in](/opengraph/extensions/okta/nodes/okta_role) or [custom](/opengraph/extensions/okta/nodes/okta_customrole)). ## Edges The tables below list edges defined by the Okta extension only. Additional edges to or from this node may be created by other extensions. ### Inbound Edges | Edge Type | Source Node Types | Traversable | | ---------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | | [Okta\_Contains](/opengraph/extensions/okta/edges/okta_contains) | [Okta\_Organization](/opengraph/extensions/okta/nodes/okta_organization) | ✅ | | [Okta\_HasRoleAssignment](/opengraph/extensions/okta/edges/okta_hasroleassignment) | [Okta\_User](/opengraph/extensions/okta/nodes/okta_user), [Okta\_Group](/opengraph/extensions/okta/nodes/okta_group), [Okta\_Application](/opengraph/extensions/okta/nodes/okta_application) | ❌ | ### Outbound Edges | Edge Type | Destination Node Types | Traversable | | ---------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------- | | [Okta\_ScopedTo](/opengraph/extensions/okta/edges/okta_scopedto) | [Okta\_Organization](/opengraph/extensions/okta/nodes/okta_organization), [Okta\_User](/opengraph/extensions/okta/nodes/okta_user), [Okta\_Group](/opengraph/extensions/okta/nodes/okta_group), [Okta\_ResourceSet](/opengraph/extensions/okta/nodes/okta_resourceset), [Okta\_Application](/opengraph/extensions/okta/nodes/okta_application), [Okta\_ApiServiceIntegration](/opengraph/extensions/okta/nodes/okta_apiserviceintegration), [Okta\_Device](/opengraph/extensions/okta/nodes/okta_device), [Okta\_AuthorizationServer](/opengraph/extensions/okta/nodes/okta_authorizationserver) | ❌ | ## Properties | Name | Source | Type | Description | | ---------------- | --------------------------------------- | ---------- | -------------------------------------------------------------------------------- | | `id` | `roleAssignment.id + "_" + assignee.id` | `string` | Unique role-assignment identifier derived from role assignment and assignee IDs. | | `name` | `roleAssignment.label` | `string` | Role name associated with this assignment. | | `displayName` | `roleAssignment.label` | `string` | Display label used in BloodHound. | | `oktaDomain` | Collector context (non-API) | `string` | Okta organization domain where the role assignment exists. | | `assignmentType` | `roleAssignment.assignmentType` | `string` | Assignment scope/type (for example user or group assignment). | | `type` | `roleAssignment.type` | `string` | Assigned role identifier (for example `WORKFLOWS_ADMIN`, `APP_ADMIN`). | | `status` | `roleAssignment.status` | `string` | Role assignment lifecycle status. | | `created` | `roleAssignment.created` | `datetime` | Role assignment creation timestamp. | | `lastUpdated` | `roleAssignment.lastUpdated` | `datetime` | Last role assignment update timestamp. | ## Sample Property Values ```yaml theme={null} id: irbwnwe8vjjXl4FbX697_00uw2sodowQc75SUm697 name: Workflows Administrator displayName: Workflows Administrator oktaDomain: contoso.okta.com assignmentType: USER type: WORKFLOWS_ADMIN status: ACTIVE created: 2025-10-22T13:29:26+00:00 lastUpdated: 2025-10-22T13:29:26+00:00 ```