Scope(s) to use when authenticating, that control access to specific information. To specify multiple scopes, separate them with a space.

Data Type

string

Default Value

"offline_access okta.agentPools.read okta.apiTokens.read okta.apps.read okta.authenticators.read okta.authorizationServers.read okta.behaviors.read okta.brands.read okta.captchas.read okta.devices.read okta.domains.read okta.emailDomains.read okta.emailServers.read okta.groups.read okta.inlineHooks.read okta.oauthIntegrations.read okta.orgs.read okta.policies.read okta.profileMappings.read okta.realmAssignments.read okta.realms.read okta.roles.read okta.templates.read okta.logs.read okta.threatInsights.read okta.trustedOrigins.read okta.users.read okta.userTypes.read"

Remarks

The scopes that are used when authenticating enable you to request additional information that may be required for certain tables, or reduce permissions to prevent access to certain tables.

Requesting Additional Permissions

If you attempt to perform an action while using the provider and Okta returns an insufficient permissions error, it may be due to a missing required scope. To resolve this issue, call the GetOAuthAuthorizationURL and GetOAuthAccessToken stored procedures, which have inputs for the scope you would like to request. Then set the Scope property to include the required scope and generate a new OAuth access token for a desktop application.

To request more than one scope per authorization request, separate them with a space. For a list of all available Okta scopes, see https://developer.okta.com/docs/api/oauth2/.