okta-admin-management — quality + safety report

In the Skillier index (lap__okta-com-okta-management) · scanned 2026-06-03 · engine: builtin+triage

A
Quality
90/100
Safety

✓ Clean — no heuristic safety flags surfaced.

Heuristic flags from the builtin scanner, which is known to over-flag (it trips on legitimate env-reading integrations, security skills, and library .eval calls). This is NOT an authoritative malicious verdict — re-scan with SkillSpector for the authoritative result. Run the authoritative scan →

Skillproof quality grade A

📇 This skill is in the Skillier index (curated · deduped · quality-filtered). Install Skillier to route & load it into your AI client.

Quality notes

Skill is large (~28353 tokens)
medium · quality · body
→ Tighten to the essential procedure; move long reference material to linked files.
No example
low · quality · body
→ Add at least one worked example (input → expected action/output).

About this skill

Okta Admin Management API skill. Use when working with Okta Admin Management for .well-known, api, attack-protection. Covers 705 endpoints.

📄 Read the SKILL.md
---
name: okta-admin-management
description: "Okta Admin Management API skill. Use when working with Okta Admin Management for .well-known, api, attack-protection. Covers 705 endpoints."
version: 1.0.0
generator: lapsh
---

# Okta Admin Management
API version: 5.1.0

## Auth
ApiKey Authorization in header | OAuth2

## Base URL
https://subdomain.okta.com

## Setup
1. Set your API key in the appropriate header
2. GET /.well-known/app-authenticator-configuration -- verify access
3. POST /api/v1/agentPools/{poolId}/updates -- create first updates

## Endpoints

705 endpoints across 10 groups. See references/api-spec.lap for full details.

### .well-known
| Method | Path | Description |
|--------|------|-------------|
| GET | /.well-known/app-authenticator-configuration | Retrieve the well-known app authenticator configuration |
| GET | /.well-known/apple-app-site-association | Retrieve the customized apple-app-site-association URI content |
| GET | /.well-known/assetlinks.json | Retrieve the customized assetlinks.json URI content |
| GET | /.well-known/okta-organization | Retrieve the Org metadata |
| GET | /.well-known/ssf-configuration | Retrieve the SSF transmitter metadata |
| GET | /.well-known/webauthn | Retrieve the customized webauthn URI content |

### api
| Method | Path | Description |
|--------|------|-------------|
| GET | /api/v1/agentPools | List all agent pools |
| GET | /api/v1/agentPools/{poolId}/updates | List all agent pool updates |
| POST | /api/v1/agentPools/{poolId}/updates | Create an agent pool update |
| GET | /api/v1/agentPools/{poolId}/updates/settings | Retrieve an agent pool update's settings |
| POST | /api/v1/agentPools/{poolId}/updates/settings | Update an agent pool update settings |
| GET | /api/v1/agentPools/{poolId}/updates/{updateId} | Retrieve an agent pool update by ID |
| POST | /api/v1/agentPools/{poolId}/updates/{updateId} | Update an agent pool update by ID |
| DELETE | /api/v1/agentPools/{poolId}/updates/{updateId} | Delete an agent pool update |
| POST | /api/v1/agentPools/{poolId}/updates/{updateId}/activate | Activate an agent pool update |
| POST | /api/v1/agentPools/{poolId}/updates/{updateId}/deactivate | Deactivate an agent pool update |
| POST | /api/v1/agentPools/{poolId}/updates/{updateId}/pause | Pause an agent pool update |
| POST | /api/v1/agentPools/{poolId}/updates/{updateId}/resume | Resume an agent pool update |
| POST | /api/v1/agentPools/{poolId}/updates/{updateId}/retry | Retry an agent pool update |
| POST | /api/v1/agentPools/{poolId}/updates/{updateId}/stop | Stop an agent pool update |
| GET | /api/v1/api-tokens | List all API token metadata |
| DELETE | /api/v1/api-tokens/current | Revoke the current API token |
| GET | /api/v1/api-tokens/{apiTokenId} | Retrieve an API token's metadata |
| PUT | /api/v1/api-tokens/{apiTokenId} | Upsert an API token network condition |
| DELETE | /api/v1/api-tokens/{apiTokenId} | Revoke an API token |
| GET | /api/v1/apps | List all applications |
| POST | /api/v1/apps | Create an application |
| GET | /api/v1/apps/{appId} | Retrieve an application |
| PUT | /api/v1/apps/{appId} | Replace an application |
| DELETE | /api/v1/apps/{appId} | Delete an application |
| GET | /api/v1/apps/{appId}/connections/default | Retrieve the default provisioning connection |
| POST | /api/v1/apps/{appId}/connections/default | Update the default provisioning connection |
| GET | /api/v1/apps/{appId}/connections/default/jwks | Retrieve a JSON Web Key Set (JWKS) for the default provisioning connection |
| POST | /api/v1/apps/{appId}/connections/default/lifecycle/activate | Activate the default provisioning connection |
| POST | /api/v1/apps/{appId}/connections/default/lifecycle/deactivate | Deactivate the default provisioning connection |
| GET | /api/v1/apps/{appId}/credentials/csrs | List all certificate signing requests |
| POST | /api/v1/apps/{appId}/credentials/csrs | Generate a certificate signing request |
| GET | /api/v1/apps/{appId}/credentials/csrs/{csrId} | Retrieve a certificate signing request |
| DELETE | /api/v1/apps/{appId}/credentials/csrs/{csrId} | Revoke a certificate signing request |
| POST | /api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish | Publish a certificate signing request |
| GET | /api/v1/apps/{appId}/credentials/jwks | List all the OAuth 2.0 client JSON Web Keys |
| POST | /api/v1/apps/{appId}/credentials/jwks | Add a JSON Web Key |
| GET | /api/v1/apps/{appId}/credentials/jwks/{keyId} | Retrieve an OAuth 2.0 client JSON Web Key |
| DELETE | /api/v1/apps/{appId}/credentials/jwks/{keyId} | Delete an OAuth 2.0 client JSON Web Key |
| POST | /api/v1/apps/{appId}/credentials/jwks/{keyId}/lifecycle/activate | Activate an OAuth 2.0 client JSON Web Key |
| POST | /api/v1/apps/{appId}/credentials/jwks/{keyId}/lifecycle/deactivate | Deactivate an OAuth 2.0 client JSON Web Key |
| GET | /api/v1/apps/{appId}/credentials/keys | List all key credentials |
| POST | /api/v1/apps/{appId}/credentials/keys/generate | Generate a key credential |
| GET | /api/v1/apps/{appId}/credentials/keys/{keyId} | Retrieve a key credential |
| POST | /api/v1/apps/{appId}/credentials/keys/{keyId}/clone | Clone a key credential |
| GET | /api/v1/apps/{appId}/credentials/secrets | List all OAuth 2.0 client secrets |
| POST | /api/v1/apps/{appId}/credentials/secrets | Create an OAuth 2.0 client secret |
| GET | /api/v1/apps/{appId}/credentials/secrets/{secretId} | Retrieve an OAuth 2.0 client secret |
| DELETE | /api/v1/apps/{appId}/credentials/secrets/{secretId} | Delete an OAuth 2.0 client secret |
| POST | /api/v1/apps/{appId}/credentials/secrets/{secretId}/lifecycle/activate | Activate an OAuth 2.0 client secret |
| POST | /api/v1/apps/{appId}/credentials/secrets/{secretId}/lifecycle/deactivate | Deactivate an OAuth 2.0 client secret |
| GET | /api/v1/apps/{appId}/cwo/connections | Retrieve all Cross App Access connections |
| POST | /api/v1/apps/{appId}/cwo/connections | Create a Cross App Access connection |
| GET | /api/v1/apps/{appId}/cwo/connections/{connectionId} | Retrieve a Cross App Access connection |
| PATCH | /api/v1/apps/{appId}/cwo/connections/{connectionId} | Update a Cross App Access connection |
| DELETE | /api/v1/apps/{appId}/cwo/connections/{connectionId} | Delete a Cross App Access connection |
| GET | /api/v1/apps/{appId}/features | List all features |
| GET | /api/v1/apps/{appId}/features/{featureName} | Retrieve a feature |
| PUT | /api/v1/apps/{appId}/features/{featureName} | Update a feature |
| GET | /api/v1/apps/{appId}/federated-claims | List all configured federated claims |
| POST | /api/v1/apps/{appId}/federated-claims | Create a federated claim |
| GET | /api/v1/apps/{appId}/federated-claims/{claimId} | Retrieve a federated claim |
| PUT | /api/v1/apps/{appId}/federated-claims/{claimId} | Replace a federated claim |
| DELETE | /api/v1/apps/{appId}/federated-claims/{claimId} | Delete a federated claim |
| GET | /api/v1/apps/{appId}/grants | List all app grants |
| POST | /api/v1/apps/{appId}/grants | Grant consent to scope |
| GET | /api/v1/apps/{appId}/grants/{grantId} | Retrieve an app grant |
| DELETE | /api/v1/apps/{appId}/grants/{grantId} | Revoke an app grant |
| GET | /api/v1/apps/{appId}/group-push/mappings | List all group push mappings |
| POST | /api/v1/apps/{appId}/group-push/mappings | Create a group push mapping |
| GET | /api/v1/apps/{appId}/group-push/mappings/{mappingId} | Retrieve a group push mapping |
| PATCH | /api/v1/apps/{appId}/group-push/mappings/{mappingId} | Update a group push mapping |
| DELETE | /api/v1/apps/{appId}/group-push/mappings/{mappingId} | Delete a group push mapping |
| GET | /api/v1/apps/{appId}/groups | List all application groups |
| GET | /api/v1/apps/{appId}/groups/{groupId} | Retrieve an application group |
| PUT | /api/v1/apps/{appId}/groups/{groupId} | Assign an application group |
| PATCH | /api/v1/apps/{appId}/groups/{groupId} | Update an application group |
| DELETE | /api/v1/apps/{appId}/groups/{groupId} | Unassign an application group |
| POST | /api/v1/apps/{appId}/lifecycle/activate | Activate an application |
| POST | /api/v1/apps/{appId}/lifecycle/deactivate | Deactivate an application |
| POST | /api/v1/apps/{appId}/logo | Upload an application logo |
| PUT | /api/v1/apps/{appId}/policies/{policyId} | Assign an authentication policy |
| GET | /api/v1/apps/{appId}/sso/saml/metadata | Preview the application SAML metadata |
| GET | /api/v1/apps/{appId}/tokens | List all application refresh tokens |
| DELETE | /api/v1/apps/{appId}/tokens | Revoke all application tokens |
| GET | /api/v1/apps/{appId}/tokens/{tokenId} | Retrieve an application token |
| DELETE | /api/v1/apps/{appId}/tokens/{tokenId} | Revoke an application token |
| GET | /api/v1/apps/{appId}/users | List all application users |
| POST | /api/v1/apps/{appId}/users | Assign an application user |
| GET | /api/v1/apps/{appId}/users/{userId} | Retrieve an application user |
| POST | /api/v1/apps/{appId}/users/{userId} | Update an application user |
| DELETE | /api/v1/apps/{appId}/users/{userId} | Unassign an application user |
| POST | /api/v1/apps/{appName}/{appId}/oauth2/callback | Verify the provisioning connection |
| GET | /api/v1/authenticators | List all authenticators |
| POST | /api/v1/authenticators | Create an authenticator |
| GET | /api/v1/authenticators/{authenticatorId} | Retrieve an authenticator |
| PUT | /api/v1/authenticators/{authenticatorId} | Replace an authenticator |
| GET | /api/v1/authenticators/{authenticatorId}/aaguids | List all custom AAGUIDs |
| POST | /api/v1/authenticators/{authenticatorId}/aaguids | Create a custom AAGUID |
| GET | /api/v1/authenticators/{authenticatorId}/aaguids/{aaguid} | Retrieve a custom AAGUID |
| PUT | /api/v1/authenticators/{authenticatorId}/aaguids/{aaguid} | Replace a custom AAGUID |
| PATCH | /api/v1/authenticators/{authenticatorId}/aaguids/{aaguid} | Update a custom AAGUID |
| DELETE | /api/v1/authenticators/{authenticatorId}/aaguids/{aaguid} | Delete a custom AAGUID |
| POST | /api/v1/authenticators/{authenticatorId}/lifecycle/activate | Activate an authenticator |
| POST | /api/v1/authenticators/{authenticatorId}/lifecycle/deactivate | Deactivate an authenticator |
| GET | /api/v1/authenticators/{authenticatorId}/methods | List all methods of an authenticator |
| GET | /api/v1/authenticators/{authenticatorId}/methods/{methodType} | Retrieve an authenticator method |
| PUT | /api/v1/authenticators/{authenticatorId}/methods/{methodType} | Replace an authenticator method |
| POST | /api/v1/authenticators/{authenticatorId}/methods/{methodType}/lifecycle/activate | Activate an authenticator method |
| POST | /api/v1/authenticators/{authenticatorId}/methods/{methodType}/lifecycle/deactivate | Deactivate an authenticator method |
| GET | /api/v1/authorizationServers | List all authorization servers |
| POST | /api/v1/authorizationServers | Create an authorization server |
| GET | /api/v1/authorizationServers/{authServerId} | Retrieve an authorization server |
| PUT | /api/v1/authorizationServers/{authServerId} | Replace an authorization server |
| DELETE | /api/v1/authorizationServers/{authServerId} | Delete an authorization server |
| GET | /api/v1/authorizationServers/{authServerId}/associatedServers | List all associated authorization servers |
| POST | /api/v1/authorizationServers/{authServerId}/associatedServers | Create an associated authorization server |
| DELETE | /api/v1/authorizationServers/{authServerId}/associatedServers/{associatedServerId} | Delete an associated authorization server |
| GET | /api/v1/authorizationServers/{authServerId}/claims | List all custom token claims |
| POST | /api/v1/authorizationServers/{authServerId}/claims | Create a custom token claim |
| GET | /api/v1/authorizationServers/{authServerId}/claims/{claimId} | Retrieve a custom token claim |
| PUT | /api/v1/authorizationServers/{authServerId}/claims/{claimId} | Replace a custom token cla

… (truncated)
Scan or optimize your own skill →

Want a live grade + an embeddable README badge? Run your skill through the free scanner.

Other quality-A skills: 3d-web-experience [TODO: lowercase-hyphen-case-name] accessibility-compliance-accessibility-audit adhx agent-manager-skill agent-md-refactor agent-messaging agent-orchestration-multi-agent-optimize

Graded independently by Skillproof — nothing to sell the author. Quality is mechanical + corpus-grounded; safety flags are heuristic (builtin+triage), not a malicious verdict.