Skip to main content

Documentation Index

Fetch the complete documentation index at: https://specterops-enable-tls-feedback.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Applies to BloodHound Enterprise and CE

Overview

Authorization servers in Okta are used to issue OAuth 2.0 access tokens for API access. They define the scopes, claims, and access policies that control how tokens are issued and what permissions they grant. Each Okta organization has a default authorization server, and administrators can create additional custom authorization servers for specific use cases. Authorization servers are represented as Okta_AuthorizationServer nodes in BloodHound.
The relationships between authorization servers and applications are currently not evaluated in BloodHound.

Edges

The tables below list edges defined by the Okta extension only. Additional edges to or from this node may be created by other extensions.

Inbound Edges

Edge TypeSource Node TypesTraversable
Okta_ContainsOkta_Organization
Okta_ResourceSetContainsOkta_ResourceSet
Okta_ScopedToOkta_RoleAssignment

Outbound Edges

No outbound edges are defined by the Okta extension for this node.

Properties

NameSourceTypeDescription
idserver.idstringUnique authorization server identifier.
nameserver.namestringAuthorization server name.
displayNameserver.namestringDisplay label used in BloodHound.
oktaDomainCollector context (non-API)stringOkta organization domain where the authorization server exists.
descriptionserver.descriptionstringHuman-readable server description.
statusserver.statusstringCurrent lifecycle status.
issuerserver.issuerstringToken issuer URL.
issuerModeserver.issuerModestringIssuer mode selected in Okta.
audiencesserver.audiencesstring[]Allowed audience values for issued tokens.
createdserver.createddatetimeAuthorization server creation timestamp.
lastUpdatedserver.lastUpdateddatetimeLast update timestamp for the server configuration.

Sample Property Values

id: ausz6ipkn4u0hDzyf697
name: app creation
displayName: app creation
oktaDomain: contoso.okta.com
status: INACTIVE
issuer: https://contoso.okta.com/oauth2/ausz6ipkn4u0hDzyf697
issuerMode: DYNAMIC
audiences:
  - test
created: 2026-01-14T15:41:28+00:00
lastUpdated: 2026-01-14T16:09:30+00:00