Okta.Sdk.Api.RoleAssignmentAUserApi

October 22, 2025 ยท View on GitHub

All URIs are relative to https://subdomain.okta.com

MethodHTTP requestDescription
AssignRoleToUserPOST /api/v1/users/{userId}/rolesAssign a user role
GetRoleAssignmentGovernanceGrantGET /api/v1/users/{userId}/roles/{roleAssignmentId}/governance/{grantId}Retrieve a user role governance source
GetRoleAssignmentGovernanceGrantResourcesGET /api/v1/users/{userId}/roles/{roleAssignmentId}/governance/{grantId}/resourcesRetrieve the user role governance source resources
GetUserAssignedRoleGET /api/v1/users/{userId}/roles/{roleAssignmentId}Retrieve a user role assignment
GetUserAssignedRoleGovernanceGET /api/v1/users/{userId}/roles/{roleAssignmentId}/governanceRetrieve all user role governance sources
ListAssignedRolesForUserGET /api/v1/users/{userId}/rolesList all user role assignments
ListUsersWithRoleAssignmentsGET /api/v1/iam/assignees/usersList all users with role assignments
UnassignRoleFromUserDELETE /api/v1/users/{userId}/roles/{roleAssignmentId}Unassign a user role

AssignRoleToUser

AssignRoleToUser201Response AssignRoleToUser (string userId, AssignRoleToUserRequest assignRoleRequest, bool? disableNotifications = null)

Assign a user role

Assigns a standard role to a user. You can also assign a custom role to a user, but the preferred method to assign a custom role to a user is to create a binding between the custom role, the resource set, and the user. See Create a role resource set binding. > Notes: > * The request payload is different for standard and custom role assignments. > * For IAM-based standard role assignments, use the request payload for standard roles. However, the response payload for IAM-based role assignments is similar to the custom role's assignment response.

Example

using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;

namespace Example
{
    public class AssignRoleToUserExample
    {
        public static void Main()
        {
            Configuration config = new Configuration();
            config.OktaDomain = "https://subdomain.okta.com";
            // Configure API key authorization: apiToken
            config.Token ="YOUR_API_KEY";
            // Configure OAuth2 access token for authorization: oauth2
            config.AccessToken = "YOUR_ACCESS_TOKEN";

            var apiInstance = new RoleAssignmentAUserApi(config);
            var userId = 00ub0oNGTSWTBKOLGLNR;  // string | ID of an existing Okta user
            var assignRoleRequest = new AssignRoleToUserRequest(); // AssignRoleToUserRequest | 
            var disableNotifications = false;  // bool? | Setting this to `true` grants the user third-party admin status (optional)  (default to false)

            try
            {
                // Assign a user role
                AssignRoleToUser201Response result = apiInstance.AssignRoleToUser(userId, assignRoleRequest, disableNotifications);
                Debug.WriteLine(result);
            }
            catch (ApiException  e)
            {
                Debug.Print("Exception when calling RoleAssignmentAUserApi.AssignRoleToUser: " + e.Message );
                Debug.Print("Status Code: "+ e.ErrorCode);
                Debug.Print(e.StackTrace);
            }
        }
    }
}

Parameters

NameTypeDescriptionNotes
userIdstringID of an existing Okta user
assignRoleRequestAssignRoleToUserRequest
disableNotificationsbool?Setting this to `true` grants the user third-party admin status[optional] [default to false]

Return type

AssignRoleToUser201Response

Authorization

apiToken, oauth2

HTTP request headers

  • Content-Type: application/json
  • Accept: application/json

HTTP response details

Status codeDescriptionResponse headers
201Created-
400Bad Request-
403Forbidden-
404Not Found-
429Too Many Requests-

[Back to top] [Back to API list] [Back to Model list] [Back to README]

GetRoleAssignmentGovernanceGrant

RoleGovernanceSource GetRoleAssignmentGovernanceGrant (string userId, string roleAssignmentId, string grantId)

Retrieve a user role governance source

Retrieves a governance source (identified by grantId) for a role (identified by roleAssignmentId) that's assigned to a user (identified by userId)

Example

using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;

namespace Example
{
    public class GetRoleAssignmentGovernanceGrantExample
    {
        public static void Main()
        {
            Configuration config = new Configuration();
            config.OktaDomain = "https://subdomain.okta.com";
            // Configure API key authorization: apiToken
            config.Token ="YOUR_API_KEY";
            // Configure OAuth2 access token for authorization: oauth2
            config.AccessToken = "YOUR_ACCESS_TOKEN";

            var apiInstance = new RoleAssignmentAUserApi(config);
            var userId = 00ub0oNGTSWTBKOLGLNR;  // string | ID of an existing Okta user
            var roleAssignmentId = JBCUYUC7IRCVGS27IFCE2SKO;  // string | The `id` of the role assignment
            var grantId = iJoqkwx50mrgX4T9LcaH;  // string | Grant ID

            try
            {
                // Retrieve a user role governance source
                RoleGovernanceSource result = apiInstance.GetRoleAssignmentGovernanceGrant(userId, roleAssignmentId, grantId);
                Debug.WriteLine(result);
            }
            catch (ApiException  e)
            {
                Debug.Print("Exception when calling RoleAssignmentAUserApi.GetRoleAssignmentGovernanceGrant: " + e.Message );
                Debug.Print("Status Code: "+ e.ErrorCode);
                Debug.Print(e.StackTrace);
            }
        }
    }
}

Parameters

NameTypeDescriptionNotes
userIdstringID of an existing Okta user
roleAssignmentIdstringThe `id` of the role assignment
grantIdstringGrant ID

Return type

RoleGovernanceSource

Authorization

apiToken, oauth2

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

HTTP response details

Status codeDescriptionResponse headers
200Success-
403Forbidden-
404Not Found-
429Too Many Requests-

[Back to top] [Back to API list] [Back to Model list] [Back to README]

GetRoleAssignmentGovernanceGrantResources

RoleGovernanceResources GetRoleAssignmentGovernanceGrantResources (string userId, string roleAssignmentId, string grantId)

Retrieve the user role governance source resources

Retrieves the resources of a governance source (identified by grantId) for a role (identified by roleAssignmentId) that's assigned to a user (identified by userId)

Example

using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;

namespace Example
{
    public class GetRoleAssignmentGovernanceGrantResourcesExample
    {
        public static void Main()
        {
            Configuration config = new Configuration();
            config.OktaDomain = "https://subdomain.okta.com";
            // Configure API key authorization: apiToken
            config.Token ="YOUR_API_KEY";
            // Configure OAuth2 access token for authorization: oauth2
            config.AccessToken = "YOUR_ACCESS_TOKEN";

            var apiInstance = new RoleAssignmentAUserApi(config);
            var userId = 00ub0oNGTSWTBKOLGLNR;  // string | ID of an existing Okta user
            var roleAssignmentId = JBCUYUC7IRCVGS27IFCE2SKO;  // string | The `id` of the role assignment
            var grantId = iJoqkwx50mrgX4T9LcaH;  // string | Grant ID

            try
            {
                // Retrieve the user role governance source resources
                RoleGovernanceResources result = apiInstance.GetRoleAssignmentGovernanceGrantResources(userId, roleAssignmentId, grantId);
                Debug.WriteLine(result);
            }
            catch (ApiException  e)
            {
                Debug.Print("Exception when calling RoleAssignmentAUserApi.GetRoleAssignmentGovernanceGrantResources: " + e.Message );
                Debug.Print("Status Code: "+ e.ErrorCode);
                Debug.Print(e.StackTrace);
            }
        }
    }
}

Parameters

NameTypeDescriptionNotes
userIdstringID of an existing Okta user
roleAssignmentIdstringThe `id` of the role assignment
grantIdstringGrant ID

Return type

RoleGovernanceResources

Authorization

apiToken, oauth2

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

HTTP response details

Status codeDescriptionResponse headers
200Success-
403Forbidden-
404Not Found-
429Too Many Requests-

[Back to top] [Back to API list] [Back to Model list] [Back to README]

GetUserAssignedRole

ListGroupAssignedRoles200ResponseInner GetUserAssignedRole (string userId, string roleAssignmentId)

Retrieve a user role assignment

Retrieves a role assigned to a user (identified by userId). The roleAssignmentId parameter is the unique identifier for either a standard role assignment object or a custom role resource set binding object.

Example

using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;

namespace Example
{
    public class GetUserAssignedRoleExample
    {
        public static void Main()
        {
            Configuration config = new Configuration();
            config.OktaDomain = "https://subdomain.okta.com";
            // Configure API key authorization: apiToken
            config.Token ="YOUR_API_KEY";
            // Configure OAuth2 access token for authorization: oauth2
            config.AccessToken = "YOUR_ACCESS_TOKEN";

            var apiInstance = new RoleAssignmentAUserApi(config);
            var userId = 00ub0oNGTSWTBKOLGLNR;  // string | ID of an existing Okta user
            var roleAssignmentId = JBCUYUC7IRCVGS27IFCE2SKO;  // string | The `id` of the role assignment

            try
            {
                // Retrieve a user role assignment
                ListGroupAssignedRoles200ResponseInner result = apiInstance.GetUserAssignedRole(userId, roleAssignmentId);
                Debug.WriteLine(result);
            }
            catch (ApiException  e)
            {
                Debug.Print("Exception when calling RoleAssignmentAUserApi.GetUserAssignedRole: " + e.Message );
                Debug.Print("Status Code: "+ e.ErrorCode);
                Debug.Print(e.StackTrace);
            }
        }
    }
}

Parameters

NameTypeDescriptionNotes
userIdstringID of an existing Okta user
roleAssignmentIdstringThe `id` of the role assignment

Return type

ListGroupAssignedRoles200ResponseInner

Authorization

apiToken, oauth2

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

HTTP response details

Status codeDescriptionResponse headers
200Success-
403Forbidden-
404Not Found-
429Too Many Requests-

[Back to top] [Back to API list] [Back to Model list] [Back to README]

GetUserAssignedRoleGovernance

RoleGovernance GetUserAssignedRoleGovernance (string userId, string roleAssignmentId)

Retrieve all user role governance sources

Retrieves the governance sources of a role (identified by roleAssignmentId) that's assigned to a user (identified by userId)

Example

using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;

namespace Example
{
    public class GetUserAssignedRoleGovernanceExample
    {
        public static void Main()
        {
            Configuration config = new Configuration();
            config.OktaDomain = "https://subdomain.okta.com";
            // Configure API key authorization: apiToken
            config.Token ="YOUR_API_KEY";
            // Configure OAuth2 access token for authorization: oauth2
            config.AccessToken = "YOUR_ACCESS_TOKEN";

            var apiInstance = new RoleAssignmentAUserApi(config);
            var userId = 00ub0oNGTSWTBKOLGLNR;  // string | ID of an existing Okta user
            var roleAssignmentId = JBCUYUC7IRCVGS27IFCE2SKO;  // string | The `id` of the role assignment

            try
            {
                // Retrieve all user role governance sources
                RoleGovernance result = apiInstance.GetUserAssignedRoleGovernance(userId, roleAssignmentId);
                Debug.WriteLine(result);
            }
            catch (ApiException  e)
            {
                Debug.Print("Exception when calling RoleAssignmentAUserApi.GetUserAssignedRoleGovernance: " + e.Message );
                Debug.Print("Status Code: "+ e.ErrorCode);
                Debug.Print(e.StackTrace);
            }
        }
    }
}

Parameters

NameTypeDescriptionNotes
userIdstringID of an existing Okta user
roleAssignmentIdstringThe `id` of the role assignment

Return type

RoleGovernance

Authorization

apiToken, oauth2

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

HTTP response details

Status codeDescriptionResponse headers
200Success-
403Forbidden-
404Not Found-
429Too Many Requests-

[Back to top] [Back to API list] [Back to Model list] [Back to README]

ListAssignedRolesForUser

List<ListGroupAssignedRoles200ResponseInner> ListAssignedRolesForUser (string userId, string expand = null)

List all user role assignments

Lists all roles assigned to a user (identified by userId)

Example

using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;

namespace Example
{
    public class ListAssignedRolesForUserExample
    {
        public static void Main()
        {
            Configuration config = new Configuration();
            config.OktaDomain = "https://subdomain.okta.com";
            // Configure API key authorization: apiToken
            config.Token ="YOUR_API_KEY";
            // Configure OAuth2 access token for authorization: oauth2
            config.AccessToken = "YOUR_ACCESS_TOKEN";

            var apiInstance = new RoleAssignmentAUserApi(config);
            var userId = 00ub0oNGTSWTBKOLGLNR;  // string | ID of an existing Okta user
            var expand = targets/groups;  // string | An optional parameter used to return targets configured for the standard role assignment in the `embedded` property. Supported values: `targets/groups` or `targets/catalog/apps` (optional) 

            try
            {
                // List all user role assignments
                List<ListGroupAssignedRoles200ResponseInner> result = apiInstance.ListAssignedRolesForUser(userId, expand).ToListAsync();
                Debug.WriteLine(result);
            }
            catch (ApiException  e)
            {
                Debug.Print("Exception when calling RoleAssignmentAUserApi.ListAssignedRolesForUser: " + e.Message );
                Debug.Print("Status Code: "+ e.ErrorCode);
                Debug.Print(e.StackTrace);
            }
        }
    }
}

Parameters

NameTypeDescriptionNotes
userIdstringID of an existing Okta user
expandstringAn optional parameter used to return targets configured for the standard role assignment in the `embedded` property. Supported values: `targets/groups` or `targets/catalog/apps`[optional]

Return type

List<ListGroupAssignedRoles200ResponseInner>

Authorization

apiToken, oauth2

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

HTTP response details

Status codeDescriptionResponse headers
200Success-
403Forbidden-
404Not Found-
429Too Many Requests-

[Back to top] [Back to API list] [Back to Model list] [Back to README]

ListUsersWithRoleAssignments

RoleAssignedUsers ListUsersWithRoleAssignments (string after = null, int? limit = null)

List all users with role assignments

Lists all users with role assignments

Example

using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;

namespace Example
{
    public class ListUsersWithRoleAssignmentsExample
    {
        public static void Main()
        {
            Configuration config = new Configuration();
            config.OktaDomain = "https://subdomain.okta.com";
            // Configure API key authorization: apiToken
            config.Token ="YOUR_API_KEY";
            // Configure OAuth2 access token for authorization: oauth2
            config.AccessToken = "YOUR_ACCESS_TOKEN";

            var apiInstance = new RoleAssignmentAUserApi(config);
            var after = "after_example";  // string | Specifies the pagination cursor for the next page of targets (optional) 
            var limit = 100;  // int? | Specifies the number of results returned. Defaults to `100`. (optional)  (default to 100)

            try
            {
                // List all users with role assignments
                RoleAssignedUsers result = apiInstance.ListUsersWithRoleAssignments(after, limit);
                Debug.WriteLine(result);
            }
            catch (ApiException  e)
            {
                Debug.Print("Exception when calling RoleAssignmentAUserApi.ListUsersWithRoleAssignments: " + e.Message );
                Debug.Print("Status Code: "+ e.ErrorCode);
                Debug.Print(e.StackTrace);
            }
        }
    }
}

Parameters

NameTypeDescriptionNotes
afterstringSpecifies the pagination cursor for the next page of targets[optional]
limitint?Specifies the number of results returned. Defaults to `100`.[optional] [default to 100]

Return type

RoleAssignedUsers

Authorization

apiToken, oauth2

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

HTTP response details

Status codeDescriptionResponse headers
200Success-
403Forbidden-
429Too Many Requests-

[Back to top] [Back to API list] [Back to Model list] [Back to README]

UnassignRoleFromUser

void UnassignRoleFromUser (string userId, string roleAssignmentId)

Unassign a user role

Unassigns a role assignment (identified by roleAssignmentId) from a user (identified by userId)

Example

using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;

namespace Example
{
    public class UnassignRoleFromUserExample
    {
        public static void Main()
        {
            Configuration config = new Configuration();
            config.OktaDomain = "https://subdomain.okta.com";
            // Configure API key authorization: apiToken
            config.Token ="YOUR_API_KEY";
            // Configure OAuth2 access token for authorization: oauth2
            config.AccessToken = "YOUR_ACCESS_TOKEN";

            var apiInstance = new RoleAssignmentAUserApi(config);
            var userId = 00ub0oNGTSWTBKOLGLNR;  // string | ID of an existing Okta user
            var roleAssignmentId = JBCUYUC7IRCVGS27IFCE2SKO;  // string | The `id` of the role assignment

            try
            {
                // Unassign a user role
                apiInstance.UnassignRoleFromUser(userId, roleAssignmentId);
            }
            catch (ApiException  e)
            {
                Debug.Print("Exception when calling RoleAssignmentAUserApi.UnassignRoleFromUser: " + e.Message );
                Debug.Print("Status Code: "+ e.ErrorCode);
                Debug.Print(e.StackTrace);
            }
        }
    }
}

Parameters

NameTypeDescriptionNotes
userIdstringID of an existing Okta user
roleAssignmentIdstringThe `id` of the role assignment

Return type

void (empty response body)

Authorization

apiToken, oauth2

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

HTTP response details

Status codeDescriptionResponse headers
204No Content-
403Forbidden-
404Not Found-
429Too Many Requests-

[Back to top] [Back to API list] [Back to Model list] [Back to README]