Overview
Resource sets are collections of entities that can be used to scope custom role assignments in Okta. A resource set can contain the following object types:- Users
- Groups
- Applications
- API Service Integrations
- Devices
- Authorization servers
- Identity Providers
- Policies
- Entity risk policy
- Session protection policy
- Authentication policy
- Global session policy
- End user account management policy
- Shared Signals Framework (SSF) Receivers
-
Workflows(Gaps in the Okta API) -
Customizations(Gaps in the Okta API) -
Support cases(Gaps in the Okta API) -
Identity and Access Management Resources(Gaps in the Okta API)
Only the marked resource types are currently supported by
OktaHound as resource set members.
Some resource types, such as Workflows, are not accessible via the Okta API at all.
OktaHound, resource sets are represented as Okta_ResourceSet nodes.
Edges
The tables below list edges defined by the OktaHound extension only. Additional edges to or from this node may be created by other extensions.
Inbound Edges
| Edge Type | Source Node Types | Traversable |
|---|---|---|
| Okta_Contains | Okta_Organization | ✅ |
| Okta_ScopedTo | Okta_RoleAssignment | ❌ |
Outbound Edges
| Edge Type | Destination Node Types | Traversable |
|---|---|---|
| Okta_ResourceSetContains | Okta_User, Okta_Group, Okta_Application, Okta_ApiServiceIntegration, Okta_Device, Okta_AuthorizationServer, Okta_IdentityProvider, Okta_Policy | ✅ |
Properties
| Name | Source | Type | Description |
|---|---|---|---|
id | resourceSet.id + "@" + oktaDomain or resourceSet.id | string | Unique resource set identifier (domain-qualified). |
name | resourceSet.label | string | Resource set name. |
displayName | resourceSet.label | string | Display-friendly resource set name. |
oktaDomain | Collector context (non-API) | string | Okta organization domain where the resource set exists. |
description | resourceSet.description | string | Resource set description text. |
created | resourceSet.created | datetime | Resource set creation timestamp. |
lastUpdated | resourceSet.lastUpdated | datetime | Last resource set update timestamp. |
The built-in resource set
Workflows Resource Set has the WORKFLOWS_IAM_POLICY identifier in all Okta organizations.
To make it unique, the OktaHound collector adds the organization domain name as a suffix to the resource set’s ID, e.g., WORKFLOWS_IAM_POLICY@contoso.okta.com.