{"resources":{"okta":{"id":"okta","name":"okta","fields":{"api":{"name":"api","type":"\u001bokta.api","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"apiTokens":{"name":"apiTokens","type":"\u0019\u001bokta.api.token","title":"Okta API tokens","min_provider_version":"13.1.6","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"application":{"name":"application","type":"\u001bokta.application","title":"Okta Application","desc":"Examine an Okta application integration. Covers `id`, `name`, `label`, `signOnMode`, `status`, `features`, `credentials`, `settings`, `profile`, `licensing`, `visibility`, and lifecycle timestamps. The `signingKeys` method returns the `okta.application.key` records (SAML/OIDC signing certificates) published for the application.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"applications":{"name":"applications","type":"\u0019\u001bokta.application","title":"Okta applications","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"authenticator":{"name":"authenticator","type":"\u001bokta.authenticator","title":"Okta Authenticator","desc":"Examine an admin-defined MFA factor catalog entry in Okta. Covers identity fields such as `id`, `key`, `name`, `type`, and `status`, along with `settings` for the authenticator. Computed methods expose `providerType`, `providerConfiguration`, `allowedFor` (the policy scope), and `tokenLifetimeInMinutes` or `userVerification` for applicable authenticator types.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"authenticators":{"name":"authenticators","type":"\u0019\u001bokta.authenticator","title":"Okta authenticators (admin-defined MFA factors)","min_provider_version":"13.1.6","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"authorizationServer":{"name":"authorizationServer","type":"\u001bokta.authorizationServer","title":"Okta Custom Authorization Server","desc":"Examine a custom OAuth 2.0 authorization server that mints access tokens for APIs in your Okta organization. Covers identity and lifecycle fields (`id`, `name`, `description`, `issuer`, `issuerMode`, `status`, `default`, `audiences`, `created`, `lastUpdated`) and the active signing-key configuration (`signingKid`, `signingRotationMode`, `signingLastRotated`, `signingNextRotation`, `signingUse`). Computed methods expose `policies` (which clients can request which scopes), `scopes` and `claims` (what appears in issued tokens), and `keys` (the published JWKs used to verify access tokens).","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"authorizationServers":{"name":"authorizationServers","type":"\u0019\u001bokta.authorizationServer","title":"Custom OAuth 2.0 authorization servers defined in the Okta org","min_provider_version":"13.2.6","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"customRole":{"name":"customRole","type":"\u001bokta.customRole","title":"Okta Custom Role","desc":"Examine a custom administrator role defined in an Okta organization. Covers `id`, `label`, `description`, and `permissions` (the list of permission strings granted by the role).","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"customRoles":{"name":"customRoles","type":"\u0019\u001bokta.customRole","title":"Okta custom roles","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"domain":{"name":"domain","type":"\u001bokta.domain","title":"Okta Domain","desc":"Examine a custom domain configured for an Okta organization. Covers `id`, `domain` name, `validationStatus` (NOT_STARTED, IN_PROGRESS, VERIFIED, or COMPLETED), `dnsRecords` required for domain verification, and `publicCertificate` metadata for the domain's TLS certificate.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"domains":{"name":"domains","type":"\u0019\u001bokta.domain","title":"Okta domains","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"group":{"name":"group","type":"\u001bokta.group","title":"Okta Group","desc":"Examine an Okta group. Covers `id`, `name`, `description`, `type`, `profile`, and lifecycle timestamps `created`, `lastUpdated`, and `lastMembershipUpdated`. Computed methods expose `members` (the list of `okta.user` accounts in the group) and `roles` assigned to the group.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"groupRule":{"name":"groupRule","type":"\u001bokta.groupRule","title":"Okta Group Rule","desc":"Examine an Okta group rule that automatically assigns users to groups based on conditions. Covers `id`, `name`, `status`, and `type`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"groupRules":{"name":"groupRules","type":"\u0019\u001bokta.groupRule","title":"Okta group rules","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"groups":{"name":"groups","type":"\u0019\u001bokta.group","title":"Okta groups","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"identityProvider":{"name":"identityProvider","type":"\u001bokta.identityProvider","title":"Okta Identity Provider","desc":"Examine an external identity provider federated with your Okta organization. Covers `id`, `name`, `type` (e.g., SAML2, OIDC, GOOGLE, FACEBOOK, LINKEDIN, MICROSOFT, APPLE, X509), `status` (ACTIVE or INACTIVE), `issuerMode` (whether the issuer URL is the Okta org URL, a custom URL domain, or dynamic), the full `protocol` configuration (endpoints, credentials, algorithms, requested scopes, relay state), the `policy` configuration (account link, provisioning, subject matching, max clock skew), and lifecycle timestamps. `signingKeys` returns the X.509/JWK signing credentials trusted for assertions or tokens issued by this IdP — checking `expiresAt` catches expiring trust anchors.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"identityProviders":{"name":"identityProviders","type":"\u0019\u001bokta.identityProvider","title":"External identity providers federated with the Okta org (SAML2, OIDC, social)","min_provider_version":"13.2.6","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"network":{"name":"network","type":"\u001bokta.network","title":"Okta Network Zone","desc":"Examine an Okta network zone used to allow or block access based on IP address, ASN, or geolocation. Covers `id`, `name`, `type`, `status`, `usage` (POLICY or BLOCKLIST), `system`, `proxyType`, `asns`, `gateways`, `proxies`, and `locations`. Use network zones in policy conditions to restrict sign-on to known corporate networks.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"networks":{"name":"networks","type":"\u0019\u001bokta.network","title":"Okta networks","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"organization":{"name":"organization","type":"\u001bokta.organization","title":"Okta Organization","desc":"Examine tenant-level settings for your Okta organization. Covers identity information such as `companyName`, `subdomain`, address, and contact details, as well as operational fields like `status`, `created`, and `expiresAt`. Computed methods expose the `billingContact`, `technicalContact`, `securityNotificationEmails`, and `threatInsightSettings` for the organization.","provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"policies":{"name":"policies","type":"\u001bokta.policies","title":"Okta Policies","desc":"Iterate the policy collections available in your Okta organization. Provides access to `password`, `mfaEnroll`, `signOn`, `oauthAuthorizationPolicy`, `idpDiscovery`, `accessPolicy`, and `profileEnrollment` policy lists, each returning `okta.policy` records with their associated rules.","provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"policy":{"name":"policy","type":"\u001bokta.policy","title":"Okta Policy","desc":"Examine an Okta policy controlling authentication and access behavior. Covers `id`, `name`, `description`, `type`, `status`, `priority`, `system` (whether admin-editable), `conditions`, `settings`, and lifecycle timestamps. The `rules` method returns the ordered list of `okta.policyRule` records attached to the policy.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"policyRule":{"name":"policyRule","type":"\u001bokta.policyRule","title":"Okta policy rule","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"role":{"name":"role","type":"\u001bokta.role","title":"Okta Role","desc":"Examine a role assigned to an Okta user or group. Covers `id`, `label`, `type`, `assignmentType`, `status`, and lifecycle timestamps `created` and `lastUpdated`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"threatsConfiguration":{"name":"threatsConfiguration","type":"\u001bokta.threatsConfiguration","title":"Okta ThreatInsight Configuration","desc":"Examine the ThreatInsight settings for an Okta organization. Covers the `action` taken on suspicious IPs (audit or block), the `excludeZones` list of `okta.network` zones exempt from ThreatInsight evaluation, and lifecycle timestamps `created` and `lastUpdated`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"trustedOrigin":{"name":"trustedOrigin","type":"\u001bokta.trustedOrigin","title":"Okta Trusted Origin","desc":"Examine a trusted origin configured in an Okta organization. Covers `id`, `name`, `origin` URL, `status`, `scopes` (the list of scope types for which the origin is trusted), and audit fields `createdBy` and `lastUpdatedBy`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"trustedOrigins":{"name":"trustedOrigins","type":"\u0019\u001bokta.trustedOrigin","title":"Okta trusted origins","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"user":{"name":"user","type":"\u001bokta.user","title":"Okta User","desc":"Examine an individual Okta user account. Covers identity and lifecycle fields such as `id`, `status`, `activated`, `created`, `lastLogin`, and `passwordChanged`, plus the `profile` dict containing attributes like email and login name. Computed methods expose the `roles` assigned to the user and the MFA `factors` enrolled for the account.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"userFactor":{"name":"userFactor","type":"\u001bokta.userFactor","title":"Okta MFA factor enrolled by a user","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"users":{"name":"users","type":"\u0019\u001bokta.user","title":"Okta users","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta","desc":"Use the Okta namespace to access users, groups, applications, policies, trusted origins, network zones, authenticators, API tokens, and custom roles configured in your Okta organization. Query `okta.organization` for tenant-level settings such as billing contacts, threat insight configuration, and security notification preferences.","min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.api":{"id":"okta.api","fields":{"token":{"name":"token","type":"\u001bokta.api.token","title":"Okta API Token","desc":"Examine an API token used to authenticate to the Okta REST API. Covers `id`, `name`, `clientName`, lifecycle timestamps (`created`, `expiresAt`, `lastUpdated`), and `tokenWindow` (lifetime in ISO 8601 duration format). The `user` method resolves the Okta user the token belongs to.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true}},"is_extension":true},"okta.api.token":{"id":"okta.api.token","name":"okta.api.token","fields":{"clientName":{"name":"clientName","type":"\u0007","is_mandatory":true,"title":"ID of the client the token was created for","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Timestamp when the token was created","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"expiresAt":{"name":"expiresAt","type":"\t","is_mandatory":true,"title":"Timestamp when the token expires","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier of the API token","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"lastUpdated":{"name":"lastUpdated","type":"\t","is_mandatory":true,"title":"Timestamp when the token was last updated (also reflects the last time the token was used)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Display name of the token","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"tokenWindow":{"name":"tokenWindow","type":"\u0007","is_mandatory":true,"title":"Token window (lifetime) in ISO 8601 duration format","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"user":{"name":"user","type":"\u001bokta.user","title":"The user the token belongs to","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta API Token","desc":"Examine an API token used to authenticate to the Okta REST API. Covers `id`, `name`, `clientName`, lifecycle timestamps (`created`, `expiresAt`, `lastUpdated`), and `tokenWindow` (lifetime in ISO 8601 duration format). The `user` method resolves the Okta user the token belongs to.","private":true,"min_provider_version":"13.1.6","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.application":{"id":"okta.application","name":"okta.application","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Timestamp when the application was created","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"credentials":{"name":"credentials","type":"\n","is_mandatory":true,"title":"Credentials for the specified sign-on mode","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"features":{"name":"features","type":"\u0019\u0007","is_mandatory":true,"title":"Enabled app features","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique key for the application","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"key":{"name":"key","type":"\u001bokta.application.key","title":"Okta application signing key/certificate (JsonWebKey)","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"label":{"name":"label","type":"\u0007","is_mandatory":true,"title":"User-defined display name for the application","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"lastUpdated":{"name":"lastUpdated","type":"\t","is_mandatory":true,"title":"Timestamp when the application was last updated","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"licensing":{"name":"licensing","type":"\n","is_mandatory":true,"title":"Okta licensing information","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Unique key that defines the application","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"profile":{"name":"profile","type":"\n","is_mandatory":true,"title":"Valid JSON schema for specifying properties","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"settings":{"name":"settings","type":"\n","is_mandatory":true,"title":"Settings for the application","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"signOnMode":{"name":"signOnMode","type":"\u0007","is_mandatory":true,"title":"Authentication mode of the application","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"signingKeys":{"name":"signingKeys","type":"\u0019\u001bokta.application.key","title":"Signing keys/certificates published for this application (for SAML/OIDC signing)","min_provider_version":"13.1.6","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Status of the application","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"visibility":{"name":"visibility","type":"\n","is_mandatory":true,"title":"Visibility settings for the application","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta Application","desc":"Examine an Okta application integration. Covers `id`, `name`, `label`, `signOnMode`, `status`, `features`, `credentials`, `settings`, `profile`, `licensing`, `visibility`, and lifecycle timestamps. The `signingKeys` method returns the `okta.application.key` records (SAML/OIDC signing certificates) published for the application.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.application.key":{"id":"okta.application.key","name":"okta.application.key","fields":{"alg":{"name":"alg","type":"\u0007","is_mandatory":true,"title":"Algorithm used (e.g., RS256)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"applicationId":{"name":"applicationId","type":"\u0007","is_mandatory":true,"title":"ID of the application this key belongs to (composite with kid for uniqueness)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Timestamp when the key was created","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"e":{"name":"e","type":"\u0007","is_mandatory":true,"title":"RSA exponent","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"expiresAt":{"name":"expiresAt","type":"\t","is_mandatory":true,"title":"Timestamp when the key/certificate expires","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"keyOps":{"name":"keyOps","type":"\u0019\u0007","is_mandatory":true,"title":"Permitted key operations","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"kid":{"name":"kid","type":"\u0007","is_mandatory":true,"title":"Key ID of the application key","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"kty":{"name":"kty","type":"\u0007","is_mandatory":true,"title":"Key type (e.g., RSA)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"lastUpdated":{"name":"lastUpdated","type":"\t","is_mandatory":true,"title":"Timestamp when the key was last updated","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"n":{"name":"n","type":"\u0007","is_mandatory":true,"title":"RSA modulus","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Status of the key (e.g., ACTIVE, INACTIVE, EXPIRED)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"use":{"name":"use","type":"\u0007","is_mandatory":true,"title":"Public key use (e.g., sig, enc)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"x5c":{"name":"x5c","type":"\u0019\u0007","is_mandatory":true,"title":"X.509 certificate chain (PEM/DER without headers, base64-encoded)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"x5t":{"name":"x5t","type":"\u0007","is_mandatory":true,"title":"SHA-1 thumbprint of the X.509 certificate","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"x5tS256":{"name":"x5tS256","type":"\u0007","is_mandatory":true,"title":"SHA-256 thumbprint of the X.509 certificate","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta application signing key/certificate (JsonWebKey)","private":true,"min_provider_version":"13.1.6","defaults":"kid status expiresAt","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.authenticator":{"id":"okta.authenticator","name":"okta.authenticator","fields":{"allowedFor":{"name":"allowedFor","type":"\u0007","title":"Whether the authenticator is allowed for any policy (\"any\", \"recovery\", \"sso\", \"none\")","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Timestamp when the authenticator was created","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier of the authenticator","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"key":{"name":"key","type":"\u0007","is_mandatory":true,"title":"Stable key for the authenticator (e.g., okta_password, okta_email, phone_number, webauthn)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"lastUpdated":{"name":"lastUpdated","type":"\t","is_mandatory":true,"title":"Timestamp when the authenticator was last updated","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Display name of the authenticator","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"providerConfiguration":{"name":"providerConfiguration","type":"\n","title":"Provider-specific configuration","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"providerType":{"name":"providerType","type":"\u0007","title":"Provider type for this authenticator (e.g., OKTA, DUO)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"settings":{"name":"settings","type":"\n","is_mandatory":true,"title":"Authenticator settings (allowedFor, tokenLifetimeInMinutes, userVerification, etc.)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Status of the authenticator: ACTIVE or INACTIVE","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"tokenLifetimeInMinutes":{"name":"tokenLifetimeInMinutes","type":"\u0005","title":"Token lifetime in minutes (for email, OTP-style authenticators)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Type of authenticator (e.g., password, security_key, phone, email, app)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"userVerification":{"name":"userVerification","type":"\u0007","title":"User verification setting (e.g., REQUIRED, PREFERRED, DISCOURAGED)","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta Authenticator","desc":"Examine an admin-defined MFA factor catalog entry in Okta. Covers identity fields such as `id`, `key`, `name`, `type`, and `status`, along with `settings` for the authenticator. Computed methods expose `providerType`, `providerConfiguration`, `allowedFor` (the policy scope), and `tokenLifetimeInMinutes` or `userVerification` for applicable authenticator types.","private":true,"min_provider_version":"13.1.6","defaults":"name key status","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.authorizationServer":{"id":"okta.authorizationServer","name":"okta.authorizationServer","fields":{"audiences":{"name":"audiences","type":"\u0019\u0007","is_mandatory":true,"title":"Acceptable audiences for access tokens minted by this server","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"claim":{"name":"claim","type":"\u001bokta.authorizationServer.claim","title":"Okta Authorization Server Claim","desc":"Examine a claim included in access or ID tokens issued by a custom authorization server. Covers `id`, `name`, `status`, `claimType` (RESOURCE claims appear in access tokens, IDENTITY claims in ID tokens), `valueType` (EXPRESSION, GROUPS, or SYSTEM), `value` (Okta Expression Language source or group filter pattern), `alwaysIncludeInToken` (vs. only when the matching scope is granted), `groupFilterType` (for groups claims), the `scopes` that must be granted for this claim to appear, and `system` (built-in claim).","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"claims":{"name":"claims","type":"\u0019\u001bokta.authorizationServer.claim","title":"Claims included in access or ID tokens issued by this server","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Timestamp when the authorization server was created","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"default":{"name":"default","type":"\u0004","is_mandatory":true,"title":"Whether this is the default authorization server for the org","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Description of the authorization server","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier of the authorization server","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"issuer":{"name":"issuer","type":"\u0007","is_mandatory":true,"title":"Issuer URL advertised in the OIDC discovery document","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"issuerMode":{"name":"issuerMode","type":"\u0007","is_mandatory":true,"title":"Issuer mode for tokens","desc":"One of ORG_URL, CUSTOM_URL, or DYNAMIC.","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"key":{"name":"key","type":"\u001bokta.authorizationServer.key","title":"Okta Authorization Server signing key (JsonWebKey)","desc":"Examine a JsonWebKey published by a custom authorization server for verifying access tokens. Covers `kid`, `status` (ACTIVE, NEXT, or EXPIRED), signing algorithm metadata (`alg`, `kty`, `use`, `keyOps`), the embedded X.509 certificate chain (`x5c`) and SHA-1/SHA-256 thumbprints (`x5t`, `x5tS256`), the RSA modulus/exponent (`n`, `e`), and lifecycle timestamps.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"keys":{"name":"keys","type":"\u0019\u001bokta.authorizationServer.key","title":"Published signing keys for access tokens issued by this server","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"lastUpdated":{"name":"lastUpdated","type":"\t","is_mandatory":true,"title":"Timestamp when the authorization server was last updated","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Display name of the authorization server","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"policies":{"name":"policies","type":"\u0019\u001bokta.authorizationServer.policy","title":"Policies controlling which clients can request which scopes","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"policy":{"name":"policy","type":"\u001bokta.authorizationServer.policy","title":"Okta Authorization Server Policy","desc":"Examine a policy on a custom authorization server. Policies grant specific OAuth 2.0 clients access to specific scopes under specific conditions. Covers `id`, `name`, `description`, `priority`, `status`, `system` (whether admin-editable), `type`, and `conditions` (typically the client allowlist). `rules` returns the ordered list of rules attached to the policy.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"policyRule":{"name":"policyRule","type":"\u001bokta.authorizationServer.policyRule","title":"Okta Authorization Server Policy Rule","desc":"Examine a rule on an authorization-server policy. Rules govern which OAuth 2.0 grant types and scopes are permitted, the access-token and refresh-token lifetimes, and the inline hook (if any) invoked when access tokens are minted. Covers `id`, `name`, `priority`, `status`, `system`, `type`, `actions` (token lifetimes, inline hook, granted scopes), `conditions` (grant types, scopes, people), and lifecycle timestamps.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"scope":{"name":"scope","type":"\u001bokta.authorizationServer.scope","title":"Okta Authorization Server Scope","desc":"Examine an OAuth 2.0 scope defined on a custom authorization server. Covers `id`, `name` (the programmatic value sent in `scope=`), `displayName` and `description` (shown on the consent prompt), `consent`, `default` (granted without being requested), `metadataPublish` (whether the scope is published in the `.well-known` discovery document), and `system` (built-in scope).","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"scopes":{"name":"scopes","type":"\u0019\u001bokta.authorizationServer.scope","title":"OAuth 2.0 scopes defined on this authorization server","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"signingKid":{"name":"signingKid","type":"\u0007","is_mandatory":true,"title":"Key ID of the active signing key","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"signingLastRotated":{"name":"signingLastRotated","type":"\t","is_mandatory":true,"title":"Timestamp when the signing key was last rotated","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"signingNextRotation":{"name":"signingNextRotation","type":"\t","is_mandatory":true,"title":"Timestamp of the next scheduled signing key rotation","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"signingRotationMode":{"name":"signingRotationMode","type":"\u0007","is_mandatory":true,"title":"Signing key rotation mode: AUTO or MANUAL","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"signingUse":{"name":"signingUse","type":"\u0007","is_mandatory":true,"title":"Intended use of the signing key (e.g., sig)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Status of the authorization server: ACTIVE or INACTIVE","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta Custom Authorization Server","desc":"Examine a custom OAuth 2.0 authorization server that mints access tokens for APIs in your Okta organization. Covers identity and lifecycle fields (`id`, `name`, `description`, `issuer`, `issuerMode`, `status`, `default`, `audiences`, `created`, `lastUpdated`) and the active signing-key configuration (`signingKid`, `signingRotationMode`, `signingLastRotated`, `signingNextRotation`, `signingUse`). Computed methods expose `policies` (which clients can request which scopes), `scopes` and `claims` (what appears in issued tokens), and `keys` (the published JWKs used to verify access tokens).","private":true,"min_provider_version":"13.2.6","defaults":"name status issuer","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.authorizationServer.claim":{"id":"okta.authorizationServer.claim","name":"okta.authorizationServer.claim","fields":{"alwaysIncludeInToken":{"name":"alwaysIncludeInToken","type":"\u0004","is_mandatory":true,"title":"Whether the claim is included in tokens regardless of granted scopes","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"authorizationServerId":{"name":"authorizationServerId","type":"\u0007","is_mandatory":true,"title":"ID of the authorization server this claim belongs to","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"claimType":{"name":"claimType","type":"\u0007","is_mandatory":true,"title":"Claim type","desc":"RESOURCE claims appear in access tokens; IDENTITY claims appear in ID tokens.","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"groupFilterType":{"name":"groupFilterType","type":"\u0007","is_mandatory":true,"title":"For groups claims: STARTS_WITH, EQUALS, CONTAINS, or REGEX","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Identifier of the claim","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the claim","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"scopes":{"name":"scopes","type":"\u0019\u0007","is_mandatory":true,"title":"Scopes that must be granted for this claim to be included","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Status of the claim: ACTIVE or INACTIVE","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"system":{"name":"system","type":"\u0004","is_mandatory":true,"title":"Whether the claim is system-managed","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"value":{"name":"value","type":"\u0007","is_mandatory":true,"title":"The Okta Expression Language source or group filter pattern","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"valueType":{"name":"valueType","type":"\u0007","is_mandatory":true,"title":"Value type","desc":"One of EXPRESSION, GROUPS, or SYSTEM.","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta Authorization Server Claim","desc":"Examine a claim included in access or ID tokens issued by a custom authorization server. Covers `id`, `name`, `status`, `claimType` (RESOURCE claims appear in access tokens, IDENTITY claims in ID tokens), `valueType` (EXPRESSION, GROUPS, or SYSTEM), `value` (Okta Expression Language source or group filter pattern), `alwaysIncludeInToken` (vs. only when the matching scope is granted), `groupFilterType` (for groups claims), the `scopes` that must be granted for this claim to appear, and `system` (built-in claim).","private":true,"min_provider_version":"13.2.6","defaults":"name status claimType","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.authorizationServer.key":{"id":"okta.authorizationServer.key","name":"okta.authorizationServer.key","fields":{"alg":{"name":"alg","type":"\u0007","is_mandatory":true,"title":"Algorithm used (e.g., RS256)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"authorizationServerId":{"name":"authorizationServerId","type":"\u0007","is_mandatory":true,"title":"ID of the authorization server this key belongs to","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Timestamp when the key was created","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"e":{"name":"e","type":"\u0007","is_mandatory":true,"title":"RSA exponent","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"expiresAt":{"name":"expiresAt","type":"\t","is_mandatory":true,"title":"Timestamp when the key/certificate expires","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"keyOps":{"name":"keyOps","type":"\u0019\u0007","is_mandatory":true,"title":"Permitted key operations","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"kid":{"name":"kid","type":"\u0007","is_mandatory":true,"title":"Key ID","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"kty":{"name":"kty","type":"\u0007","is_mandatory":true,"title":"Key type (e.g., RSA)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"lastUpdated":{"name":"lastUpdated","type":"\t","is_mandatory":true,"title":"Timestamp when the key was last updated","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"n":{"name":"n","type":"\u0007","is_mandatory":true,"title":"RSA modulus","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Status of the key (e.g., ACTIVE, NEXT, EXPIRED)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"use":{"name":"use","type":"\u0007","is_mandatory":true,"title":"Public key use (e.g., sig)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"x5c":{"name":"x5c","type":"\u0019\u0007","is_mandatory":true,"title":"X.509 certificate chain (PEM/DER without headers, base64-encoded)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"x5t":{"name":"x5t","type":"\u0007","is_mandatory":true,"title":"SHA-1 thumbprint of the X.509 certificate","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"x5tS256":{"name":"x5tS256","type":"\u0007","is_mandatory":true,"title":"SHA-256 thumbprint of the X.509 certificate","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta Authorization Server signing key (JsonWebKey)","desc":"Examine a JsonWebKey published by a custom authorization server for verifying access tokens. Covers `kid`, `status` (ACTIVE, NEXT, or EXPIRED), signing algorithm metadata (`alg`, `kty`, `use`, `keyOps`), the embedded X.509 certificate chain (`x5c`) and SHA-1/SHA-256 thumbprints (`x5t`, `x5tS256`), the RSA modulus/exponent (`n`, `e`), and lifecycle timestamps.","private":true,"min_provider_version":"13.2.6","defaults":"kid status","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.authorizationServer.policy":{"id":"okta.authorizationServer.policy","name":"okta.authorizationServer.policy","fields":{"authorizationServerId":{"name":"authorizationServerId","type":"\u0007","is_mandatory":true,"title":"ID of the authorization server this policy belongs to","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"conditions":{"name":"conditions","type":"\n","is_mandatory":true,"title":"Conditions: typically which clients the policy applies to","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Timestamp when the policy was created","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Description of the policy","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Identifier of the policy","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"lastUpdated":{"name":"lastUpdated","type":"\t","is_mandatory":true,"title":"Timestamp when the policy was last modified","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the policy","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"priority":{"name":"priority","type":"\u0005","is_mandatory":true,"title":"Priority of the policy","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"rules":{"name":"rules","type":"\u0019\u001bokta.authorizationServer.policyRule","title":"Rules attached to the policy","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Status of the policy: ACTIVE or INACTIVE","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"system":{"name":"system","type":"\u0004","is_mandatory":true,"title":"Whether the policy is system-managed","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Policy type (typically OAUTH_AUTHORIZATION_POLICY)","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta Authorization Server Policy","desc":"Examine a policy on a custom authorization server. Policies grant specific OAuth 2.0 clients access to specific scopes under specific conditions. Covers `id`, `name`, `description`, `priority`, `status`, `system` (whether admin-editable), `type`, and `conditions` (typically the client allowlist). `rules` returns the ordered list of rules attached to the policy.","private":true,"min_provider_version":"13.2.6","defaults":"name status priority","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.authorizationServer.policyRule":{"id":"okta.authorizationServer.policyRule","name":"okta.authorizationServer.policyRule","fields":{"actions":{"name":"actions","type":"\n","is_mandatory":true,"title":"Actions: token lifetimes, inline hook, granted scopes","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"authorizationServerId":{"name":"authorizationServerId","type":"\u0007","is_mandatory":true,"title":"ID of the authorization server this rule's policy belongs to","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"conditions":{"name":"conditions","type":"\n","is_mandatory":true,"title":"Conditions: grant types, scopes, people the rule applies to","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Timestamp when the rule was created","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Identifier of the rule","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"lastUpdated":{"name":"lastUpdated","type":"\t","is_mandatory":true,"title":"Timestamp when the rule was last updated","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the rule","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"policyId":{"name":"policyId","type":"\u0007","is_mandatory":true,"title":"ID of the policy this rule belongs to","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"priority":{"name":"priority","type":"\u0005","is_mandatory":true,"title":"Priority of the rule","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Status of the rule: ACTIVE or INACTIVE","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"system":{"name":"system","type":"\u0004","is_mandatory":true,"title":"Whether the rule is system-managed","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Rule type (typically RESOURCE_ACCESS)","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta Authorization Server Policy Rule","desc":"Examine a rule on an authorization-server policy. Rules govern which OAuth 2.0 grant types and scopes are permitted, the access-token and refresh-token lifetimes, and the inline hook (if any) invoked when access tokens are minted. Covers `id`, `name`, `priority`, `status`, `system`, `type`, `actions` (token lifetimes, inline hook, granted scopes), `conditions` (grant types, scopes, people), and lifecycle timestamps.","private":true,"min_provider_version":"13.2.6","defaults":"name status priority","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.authorizationServer.scope":{"id":"okta.authorizationServer.scope","name":"okta.authorizationServer.scope","fields":{"authorizationServerId":{"name":"authorizationServerId","type":"\u0007","is_mandatory":true,"title":"ID of the authorization server this scope belongs to","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"consent":{"name":"consent","type":"\u0007","is_mandatory":true,"title":"Consent requirement","desc":"One of REQUIRED, IMPLICIT, or FLEXIBLE.","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"default":{"name":"default","type":"\u0004","is_mandatory":true,"title":"Whether the scope is granted by default","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Description shown on the consent prompt","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name shown on the consent prompt","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Identifier of the scope","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"metadataPublish":{"name":"metadataPublish","type":"\u0007","is_mandatory":true,"title":"Whether the scope is published in discovery metadata","desc":"One of ALL_CLIENTS or NO_CLIENTS.","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Programmatic name (e.g., openid, email, profile, custom:read)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"system":{"name":"system","type":"\u0004","is_mandatory":true,"title":"Whether the scope is system-managed","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta Authorization Server Scope","desc":"Examine an OAuth 2.0 scope defined on a custom authorization server. Covers `id`, `name` (the programmatic value sent in `scope=`), `displayName` and `description` (shown on the consent prompt), `consent`, `default` (granted without being requested), `metadataPublish` (whether the scope is published in the `.well-known` discovery document), and `system` (built-in scope).","private":true,"min_provider_version":"13.2.6","defaults":"name consent","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.customRole":{"id":"okta.customRole","name":"okta.customRole","fields":{"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Description of the custom role","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Identifier for the custom role","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"label":{"name":"label","type":"\u0007","is_mandatory":true,"title":"Name of the custom role","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"permissions":{"name":"permissions","type":"\u0019\u0007","is_mandatory":true,"title":"Role permissions","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta Custom Role","desc":"Examine a custom administrator role defined in an Okta organization. Covers `id`, `label`, `description`, and `permissions` (the list of permission strings granted by the role).","private":true,"min_provider_version":"9.1.1","defaults":"label","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.domain":{"id":"okta.domain","name":"okta.domain","fields":{"dnsRecords":{"name":"dnsRecords","type":"\u0019\n","is_mandatory":true,"title":"TXT and CNAME records to be registered for the domain","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"domain":{"name":"domain","type":"\u0007","is_mandatory":true,"title":"Domain name","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Domain ID","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"publicCertificate":{"name":"publicCertificate","type":"\n","is_mandatory":true,"title":"Certificate metadata for the domain","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"validationStatus":{"name":"validationStatus","type":"\u0007","is_mandatory":true,"title":"Status of the domain: NOT_STARTED, IN_PROGRESS, VERIFIED, or COMPLETED","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta Domain","desc":"Examine a custom domain configured for an Okta organization. Covers `id`, `domain` name, `validationStatus` (NOT_STARTED, IN_PROGRESS, VERIFIED, or COMPLETED), `dnsRecords` required for domain verification, and `publicCertificate` metadata for the domain's TLS certificate.","private":true,"min_provider_version":"9.0.0","defaults":"domain","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.group":{"id":"okta.group","name":"okta.group","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Timestamp when group was created","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Group description","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique key for the group","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"lastMembershipUpdated":{"name":"lastMembershipUpdated","type":"\t","is_mandatory":true,"title":"Timestamp when group's memberships were last updated","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"lastUpdated":{"name":"lastUpdated","type":"\t","is_mandatory":true,"title":"Timestamp when group's profile was last updated","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"members":{"name":"members","type":"\u0019\u001bokta.user","title":"Group members","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Group name","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"profile":{"name":"profile","type":"\n","is_mandatory":true,"title":"The group's profile properties","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"roles":{"name":"roles","type":"\u0019\u001bokta.role","title":"Group roles","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"type":{"name":"type","type":"\n","is_mandatory":true,"title":"Determines how a group's profile and memberships are managed","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta Group","desc":"Examine an Okta group. Covers `id`, `name`, `description`, `type`, `profile`, and lifecycle timestamps `created`, `lastUpdated`, and `lastMembershipUpdated`. Computed methods expose `members` (the list of `okta.user` accounts in the group) and `roles` assigned to the group.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.groupRule":{"id":"okta.groupRule","name":"okta.groupRule","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique key for the group rule","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Group rule name","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Group rule status","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Group rule type","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta Group Rule","desc":"Examine an Okta group rule that automatically assigns users to groups based on conditions. Covers `id`, `name`, `status`, and `type`.","private":true,"min_provider_version":"9.1.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.identityProvider":{"id":"okta.identityProvider","name":"okta.identityProvider","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Timestamp when the identity provider was created","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier of the identity provider","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"issuerMode":{"name":"issuerMode","type":"\u0007","is_mandatory":true,"title":"Issuer mode for OIDC/SAML responses","desc":"One of ORG_URL, CUSTOM_URL_DOMAIN, or DYNAMIC.","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"key":{"name":"key","type":"\u001bokta.identityProvider.key","title":"Okta Identity Provider signing key (JsonWebKey)","desc":"Examine a JsonWebKey trusted by Okta for verifying assertions or tokens from a federated identity provider. Covers `kid`, `status`, signing algorithm metadata (`alg`, `kty`, `use`, `keyOps`), the embedded X.509 certificate chain (`x5c`) and SHA-1/SHA-256 thumbprints (`x5t`, `x5tS256`), the RSA modulus/exponent (`n`, `e`), and lifecycle timestamps. The `expiresAt` timestamp marks when the certificate must be rotated to keep federation working.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/okta","is_implicit_resource":true},"lastUpdated":{"name":"lastUpdated","type":"\t","is_mandatory":true,"title":"Timestamp when the identity provider was last updated","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Display name of the identity provider","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"policy":{"name":"policy","type":"\n","is_mandatory":true,"title":"Policy configuration","desc":"Includes account link policy (filter, action), provisioning policy (action, profile master, group assignments, conditions), subject matching (matchType, matchAttribute, filter), and maxClockSkew.","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"protocol":{"name":"protocol","type":"\n","is_mandatory":true,"title":"Protocol configuration","desc":"Shape varies by `type`. Typical keys include: - type: SAML2, OIDC, OAUTH2, MTLS - endpoints: { authorization, token, userInfo, jwks, acs, sso, sloRedirect } - credentials: { client, signing, trust } - algorithms: { request, response } signing/encryption settings - scopes: requested OAuth/OIDC scopes - relayState: SAML relay-state format - settings: protocol-specific settings (nameFormat, honorForce, etc.)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"signingKeys":{"name":"signingKeys","type":"\u0019\u001bokta.identityProvider.key","title":"Signing key credentials trusted for assertions or tokens issued by this IdP","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Status of the identity provider: ACTIVE or INACTIVE","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Type of identity provider","desc":"One of SAML2, OIDC, OAUTH2, GOOGLE, FACEBOOK, LINKEDIN, MICROSOFT, APPLE, X509, or other social/federation types Okta exposes.","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta Identity Provider","desc":"Examine an external identity provider federated with your Okta organization. Covers `id`, `name`, `type` (e.g., SAML2, OIDC, GOOGLE, FACEBOOK, LINKEDIN, MICROSOFT, APPLE, X509), `status` (ACTIVE or INACTIVE), `issuerMode` (whether the issuer URL is the Okta org URL, a custom URL domain, or dynamic), the full `protocol` configuration (endpoints, credentials, algorithms, requested scopes, relay state), the `policy` configuration (account link, provisioning, subject matching, max clock skew), and lifecycle timestamps. `signingKeys` returns the X.509/JWK signing credentials trusted for assertions or tokens issued by this IdP — checking `expiresAt` catches expiring trust anchors.","private":true,"min_provider_version":"13.2.6","defaults":"name type status","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.identityProvider.key":{"id":"okta.identityProvider.key","name":"okta.identityProvider.key","fields":{"alg":{"name":"alg","type":"\u0007","is_mandatory":true,"title":"Algorithm used (e.g., RS256)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Timestamp when the key was created","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"e":{"name":"e","type":"\u0007","is_mandatory":true,"title":"RSA exponent","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"expiresAt":{"name":"expiresAt","type":"\t","is_mandatory":true,"title":"Timestamp when the key/certificate expires","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"identityProviderId":{"name":"identityProviderId","type":"\u0007","is_mandatory":true,"title":"ID of the identity provider this key belongs to","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"keyOps":{"name":"keyOps","type":"\u0019\u0007","is_mandatory":true,"title":"Permitted key operations","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"kid":{"name":"kid","type":"\u0007","is_mandatory":true,"title":"Key ID","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"kty":{"name":"kty","type":"\u0007","is_mandatory":true,"title":"Key type (e.g., RSA)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"lastUpdated":{"name":"lastUpdated","type":"\t","is_mandatory":true,"title":"Timestamp when the key was last updated","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"n":{"name":"n","type":"\u0007","is_mandatory":true,"title":"RSA modulus","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Status of the key (e.g., ACTIVE, INACTIVE, EXPIRED)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"use":{"name":"use","type":"\u0007","is_mandatory":true,"title":"Public key use (e.g., sig)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"x5c":{"name":"x5c","type":"\u0019\u0007","is_mandatory":true,"title":"X.509 certificate chain (PEM/DER without headers, base64-encoded)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"x5t":{"name":"x5t","type":"\u0007","is_mandatory":true,"title":"SHA-1 thumbprint of the X.509 certificate","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"x5tS256":{"name":"x5tS256","type":"\u0007","is_mandatory":true,"title":"SHA-256 thumbprint of the X.509 certificate","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta Identity Provider signing key (JsonWebKey)","desc":"Examine a JsonWebKey trusted by Okta for verifying assertions or tokens from a federated identity provider. Covers `kid`, `status`, signing algorithm metadata (`alg`, `kty`, `use`, `keyOps`), the embedded X.509 certificate chain (`x5c`) and SHA-1/SHA-256 thumbprints (`x5t`, `x5tS256`), the RSA modulus/exponent (`n`, `e`), and lifecycle timestamps. The `expiresAt` timestamp marks when the certificate must be rotated to keep federation working.","private":true,"min_provider_version":"13.2.6","defaults":"kid status expiresAt","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.network":{"id":"okta.network","name":"okta.network","fields":{"asns":{"name":"asns","type":"\u0019\u0007","is_mandatory":true,"title":"ISP ASNs for the network zone","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Timestamp when the network zone was created","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"gateways":{"name":"gateways","type":"\u0019\n","is_mandatory":true,"title":"IP addresses of this zone","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier for the network zone","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"lastUpdated":{"name":"lastUpdated","type":"\t","is_mandatory":true,"title":"Timestamp when the network zone was last updated","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"locations":{"name":"locations","type":"\u0019\n","is_mandatory":true,"title":"Locations for the network zone","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name for the network zone","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"proxies":{"name":"proxies","type":"\u0019\n","is_mandatory":true,"title":"IP addresses that are allowed to forward a request from the gateway","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"proxyType":{"name":"proxyType","type":"\u0007","is_mandatory":true,"title":"IP type","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Status of the network zone","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"system":{"name":"system","type":"\u0004","is_mandatory":true,"title":"Whether the network zone is system-managed (built-in and not user-editable)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Type of the network zone","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"usage":{"name":"usage","type":"\u0007","is_mandatory":true,"title":"Usage of zone: POLICY or BLOCKLIST","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta Network Zone","desc":"Examine an Okta network zone used to allow or block access based on IP address, ASN, or geolocation. Covers `id`, `name`, `type`, `status`, `usage` (POLICY or BLOCKLIST), `system`, `proxyType`, `asns`, `gateways`, `proxies`, and `locations`. Use network zones in policy conditions to restrict sign-on to known corporate networks.","private":true,"min_provider_version":"9.0.0","defaults":"name type","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.organization":{"id":"okta.organization","name":"okta.organization","fields":{"address1":{"name":"address1","type":"\u0007","is_mandatory":true,"title":"Primary address of organization","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"address2":{"name":"address2","type":"\u0007","is_mandatory":true,"title":"Secondary address of organization","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"billingContact":{"name":"billingContact","type":"\u001bokta.user","title":"Billing contact of organization","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"city":{"name":"city","type":"\u0007","is_mandatory":true,"title":"City of organization","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"companyName":{"name":"companyName","type":"\u0007","is_mandatory":true,"title":"Name of the company","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"country":{"name":"country","type":"\u0007","is_mandatory":true,"title":"Country code of organization","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Timestamp when organization was created","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"endUserSupportHelpURL":{"name":"endUserSupportHelpURL","type":"\u0007","is_mandatory":true,"title":"Support link of organization","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"expiresAt":{"name":"expiresAt","type":"\t","is_mandatory":true,"title":"Expiration of organization","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"ID of organization","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"lastUpdated":{"name":"lastUpdated","type":"\t","is_mandatory":true,"title":"Timestamp when org was last updated","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"optOutCommunicationEmails":{"name":"optOutCommunicationEmails","type":"\u0004","title":"Whether the organization's users receive Okta communication email","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"phoneNumber":{"name":"phoneNumber","type":"\u0007","is_mandatory":true,"title":"Phone number of organization","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"postalCode":{"name":"postalCode","type":"\u0007","is_mandatory":true,"title":"Postal code of organization","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"securityNotificationEmails":{"name":"securityNotificationEmails","type":"\n","title":"Security notification email","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"State of organization","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Status of organization. Accepted values: ACTIVE, INACTIVE","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"subdomain":{"name":"subdomain","type":"\u0007","is_mandatory":true,"title":"Subdomain of organization","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"supportPhoneNumber":{"name":"supportPhoneNumber","type":"\u0007","is_mandatory":true,"title":"Support help phone of organization","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"technicalContact":{"name":"technicalContact","type":"\u001bokta.user","title":"Technical contact of organization","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"threatInsightSettings":{"name":"threatInsightSettings","type":"\u001bokta.threatsConfiguration","title":"Okta ThreatInsight settings","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"website":{"name":"website","type":"\u0007","is_mandatory":true,"title":"The organization's website","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta Organization","desc":"Examine tenant-level settings for your Okta organization. Covers identity information such as `companyName`, `subdomain`, address, and contact details, as well as operational fields like `status`, `created`, and `expiresAt`. Computed methods expose the `billingContact`, `technicalContact`, `securityNotificationEmails`, and `threatInsightSettings` for the organization.","min_provider_version":"9.0.0","defaults":"companyName","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.policies":{"id":"okta.policies","name":"okta.policies","fields":{"accessPolicy":{"name":"accessPolicy","type":"\u0019\u001bokta.policy","title":"Access policies","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"idpDiscovery":{"name":"idpDiscovery","type":"\u0019\u001bokta.policy","title":"IDP discovery policies","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"mfaEnroll":{"name":"mfaEnroll","type":"\u0019\u001bokta.policy","title":"MFA policies","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"oauthAuthorizationPolicy":{"name":"oauthAuthorizationPolicy","type":"\u0019\u001bokta.policy","title":"OAuth authorization policies","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"password":{"name":"password","type":"\u0019\u001bokta.policy","title":"Password policies","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"profileEnrollment":{"name":"profileEnrollment","type":"\u0019\u001bokta.policy","title":"Profile enforcement policies","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"signOn":{"name":"signOn","type":"\u0019\u001bokta.policy","title":"Sign-on policies","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta Policies","desc":"Iterate the policy collections available in your Okta organization. Provides access to `password`, `mfaEnroll`, `signOn`, `oauthAuthorizationPolicy`, `idpDiscovery`, `accessPolicy`, and `profileEnrollment` policy lists, each returning `okta.policy` records with their associated rules.","min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.policy":{"id":"okta.policy","name":"okta.policy","fields":{"conditions":{"name":"conditions","type":"\n","is_mandatory":true,"title":"Conditions for policy","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Timestamp when the policy was created","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Description of the policy","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Identifier of the policy","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"lastUpdated":{"name":"lastUpdated","type":"\t","is_mandatory":true,"title":"Timestamp when the policy was last modified","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the policy","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"priority":{"name":"priority","type":"\u0005","is_mandatory":true,"title":"Priority of the policy","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"rules":{"name":"rules","type":"\u0019\u001bokta.policyRule","title":"Rules attached to the policy","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"settings":{"name":"settings","type":"\n","is_mandatory":true,"title":"Settings for the policy","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Status of the policy: ACTIVE or INACTIVE","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"system":{"name":"system","type":"\u0004","is_mandatory":true,"title":"Whether the policy is system-managed (built-in and not user-editable)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Specifies the type of policy","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta Policy","desc":"Examine an Okta policy controlling authentication and access behavior. Covers `id`, `name`, `description`, `type`, `status`, `priority`, `system` (whether admin-editable), `conditions`, `settings`, and lifecycle timestamps. The `rules` method returns the ordered list of `okta.policyRule` records attached to the policy.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.policyRule":{"id":"okta.policyRule","name":"okta.policyRule","fields":{"actions":{"name":"actions","type":"\n","is_mandatory":true,"title":"Actions for rule","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"conditions":{"name":"conditions","type":"\n","is_mandatory":true,"title":"Conditions for a rule","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Timestamp when the rule was created","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Identifier of the rule","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"lastUpdated":{"name":"lastUpdated","type":"\t","is_mandatory":true,"title":"Timestamp when the rule was last modified","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the rule","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"priority":{"name":"priority","type":"\u0005","is_mandatory":true,"title":"Priority of the rule","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Status of the rule: ACTIVE or INACTIVE","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"system":{"name":"system","type":"\u0004","is_mandatory":true,"title":"Whether the rule is system-managed (built-in and not user-editable)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Rule type","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta policy rule","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.role":{"id":"okta.role","name":"okta.role","fields":{"assignmentType":{"name":"assignmentType","type":"\u0007","is_mandatory":true,"title":"The assignment type of the role","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Timestamp when the role was created","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"The identifier of the role","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"label":{"name":"label","type":"\u0007","is_mandatory":true,"title":"The label of the role","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"lastUpdated":{"name":"lastUpdated","type":"\t","is_mandatory":true,"title":"Timestamp when the role was last updated","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"The status of the role","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"The type of the role","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta Role","desc":"Examine a role assigned to an Okta user or group. Covers `id`, `label`, `type`, `assignmentType`, `status`, and lifecycle timestamps `created` and `lastUpdated`.","private":true,"min_provider_version":"9.0.0","defaults":"label status","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.threatsConfiguration":{"id":"okta.threatsConfiguration","name":"okta.threatsConfiguration","fields":{"action":{"name":"action","type":"\u0007","is_mandatory":true,"title":"Action","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Timestamp when the network zone was created","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"excludeZones":{"name":"excludeZones","type":"\u0019\u001bokta.network","is_mandatory":true,"title":"Exempt zones","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"lastUpdated":{"name":"lastUpdated","type":"\t","is_mandatory":true,"title":"Timestamp when the network zone was last updated","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta ThreatInsight Configuration","desc":"Examine the ThreatInsight settings for an Okta organization. Covers the `action` taken on suspicious IPs (audit or block), the `excludeZones` list of `okta.network` zones exempt from ThreatInsight evaluation, and lifecycle timestamps `created` and `lastUpdated`.","private":true,"min_provider_version":"9.0.0","defaults":"action","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.trustedOrigin":{"id":"okta.trustedOrigin","name":"okta.trustedOrigin","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Timestamp when the trusted origin was created","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"createdBy":{"name":"createdBy","type":"\u0007","is_mandatory":true,"title":"ID of the entity that created the trusted origin","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier for the trusted origin","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"lastUpdated":{"name":"lastUpdated","type":"\t","is_mandatory":true,"title":"Timestamp when the trusted origin was last updated","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"lastUpdatedBy":{"name":"lastUpdatedBy","type":"\u0007","is_mandatory":true,"title":"ID of entity that last updated the trusted origin","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name for the trusted origin","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"origin":{"name":"origin","type":"\u0007","is_mandatory":true,"title":"Unique origin URL for the trusted origin","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"scopes":{"name":"scopes","type":"\u0019\n","is_mandatory":true,"title":"Array of scope types for which this trusted origin is used","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Status of the trusted origin","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta Trusted Origin","desc":"Examine a trusted origin configured in an Okta organization. Covers `id`, `name`, `origin` URL, `status`, `scopes` (the list of scope types for which the origin is trusted), and audit fields `createdBy` and `lastUpdatedBy`.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.user":{"id":"okta.user","name":"okta.user","fields":{"activated":{"name":"activated","type":"\t","is_mandatory":true,"title":"Timestamp when the user was activated","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Timestamp when user was created","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"credentials":{"name":"credentials","type":"\n","is_mandatory":true,"title":"User credentials","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"factors":{"name":"factors","type":"\u0019\u001bokta.userFactor","title":"MFA factors enrolled by the user","min_provider_version":"13.1.6","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique key for user","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"lastLogin":{"name":"lastLogin","type":"\t","is_mandatory":true,"title":"Timestamp of last login","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"lastUpdated":{"name":"lastUpdated","type":"\t","is_mandatory":true,"title":"Timestamp when user was last updated","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"passwordChanged":{"name":"passwordChanged","type":"\t","is_mandatory":true,"title":"Timestamp when password last changed","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"profile":{"name":"profile","type":"\n","is_mandatory":true,"title":"User profile properties","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"roles":{"name":"roles","type":"\u0019\u001bokta.role","title":"The roles assigned to the user","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Current status of user","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"statusChanged":{"name":"statusChanged","type":"\t","is_mandatory":true,"title":"Timestamp when status last changed","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"transitioningToStatus":{"name":"transitioningToStatus","type":"\u0007","is_mandatory":true,"title":"Target status of an in-progress asynchronous status transition","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"type":{"name":"type","type":"\n","is_mandatory":true,"title":"User's type object","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"typeId":{"name":"typeId","type":"\u0007","is_mandatory":true,"title":"User's type identifier","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta User","desc":"Examine an individual Okta user account. Covers identity and lifecycle fields such as `id`, `status`, `activated`, `created`, `lastLogin`, and `passwordChanged`, plus the `profile` dict containing attributes like email and login name. Computed methods expose the `roles` assigned to the user and the MFA `factors` enrolled for the account.","private":true,"min_provider_version":"9.0.0","defaults":"profile['email']","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"okta.userFactor":{"id":"okta.userFactor","name":"okta.userFactor","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Timestamp when the factor was enrolled","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"factorType":{"name":"factorType","type":"\u0007","is_mandatory":true,"title":"Type of factor (e.g., token:software:totp, push, sms, webauthn, email)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier of the factor","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"lastUpdated":{"name":"lastUpdated","type":"\t","is_mandatory":true,"title":"Timestamp when the factor was last updated","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"profile":{"name":"profile","type":"\n","is_mandatory":true,"title":"Provider- and factor-type-specific profile data","desc":"Shape depends on factorType: - sms/call: { phoneNumber } - push: { name, platform, version, deviceType, ... } - webauthn: { credentialId, authenticatorName, ... } - token:software:totp: { credentialId } - question: { question, questionText }","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"provider":{"name":"provider","type":"\u0007","is_mandatory":true,"title":"Provider of the factor (e.g., OKTA, GOOGLE, RSA, SYMANTEC, DUO, FIDO, CUSTOM)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Status of the factor (e.g., NOT_SETUP, ACTIVE, PENDING_ACTIVATION, DISABLED, EXPIRED)","provider":"go.mondoo.com/cnquery/v9/providers/okta"},"user":{"name":"user","type":"\u001bokta.user","title":"The user this factor belongs to","provider":"go.mondoo.com/cnquery/v9/providers/okta"}},"title":"Okta MFA factor enrolled by a user","private":true,"min_provider_version":"13.1.6","defaults":"factorType status","provider":"go.mondoo.com/cnquery/v9/providers/okta"}}}