> ## Documentation Index
> Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt
> Use this file to discover all available pages before exploring further.
# Schema
> Okta extension schema definition
## Metadata
**Name:** SOOkta
**Display Name:** Okta Extension (by SpecterOps)
**Version:** v2.8.1
**Namespace:** Okta
**Environment Kind:** Okta\_Organization
**Source Kind:** Okta
This file is automatically generated from the [extension schema definition file](https://github.com/SpecterOps/openhound-okta/blob/main/extension/schema.json).
## Nodes
| Icon | Node Kind | Display Name |
| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------ | ---------------------------- |
| 
| [Okta\_Agent](/opengraph/extensions/okta/nodes/okta_agent) | Okta Agent |
| 
| [Okta\_AgentPool](/opengraph/extensions/okta/nodes/okta_agentpool) | Okta Agent Pool |
| 
| [Okta\_ApiServiceIntegration](/opengraph/extensions/okta/nodes/okta_apiserviceintegration) | Okta API Service Integration |
| 
| [Okta\_ApiToken](/opengraph/extensions/okta/nodes/okta_apitoken) | Okta API Token |
| 
| [Okta\_Application](/opengraph/extensions/okta/nodes/okta_application) | Okta Application |
| 
| [Okta\_AuthorizationServer](/opengraph/extensions/okta/nodes/okta_authorizationserver) | Okta Authorization Server |
| 
| [Okta\_ClientSecret](/opengraph/extensions/okta/nodes/okta_clientsecret) | Okta Client Secret |
| 
| [Okta\_CustomRole](/opengraph/extensions/okta/nodes/okta_customrole) | Okta Custom Role |
| 
| [Okta\_Device](/opengraph/extensions/okta/nodes/okta_device) | Okta Device |
| 
| [Okta\_Group](/opengraph/extensions/okta/nodes/okta_group) | Okta Group |
| 
| [Okta\_IdentityProvider](/opengraph/extensions/okta/nodes/okta_identityprovider) | Okta Identity Provider |
| 
| [Okta\_JWK](/opengraph/extensions/okta/nodes/okta_jwk) | Okta JWK |
| 
| [Okta\_Organization](/opengraph/extensions/okta/nodes/okta_organization) | Okta Organization |
| 
| [Okta\_Policy](/opengraph/extensions/okta/nodes/okta_policy) | Okta Policy |
| 
| [Okta\_Realm](/opengraph/extensions/okta/nodes/okta_realm) | Okta Realm |
| 
| [Okta\_ResourceSet](/opengraph/extensions/okta/nodes/okta_resourceset) | Okta Resource Set |
| 
| [Okta\_Role](/opengraph/extensions/okta/nodes/okta_role) | Okta Role |
| 
| [Okta\_RoleAssignment](/opengraph/extensions/okta/nodes/okta_roleassignment) | Okta Role Assignment |
| 
| [Okta\_User](/opengraph/extensions/okta/nodes/okta_user) | Okta User |
## Edges
| Relationship Kind | Traversable | Description |
| ---------------------------------------------------------------------------------------- | :---------: | -------------------------------------------------------------------------------------- |
| [Okta\_AddMember](/opengraph/extensions/okta/edges/okta_addmember) | ✅ | Ability to add or remove members in scoped Okta groups |
| [Okta\_AgentMemberOf](/opengraph/extensions/okta/edges/okta_agentmemberof) | ✅ | Membership of an Okta agent in an agent pool |
| [Okta\_AgentPoolFor](/opengraph/extensions/okta/edges/okta_agentpoolfor) | ✅ | Relationship between an AD agent pool and its backing AD application |
| [Okta\_ApiTokenFor](/opengraph/extensions/okta/edges/okta_apitokenfor) | ✅ | User ownership of an Okta API token |
| [Okta\_AppAdmin](/opengraph/extensions/okta/edges/okta_appadmin) | ✅ | Application administrator role assignment |
| [Okta\_AppAssignment](/opengraph/extensions/okta/edges/okta_appassignment) | ❌ | Assignment of users or groups to an Okta application |
| [Okta\_Contains](/opengraph/extensions/okta/edges/okta_contains) | ✅ | Contains relationship between the Okta organization and its objects |
| [Okta\_CreatorOf](/opengraph/extensions/okta/edges/okta_creatorof) | ❌ | Creator relationship for API service integrations |
| [Okta\_DeviceOf](/opengraph/extensions/okta/edges/okta_deviceof) | ❌ | Ownership relationship between a device and its assigned user |
| [Okta\_GroupAdmin](/opengraph/extensions/okta/edges/okta_groupadmin) | ✅ | Group administrator role assignment |
| [Okta\_GroupMembershipAdmin](/opengraph/extensions/okta/edges/okta_groupmembershipadmin) | ✅ | Group membership administrator role assignment |
| [Okta\_GroupPull](/opengraph/extensions/okta/edges/okta_grouppull) | ✅ | Import of group memberships from an external application |
| [Okta\_GroupPush](/opengraph/extensions/okta/edges/okta_grouppush) | ❌ | Provisioning of group memberships to an external application |
| [Okta\_HasRole](/opengraph/extensions/okta/edges/okta_hasrole) | ❌ | Assignment of a built-in or custom role to a principal |
| [Okta\_HasRoleAssignment](/opengraph/extensions/okta/edges/okta_hasroleassignment) | ❌ | Relationship between a principal and a role assignment |
| [Okta\_HelpDeskAdmin](/opengraph/extensions/okta/edges/okta_helpdeskadmin) | ✅ | Help desk administrator role assignment |
| [Okta\_HostsAgent](/opengraph/extensions/okta/edges/okta_hostsagent) | ✅ | Relationship between an AD server and the Okta agent running on that host |
| [Okta\_IdentityProviderFor](/opengraph/extensions/okta/edges/okta_identityproviderfor) | ✅ | Trust relationship between an identity provider and Okta users |
| [Okta\_IdpGroupAssignment](/opengraph/extensions/okta/edges/okta_idpgroupassignment) | ❌ | Identity provider group assignment to an Okta group |
| [Okta\_InboundOrgSSO](/opengraph/extensions/okta/edges/okta_inboundorgsso) | ✅ | Single sign-on from an external organization into Okta |
| [Okta\_InboundSSO](/opengraph/extensions/okta/edges/okta_inboundsso) | ✅ | Single sign-on from an external identity provider into Okta |
| [Okta\_KerberosSSO](/opengraph/extensions/okta/edges/okta_kerberossso) | ✅ | Agentless desktop SSO relationship from on-prem AD user account to Okta AD application |
| [Okta\_KeyOf](/opengraph/extensions/okta/edges/okta_keyof) | ✅ | JSON Web Key associated with an Okta application |
| [Okta\_ManageApp](/opengraph/extensions/okta/edges/okta_manageapp) | ✅ | Ability to manage scoped Okta applications |
| [Okta\_ManagerOf](/opengraph/extensions/okta/edges/okta_managerof) | ❌ | Manager relationship between Okta users |
| [Okta\_MemberOf](/opengraph/extensions/okta/edges/okta_memberof) | ✅ | Membership of a user in an Okta group |
| [Okta\_MembershipSync](/opengraph/extensions/okta/edges/okta_membershipsync) | ✅ | Bidirectional synchronization between Okta groups and external groups |
| [Okta\_MobileAdmin](/opengraph/extensions/okta/edges/okta_mobileadmin) | ✅ | Mobile administrator role assignment |
| [Okta\_OrgAdmin](/opengraph/extensions/okta/edges/okta_orgadmin) | ✅ | Organization administrator role assignment |
| [Okta\_OrgSWA](/opengraph/extensions/okta/edges/okta_orgswa) | ❌ | Secure Web Authentication from an Okta application to an external organization |
| [Okta\_OutboundOrgSSO](/opengraph/extensions/okta/edges/okta_outboundorgsso) | ✅ | Single sign-on from an Okta application to an external organization |
| [Okta\_OutboundSSO](/opengraph/extensions/okta/edges/okta_outboundsso) | ✅ | Single sign-on from Okta to an external identity provider |
| [Okta\_PasswordSync](/opengraph/extensions/okta/edges/okta_passwordsync) | ✅ | Password synchronization between user accounts via AD integration, Org2Org, or SCIM |
| [Okta\_PolicyMapping](/opengraph/extensions/okta/edges/okta_policymapping) | ❌ | Association of a policy with an Okta application |
| [Okta\_ReadClientSecret](/opengraph/extensions/okta/edges/okta_readclientsecret) | ✅ | Ability to read client secrets for scoped Okta applications |
| [Okta\_ReadPasswordUpdates](/opengraph/extensions/okta/edges/okta_readpasswordupdates) | ✅ | Application can read password updates over the SCIM protocol |
| [Okta\_RealmContains](/opengraph/extensions/okta/edges/okta_realmcontains) | ✅ | Contains relationship between an Okta realm and its users |
| [Okta\_ResetFactors](/opengraph/extensions/okta/edges/okta_resetfactors) | ✅ | Ability to reset MFA factors for scoped Okta users |
| [Okta\_ResetPassword](/opengraph/extensions/okta/edges/okta_resetpassword) | ✅ | Ability to reset passwords or temporary credentials for scoped Okta users |
| [Okta\_ResourceSetContains](/opengraph/extensions/okta/edges/okta_resourcesetcontains) | ✅ | Membership of objects within an Okta resource set |
| [Okta\_ScopedTo](/opengraph/extensions/okta/edges/okta_scopedto) | ❌ | Scope relationship between a role assignment and its target |
| [Okta\_SecretOf](/opengraph/extensions/okta/edges/okta_secretof) | ✅ | Client secret associated with an application or service integration |
| [Okta\_SuperAdmin](/opengraph/extensions/okta/edges/okta_superadmin) | ✅ | Super administrator role assignment |
| [Okta\_SWA](/opengraph/extensions/okta/edges/okta_swa) | ❌ | Secure Web Authentication from Okta to an external application |
| [Okta\_UserPull](/opengraph/extensions/okta/edges/okta_userpull) | ❌ | Import of users from an external application |
| [Okta\_UserPush](/opengraph/extensions/okta/edges/okta_userpush) | ❌ | Provisioning of users to an external application |
| [Okta\_UserSync](/opengraph/extensions/okta/edges/okta_usersync) | ❌ | Bidirectional synchronization between Okta users and external identities |