diff --git a/docs/AAGUIDGroupObject.md b/docs/AAGUIDGroupObject.md
new file mode 100644
index 000000000..57db8406e
--- /dev/null
+++ b/docs/AAGUIDGroupObject.md
@@ -0,0 +1,12 @@
+# Okta.Sdk.Model.AAGUIDGroupObject
+<x-lifecycle class=\"ea\"></x-lifecycle> The AAGUID Group object supports the Early Access (Self-Service) Allow List for FIDO2 (WebAuthn) Authenticators feature. Enable the feature for your org from the **Settings** > **Features** page in the Admin Console.  This feature has several limitations when enrolling a security key:   - Enrollment is currently unsupported on Firefox.   - Enrollment is currently unsupported on Chrome if User Verification is set to DISCOURAGED and a PIN is set on the security key.   - If prompted during enrollment, users must allow Okta to see the make and model of the security key. 
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Aaguids** | **List&lt;string&gt;** | A list of YubiKey hardware FIDO2 Authenticator Attestation Global Unique Identifiers (AAGUIDs). The available [AAGUIDs](https://support.yubico.com/hc/en-us/articles/360016648959-YubiKey-Hardware-FIDO2-AAGUIDs) (opens new window) are provided by the FIDO Alliance Metadata Service. | [optional] 
+**Name** | **string** | A name to identify the group of YubiKey hardware FIDO2 AAGUIDs | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/APNSPushProvider.md b/docs/APNSPushProvider.md
index 3c45442d9..5a378138d 100644
--- a/docs/APNSPushProvider.md
+++ b/docs/APNSPushProvider.md
@@ -4,8 +4,8 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Id** | **string** |  | [optional] [readonly] 
-**LastUpdatedDate** | **string** |  | [optional] [readonly] 
+**Id** | **string** | Unique key for the Push Provider | [optional] [readonly] 
+**LastUpdatedDate** | **string** | Timestamp when the Push Provider was last modified | [optional] [readonly] 
 **Name** | **string** | Display name of the push provider | [optional] 
 **ProviderType** | [**ProviderType**](ProviderType.md) |  | [optional] 
 **Links** | [**LinksSelf**](LinksSelf.md) |  | [optional] 
diff --git a/docs/AccessPolicyConstraint.md b/docs/AccessPolicyConstraint.md
index 5202ceb0c..d3b99d0b3 100644
--- a/docs/AccessPolicyConstraint.md
+++ b/docs/AccessPolicyConstraint.md
@@ -4,12 +4,12 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
+**AuthenticationMethods** | [**List&lt;AuthenticationMethodObject&gt;**](AuthenticationMethodObject.md) | This property specifies the precise authenticator and method for authentication. &lt;x-lifecycle class&#x3D;\&quot;oie\&quot;&gt;&lt;/x-lifecycle&gt; | [optional] 
+**ExcludedAuthenticationMethods** | [**List&lt;AuthenticationMethodObject&gt;**](AuthenticationMethodObject.md) | This property specifies the precise authenticator and method to exclude from authentication. &lt;x-lifecycle class&#x3D;\&quot;oie\&quot;&gt;&lt;/x-lifecycle&gt; | [optional] 
 **Methods** | **List&lt;string&gt;** | The Authenticator methods that are permitted | [optional] 
 **ReauthenticateIn** | **string** | The duration after which the user must re-authenticate regardless of user activity. This re-authentication interval overrides the Verification Method object&#39;s &#x60;reauthenticateIn&#x60; interval. The supported values use ISO 8601 period format for recurring time intervals (for example, &#x60;PT1H&#x60;). | [optional] 
+**Required** | **bool** | This property indicates whether the knowledge or possession factor is required by the assurance. It&#39;s optional in the request, but is always returned in the response. By default, this field is &#x60;true&#x60;. If the knowledge or possession constraint has values for &#x60;excludedAuthenticationMethods&#x60; the &#x60;required&#x60; value is false. &lt;x-lifecycle class&#x3D;\&quot;oie\&quot;&gt;&lt;/x-lifecycle&gt; | [optional] 
 **Types** | **List&lt;string&gt;** | The Authenticator types that are permitted | [optional] 
-**AuthenticationMethods** | [**List&lt;AuthenticationMethodObject&gt;**](AuthenticationMethodObject.md) | This property specifies the precise authenticator and method for authentication. | [optional] 
-**ExcludedAuthenticationMethods** | [**List&lt;AuthenticationMethodObject&gt;**](AuthenticationMethodObject.md) | This property specifies the precise authenticator and method to exclude from authentication. | [optional] 
-**Required** | **bool** | This property indicates whether the knowledge or possession factor is required by the assurance. It&#39;s optional in the request, but is always returned in the response. By default, this field is &#x60;true&#x60;. If the knowledge or possession constraint has values for&#x60;excludedAuthenticationMethods&#x60; the &#x60;required&#x60; value is false. | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/Actions.md b/docs/Actions.md
new file mode 100644
index 000000000..15b36cb2b
--- /dev/null
+++ b/docs/Actions.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.Actions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AssignUserToRealm** | [**AssignUserToRealm**](AssignUserToRealm.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AdminConsoleSettings.md b/docs/AdminConsoleSettings.md
new file mode 100644
index 000000000..861f6b0cb
--- /dev/null
+++ b/docs/AdminConsoleSettings.md
@@ -0,0 +1,12 @@
+# Okta.Sdk.Model.AdminConsoleSettings
+Settings specific to the Okta Admin Console
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**SessionIdleTimeoutMinutes** | **int** | The maximum idle time before the Okta Admin Console session expires. Must be no more than 12 hours. | [optional] [default to 15]
+**SessionMaxLifetimeMinutes** | **int** | The absolute maximum session lifetime of the Okta Admin Console. Must be no more than 7 days. | [optional] [default to 720]
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AgentAction.md b/docs/AgentAction.md
new file mode 100644
index 000000000..6dd4d2b5a
--- /dev/null
+++ b/docs/AgentAction.md
@@ -0,0 +1,12 @@
+# Okta.Sdk.Model.AgentAction
+Details about the AD Group membership update
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | **string** | ID of the AD group to update | [optional] 
+**Parameters** | [**Parameters**](.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AllowedForEnum.md b/docs/AllowedForEnum.md
index 9b84995a6..108de6cc5 100644
--- a/docs/AllowedForEnum.md
+++ b/docs/AllowedForEnum.md
@@ -1,4 +1,5 @@
 # Okta.Sdk.Model.AllowedForEnum
+The allowed types of uses for the Authenticator
 
 ## Properties
 
diff --git a/docs/ApiToken.md b/docs/ApiToken.md
index 1bf1a4cc4..d3edbd00a 100644
--- a/docs/ApiToken.md
+++ b/docs/ApiToken.md
@@ -11,6 +11,7 @@ Name | Type | Description | Notes
 **Id** | **string** |  | [optional] [readonly] 
 **LastUpdated** | **DateTimeOffset** |  | [optional] [readonly] 
 **Name** | **string** |  | 
+**Network** | [**ApiTokenNetwork**](ApiTokenNetwork.md) |  | [optional] 
 **TokenWindow** | **string** | A time duration specified as an [ISO-8601 duration](https://en.wikipedia.org/wiki/ISO_8601#Durations). | [optional] 
 **UserId** | **string** |  | [optional] 
 **Link** | [**LinksSelf**](LinksSelf.md) |  | [optional] 
diff --git a/docs/ApiTokenNetwork.md b/docs/ApiTokenNetwork.md
new file mode 100644
index 000000000..46bfd982c
--- /dev/null
+++ b/docs/ApiTokenNetwork.md
@@ -0,0 +1,13 @@
+# Okta.Sdk.Model.ApiTokenNetwork
+The Network Condition of the API Token
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Connection** | **string** | The connection type of the Network Condition | [optional] 
+**Include** | **List&lt;string&gt;** | List of included IP network zones | [optional] 
+**Exclude** | **List&lt;string&gt;** | List of excluded IP network zones | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/ApiTokenUpdate.md b/docs/ApiTokenUpdate.md
new file mode 100644
index 000000000..fee8fe640
--- /dev/null
+++ b/docs/ApiTokenUpdate.md
@@ -0,0 +1,15 @@
+# Okta.Sdk.Model.ApiTokenUpdate
+An API Token Update Object for an Okta user. This token is NOT scoped any further and can be used for any API that the user has permissions to call.
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ClientName** | **string** | The client name associated with the API Token | [optional] [readonly] 
+**Created** | **DateTimeOffset** | The creation date of the API Token | [optional] [readonly] 
+**Name** | **string** | The name associated with the API Token | [optional] 
+**Network** | [**ApiTokenNetwork**](ApiTokenNetwork.md) |  | [optional] 
+**UserId** | **string** | The userId of the user who created the API Token | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AppAccountContainerDetails.md b/docs/AppAccountContainerDetails.md
new file mode 100644
index 000000000..ecd907713
--- /dev/null
+++ b/docs/AppAccountContainerDetails.md
@@ -0,0 +1,17 @@
+# Okta.Sdk.Model.AppAccountContainerDetails
+Container details for resource type APP_ACCOUNT
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AppName** | **string** | The application name | [optional] [readonly] 
+**ContainerId** | **string** | The application ID associated with the privileged account | 
+**DisplayName** | **string** | Human-readable name of the container that owns the privileged resource | [optional] [readonly] 
+**GlobalAppId** | **string** | The application global ID | [optional] [readonly] 
+**PasswordPushSupported** | **bool** | Indicates if the application supports password push | [optional] [readonly] 
+**ProvisioningEnabled** | **bool** | Indicates if provisioning is enabled for this application | [optional] [readonly] 
+**Links** | [**AppLink**](AppLink.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AppAndInstanceType.md b/docs/AppAndInstanceType.md
index ada939175..1c31c5c36 100644
--- a/docs/AppAndInstanceType.md
+++ b/docs/AppAndInstanceType.md
@@ -1,4 +1,5 @@
 # Okta.Sdk.Model.AppAndInstanceType
+Type of app
 
 ## Properties
 
diff --git a/docs/AppCustomHrefObject.md b/docs/AppCustomHrefObject.md
new file mode 100644
index 000000000..bfd5ef58b
--- /dev/null
+++ b/docs/AppCustomHrefObject.md
@@ -0,0 +1,13 @@
+# Okta.Sdk.Model.AppCustomHrefObject
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Hints** | [**AppCustomHrefObjectHints**](AppCustomHrefObjectHints.md) |  | [optional] 
+**Href** | **string** | Link URI | 
+**Title** | **string** | Link name | [optional] 
+**Type** | **string** | The media type of the link. If omitted, it is implicitly &#x60;application/json&#x60;. | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AppCustomHrefObjectHints.md b/docs/AppCustomHrefObjectHints.md
new file mode 100644
index 000000000..75807254d
--- /dev/null
+++ b/docs/AppCustomHrefObjectHints.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.AppCustomHrefObjectHints
+Describes allowed HTTP verbs for the `href`
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Allow** | **List&lt;string&gt;** |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AppLink.md b/docs/AppLink.md
index ab2b0960b..62ae55599 100644
--- a/docs/AppLink.md
+++ b/docs/AppLink.md
@@ -4,16 +4,8 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**AppAssignmentId** | **string** |  | [optional] [readonly] 
-**AppInstanceId** | **string** |  | [optional] [readonly] 
-**AppName** | **string** |  | [optional] [readonly] 
-**CredentialsSetup** | **bool** |  | [optional] [readonly] 
-**Hidden** | **bool** |  | [optional] [readonly] 
-**Id** | **string** |  | [optional] [readonly] 
-**Label** | **string** |  | [optional] [readonly] 
-**LinkUrl** | **string** |  | [optional] [readonly] 
-**LogoUrl** | **string** |  | [optional] [readonly] 
-**SortOrder** | **int** |  | [optional] [readonly] 
+**Login** | [**HrefObjectAppLink**](HrefObjectAppLink.md) |  | [optional] 
+**Logo** | [**HrefObjectLogoLink**](HrefObjectLogoLink.md) |  | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/AppUser.md b/docs/AppUser.md
index 16b315f77..59df5c769 100644
--- a/docs/AppUser.md
+++ b/docs/AppUser.md
@@ -1,24 +1,24 @@
 # Okta.Sdk.Model.AppUser
-The App User object defines a user's app-specific profile and credentials for an app.
+The Application User object defines a user's app-specific profile and credentials for an app
 
 ## Properties
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Created** | **DateTimeOffset** | Timestamp when the App User object was created | [readonly] 
+**Created** | **DateTimeOffset** |  | [optional] 
 **Credentials** | [**AppUserCredentials**](AppUserCredentials.md) |  | [optional] 
-**ExternalId** | **string** | The ID of the user in the target app that&#39;s linked to the Okta App User object. This value is the native app-specific identifier or primary key for the user in the target app.  The &#x60;externalId&#x60; is set during import when the user is confirmed (reconciled) or during provisioning when the user has been successfully created in the target app. This value isn&#39;t populated for SSO app assignments (for example, SAML or SWA) because it isn&#39;t synchronized with a target app. | [optional] [readonly] 
-**Id** | **string** | Unique identifier of the App User object (only required for apps with &#x60;signOnMode&#x60; or authentication schemes that don&#39;t require credentials) | [optional] 
+**ExternalId** | **string** | The ID of the user in the target app that&#39;s linked to the Okta Application User object. This value is the native app-specific identifier or primary key for the user in the target app.  The &#x60;externalId&#x60; is set during import when the user is confirmed (reconciled) or during provisioning when the user is created in the target app. This value isn&#39;t populated for SSO app assignments (for example, SAML or SWA) because it isn&#39;t synchronized with a target app. | [optional] [readonly] 
+**Id** | **string** | Unique identifier for the Okta User | [optional] 
 **LastSync** | **DateTimeOffset** | Timestamp of the last synchronization operation. This value is only updated for apps with the &#x60;IMPORT_PROFILE_UPDATES&#x60; or &#x60;PUSH PROFILE_UPDATES&#x60; feature. | [optional] [readonly] 
-**LastUpdated** | **DateTimeOffset** | Timestamp when App User was last updated | [readonly] 
-**PasswordChanged** | **DateTimeOffset?** | Timestamp when the App User password was last changed | [optional] [readonly] 
-**Profile** | **Dictionary&lt;string, Object&gt;** | App user profiles are app-specific and can be customized by the Profile Editor in the Admin Console. SSO apps typically don&#39;t support app user profiles, while apps with user provisioning features have app-specific profiles. Properties that are visible in the Admin Console for an app assignment can also be assigned through the API. Some properties are reference properties that are imported from the target app and can&#39;t be configured. | [optional] 
-**Scope** | **string** | Toggles the assignment between user or group scope | 
-**Status** | **AppUserStatus** |  | 
-**StatusChanged** | **DateTimeOffset** | Timestamp when the App User status was last changed | [readonly] 
+**LastUpdated** | **DateTimeOffset** |  | [optional] 
+**PasswordChanged** | **DateTimeOffset?** | Timestamp when the Application User password was last changed | [optional] [readonly] 
+**Profile** | **Dictionary&lt;string, Object&gt;** | Specifies the default and custom profile properties for a user. Properties that are visible in the Admin Console for an app assignment can also be assigned through the API. Some properties are reference properties that are imported from the target app and can&#39;t be configured. See [profile](/openapi/okta-management/management/tag/User/#tag/User/operation/getUser!c&#x3D;200&amp;path&#x3D;profile&amp;t&#x3D;response).  | [optional] 
+**Scope** | **string** | Indicates if the assignment is direct (&#x60;USER&#x60;) or by group membership (&#x60;GROUP&#x60;). | [optional] 
+**Status** | **AppUserStatus** |  | [optional] 
+**StatusChanged** | **DateTimeOffset** | Timestamp when the Application User status was last changed | [optional] [readonly] 
 **SyncState** | **AppUserSyncState** |  | [optional] 
-**Embedded** | **Dictionary&lt;string, Object&gt;** | Embedded resources related to the App User using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification | [optional] [readonly] 
-**Links** | [**LinksAppAndUser**](LinksAppAndUser.md) |  | 
+**Embedded** | **Dictionary&lt;string, Object&gt;** | Embedded resources related to the Application User using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification | [optional] [readonly] 
+**Links** | [**LinksAppAndUser**](LinksAppAndUser.md) |  | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/AppUserAssignRequest.md b/docs/AppUserAssignRequest.md
new file mode 100644
index 000000000..ae59b96b4
--- /dev/null
+++ b/docs/AppUserAssignRequest.md
@@ -0,0 +1,23 @@
+# Okta.Sdk.Model.AppUserAssignRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | **DateTimeOffset** |  | [optional] 
+**Credentials** | [**AppUserCredentials**](AppUserCredentials.md) |  | [optional] 
+**ExternalId** | **string** | The ID of the user in the target app that&#39;s linked to the Okta Application User object. This value is the native app-specific identifier or primary key for the user in the target app.  The &#x60;externalId&#x60; is set during import when the user is confirmed (reconciled) or during provisioning when the user is created in the target app. This value isn&#39;t populated for SSO app assignments (for example, SAML or SWA) because it isn&#39;t synchronized with a target app. | [optional] [readonly] 
+**Id** | **string** | Unique identifier for the Okta User | 
+**LastSync** | **DateTimeOffset** | Timestamp of the last synchronization operation. This value is only updated for apps with the &#x60;IMPORT_PROFILE_UPDATES&#x60; or &#x60;PUSH PROFILE_UPDATES&#x60; feature. | [optional] [readonly] 
+**LastUpdated** | **DateTimeOffset** |  | [optional] 
+**PasswordChanged** | **DateTimeOffset?** | Timestamp when the Application User password was last changed | [optional] [readonly] 
+**Profile** | **Dictionary&lt;string, Object&gt;** | Specifies the default and custom profile properties for a user. Properties that are visible in the Admin Console for an app assignment can also be assigned through the API. Some properties are reference properties that are imported from the target app and can&#39;t be configured. See [profile](/openapi/okta-management/management/tag/User/#tag/User/operation/getUser!c&#x3D;200&amp;path&#x3D;profile&amp;t&#x3D;response).  | [optional] 
+**Scope** | **string** | Indicates if the assignment is direct (&#x60;USER&#x60;) or by group membership (&#x60;GROUP&#x60;). | [optional] 
+**Status** | **AppUserStatus** |  | [optional] 
+**StatusChanged** | **DateTimeOffset** | Timestamp when the Application User status was last changed | [optional] [readonly] 
+**SyncState** | **AppUserSyncState** |  | [optional] 
+**Embedded** | **Dictionary&lt;string, Object&gt;** | Embedded resources related to the Application User using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification | [optional] [readonly] 
+**Links** | [**LinksAppAndUser**](LinksAppAndUser.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AppUserCredentials.md b/docs/AppUserCredentials.md
index ed0a3ecd1..45f9ba8dd 100644
--- a/docs/AppUserCredentials.md
+++ b/docs/AppUserCredentials.md
@@ -1,12 +1,12 @@
 # Okta.Sdk.Model.AppUserCredentials
-Specifies a user's credentials for the app. The authentication scheme of the app determines whether a username or password can be assigned to a user.
+Specifies a user's credentials for the app. This parameter can be omitted for apps with [sign-on mode](/openapi/okta-management/management/tag/Application/#tag/Application/operation/getApplication!c=200&path=0/signOnMode&t=response) (`signOnMode`) or [authentication schemes](/openapi/okta-management/management/tag/Application/#tag/Application/operation/getApplication!c=200&path=0/credentials/scheme&t=response) (`credentials.scheme`) that don't require credentials. 
 
 ## Properties
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **Password** | [**AppUserPasswordCredential**](AppUserPasswordCredential.md) |  | [optional] 
-**UserName** | **string** | Username for the app | [optional] 
+**UserName** | **string** | The user&#39;s username in the app | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/AppUserCredentialsRequestPayload.md b/docs/AppUserCredentialsRequestPayload.md
new file mode 100644
index 000000000..3c9d3231b
--- /dev/null
+++ b/docs/AppUserCredentialsRequestPayload.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.AppUserCredentialsRequestPayload
+Updates the assigned user credentials
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Credentials** | [**AppUserCredentials**](AppUserCredentials.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AppUserPasswordCredential.md b/docs/AppUserPasswordCredential.md
index 5a103a071..057e10ff0 100644
--- a/docs/AppUserPasswordCredential.md
+++ b/docs/AppUserPasswordCredential.md
@@ -1,5 +1,5 @@
 # Okta.Sdk.Model.AppUserPasswordCredential
-Specifies a password for a user. This is a write-only property. An empty `password` object is returned to indicate that a password value exists.
+The user's password. This is a write-only property. An empty `password` object is returned to indicate that a password value exists.
 
 ## Properties
 
diff --git a/docs/AppUserProfileRequestPayload.md b/docs/AppUserProfileRequestPayload.md
new file mode 100644
index 000000000..77a018b1c
--- /dev/null
+++ b/docs/AppUserProfileRequestPayload.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.AppUserProfileRequestPayload
+Updates the assigned user profile > **Note:** The Okta API currently doesn't support entity tags for conditional updates. As long as you're the only user updating the the user profile, Okta recommends you fetch the most recent profile with [Retrieve an Application User](/openapi/okta-management/management/tag/ApplicationUsers/#tag/ApplicationUsers/operation/getApplicationUser), apply your profile update, and then `POST` back the updated profile.
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Profile** | **Dictionary&lt;string, Object&gt;** | Specifies the default and custom profile properties for a user. Properties that are visible in the Admin Console for an app assignment can also be assigned through the API. Some properties are reference properties that are imported from the target app and can&#39;t be configured. See [profile](/openapi/okta-management/management/tag/User/#tag/User/operation/getUser!c&#x3D;200&amp;path&#x3D;profile&amp;t&#x3D;response).  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AppUserStatus.md b/docs/AppUserStatus.md
index 4157eb7c2..792577315 100644
--- a/docs/AppUserStatus.md
+++ b/docs/AppUserStatus.md
@@ -1,5 +1,5 @@
 # Okta.Sdk.Model.AppUserStatus
-Status of an App User
+Status of an Application User
 
 ## Properties
 
diff --git a/docs/AppUserSyncState.md b/docs/AppUserSyncState.md
index 1fa2bd6b4..a7014947a 100644
--- a/docs/AppUserSyncState.md
+++ b/docs/AppUserSyncState.md
@@ -1,5 +1,5 @@
 # Okta.Sdk.Model.AppUserSyncState
-The synchronization state for the App User. The App User's `syncState` depends on whether the `PROFILE_MASTERING` feature is enabled for the app.  > **Note:** User provisioning currently must be configured through the Admin Console.
+The synchronization state for the Application User. The Application User's `syncState` depends on whether the `PROFILE_MASTERING` feature is enabled for the app.  > **Note:** User provisioning currently must be configured through the Admin Console.
 
 ## Properties
 
diff --git a/docs/AppUserUpdateRequest.md b/docs/AppUserUpdateRequest.md
new file mode 100644
index 000000000..54604f105
--- /dev/null
+++ b/docs/AppUserUpdateRequest.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.AppUserUpdateRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Credentials** | [**AppUserCredentials**](AppUserCredentials.md) |  | [optional] 
+**Profile** | **Dictionary&lt;string, Object&gt;** | Specifies the default and custom profile properties for a user. Properties that are visible in the Admin Console for an app assignment can also be assigned through the API. Some properties are reference properties that are imported from the target app and can&#39;t be configured. See [profile](/openapi/okta-management/management/tag/User/#tag/User/operation/getUser!c&#x3D;200&amp;path&#x3D;profile&amp;t&#x3D;response).  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/Application.md b/docs/Application.md
index 3f6eeb4ff..662c51892 100644
--- a/docs/Application.md
+++ b/docs/Application.md
@@ -5,14 +5,14 @@
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **Accessibility** | [**ApplicationAccessibility**](ApplicationAccessibility.md) |  | [optional] 
-**Created** | **DateTimeOffset** |  | [optional] [readonly] 
-**Features** | **List&lt;string&gt;** |  | [optional] 
-**Id** | **string** |  | [optional] [readonly] 
-**Label** | **string** |  | [optional] 
-**LastUpdated** | **DateTimeOffset** |  | [optional] [readonly] 
+**Created** | **DateTimeOffset** | Timestamp when the Application object was created | [optional] [readonly] 
+**Features** | **List&lt;string&gt;** | Enabled app features | [optional] 
+**Id** | **string** | Unique ID for the app instance | [optional] [readonly] 
+**Label** | **string** | User-defined display name for app | 
+**LastUpdated** | **DateTimeOffset** | Timestamp when the Application object was last updated | [optional] [readonly] 
 **Licensing** | [**ApplicationLicensing**](ApplicationLicensing.md) |  | [optional] 
-**Profile** | **Dictionary&lt;string, Object&gt;** |  | [optional] 
-**SignOnMode** | **ApplicationSignOnMode** |  | [optional] 
+**Profile** | **Dictionary&lt;string, Object&gt;** | Contains any valid JSON schema for specifying properties that can be referenced from a request (only available to OAuth 2.0 client apps) | [optional] 
+**SignOnMode** | **ApplicationSignOnMode** |  | 
 **Status** | **ApplicationLifecycleStatus** |  | [optional] 
 **Visibility** | [**ApplicationVisibility**](ApplicationVisibility.md) |  | [optional] 
 **Embedded** | **Dictionary&lt;string, Object&gt;** |  | [optional] [readonly] 
diff --git a/docs/ApplicationAccessibility.md b/docs/ApplicationAccessibility.md
index f3424cb95..1c87d2f4c 100644
--- a/docs/ApplicationAccessibility.md
+++ b/docs/ApplicationAccessibility.md
@@ -1,12 +1,13 @@
 # Okta.Sdk.Model.ApplicationAccessibility
+Specifies access settings for the app
 
 ## Properties
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**ErrorRedirectUrl** | **string** |  | [optional] 
-**LoginRedirectUrl** | **string** |  | [optional] 
-**SelfService** | **bool** |  | [optional] 
+**ErrorRedirectUrl** | **string** | Custom error page URL for the app | [optional] 
+**LoginRedirectUrl** | **string** | Custom login page URL for the app | [optional] 
+**SelfService** | **bool** | Represents whether the app can be self-assignable by users | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/ApplicationCredentials.md b/docs/ApplicationCredentials.md
index 3b262ac8b..aa0def020 100644
--- a/docs/ApplicationCredentials.md
+++ b/docs/ApplicationCredentials.md
@@ -1,4 +1,5 @@
 # Okta.Sdk.Model.ApplicationCredentials
+Credentials for the specified `signOnMode`
 
 ## Properties
 
diff --git a/docs/ApplicationCredentialsOAuthClient.md b/docs/ApplicationCredentialsOAuthClient.md
index c7a519e2e..1baba403e 100644
--- a/docs/ApplicationCredentialsOAuthClient.md
+++ b/docs/ApplicationCredentialsOAuthClient.md
@@ -7,6 +7,7 @@ Name | Type | Description | Notes
 **AutoKeyRotation** | **bool** |  | [optional] 
 **ClientId** | **string** |  | [optional] 
 **ClientSecret** | **string** |  | [optional] 
+**PkceRequired** | **bool** | Require Proof Key for Code Exchange (PKCE) for additional verification | [optional] 
 **TokenEndpointAuthMethod** | **OAuthEndpointAuthenticationMethod** |  | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
diff --git a/docs/ApplicationFeature.md b/docs/ApplicationFeature.md
index be528f90f..2ed775eef 100644
--- a/docs/ApplicationFeature.md
+++ b/docs/ApplicationFeature.md
@@ -1,13 +1,12 @@
 # Okta.Sdk.Model.ApplicationFeature
-The Feature object is used to configure application feature settings.  The only feature currently supported is `USER_PROVISIONING` for the Org2Org application type. 
+The Feature object is used to configure application feature settings. 
 
 ## Properties
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Capabilities** | [**ApplicationFeatureCapabilities**](ApplicationFeatureCapabilities.md) |  | [optional] 
 **Description** | **string** | Description of the feature | [optional] [readonly] 
-**Name** | **string** | Identifying name of the feature | [optional] [readonly] 
+**Name** | **ApplicationFeatureType** |  | [optional] 
 **Status** | **EnabledStatus** |  | [optional] 
 **Links** | [**ApplicationFeatureLinks**](ApplicationFeatureLinks.md) |  | [optional] 
 
diff --git a/docs/ApplicationFeatureType.md b/docs/ApplicationFeatureType.md
new file mode 100644
index 000000000..c688aacb6
--- /dev/null
+++ b/docs/ApplicationFeatureType.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.ApplicationFeatureType
+Identifying name of the feature  | Value | Description   | | - -- -- -- -- | - -- -- -- -- -- -- | | USER_PROVISIONING  | Represents the **To App** provisioning feature setting in the Admin Console | | INBOUND_PROVISIONING | Represents the **To Okta** provisioning feature setting in the Admin Console | 
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/ApplicationGroupAssignment.md b/docs/ApplicationGroupAssignment.md
index a3f2006d4..2c2185e60 100644
--- a/docs/ApplicationGroupAssignment.md
+++ b/docs/ApplicationGroupAssignment.md
@@ -1,15 +1,16 @@
 # Okta.Sdk.Model.ApplicationGroupAssignment
+The Application Group object that defines a group of users' app-specific profile and credentials for an app
 
 ## Properties
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Id** | **string** |  | [optional] [readonly] 
-**LastUpdated** | **DateTimeOffset** |  | [optional] [readonly] 
-**Priority** | **int** |  | [optional] 
-**Profile** | **Dictionary&lt;string, Object&gt;** |  | [optional] 
-**Embedded** | **Dictionary&lt;string, Object&gt;** |  | [optional] [readonly] 
-**Links** | [**LinksSelf**](LinksSelf.md) |  | [optional] 
+**Id** | **string** | ID of the [Group](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Group/) | [optional] [readonly] 
+**LastUpdated** | **DateTimeOffset** |  | [optional] 
+**Priority** | **int** | Priority assigned to the group. If an app has more than one group assigned to the same user, then the group with the higher priority has its profile applied to the [Application User](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/ApplicationUsers/). If a priority value isn&#39;t specified, then the next highest priority is assigned by default. See [Assign attribute group priority](https://help.okta.com/okta_help.htm?type&#x3D;oie&amp;id&#x3D;ext-usgp-app-group-priority) and the [sample priority use case](https://help.okta.com/okta_help.htm?type&#x3D;oie&amp;id&#x3D;ext-usgp-combine-values-use). | [optional] 
+**Profile** | **Dictionary&lt;string, Object&gt;** | Specifies the profile properties applied to [Application Users](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/ApplicationUsers/) that are assigned to the app through group membership.  Some reference properties are imported from the target app and can&#39;t be configured. See [profile](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/getUser!c&#x3D;200&amp;path&#x3D;profile&amp;t&#x3D;response). | [optional] 
+**Embedded** | **Dictionary&lt;string, Object&gt;** | Embedded resource related to the Application Group using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. If the &#x60;expand&#x3D;group&#x60; query parameter is specified, then the [Group](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Group/) object is embedded.  If the &#x60;expand&#x3D;metadata&#x60; query parameter is specified, then the group assignment metadata is embedded. | [optional] [readonly] 
+**Links** | [**ApplicationGroupAssignmentLinks**](ApplicationGroupAssignmentLinks.md) |  | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/ApplicationGroupAssignmentLinks.md b/docs/ApplicationGroupAssignmentLinks.md
new file mode 100644
index 000000000..23b32f756
--- /dev/null
+++ b/docs/ApplicationGroupAssignmentLinks.md
@@ -0,0 +1,12 @@
+# Okta.Sdk.Model.ApplicationGroupAssignmentLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | [**HrefObjectSelfLink**](HrefObjectSelfLink.md) |  | [optional] 
+**App** | [**HrefObjectAppLink**](HrefObjectAppLink.md) |  | [optional] 
+**Group** | [**HrefObjectGroupLink**](HrefObjectGroupLink.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/ApplicationLicensing.md b/docs/ApplicationLicensing.md
index 3305aeecf..6b1da8e49 100644
--- a/docs/ApplicationLicensing.md
+++ b/docs/ApplicationLicensing.md
@@ -4,7 +4,7 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**SeatCount** | **int** |  | [optional] 
+**SeatCount** | **int** | Number of licenses purchased for the app | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/ApplicationLifecycleStatus.md b/docs/ApplicationLifecycleStatus.md
index 3253820aa..914e97129 100644
--- a/docs/ApplicationLifecycleStatus.md
+++ b/docs/ApplicationLifecycleStatus.md
@@ -1,4 +1,5 @@
 # Okta.Sdk.Model.ApplicationLifecycleStatus
+App instance status
 
 ## Properties
 
diff --git a/docs/ApplicationLinks.md b/docs/ApplicationLinks.md
index 4514142a8..efa8a96c5 100644
--- a/docs/ApplicationLinks.md
+++ b/docs/ApplicationLinks.md
@@ -1,4 +1,5 @@
 # Okta.Sdk.Model.ApplicationLinks
+Discoverable resources related to the app
 
 ## Properties
 
diff --git a/docs/ApplicationSettings.md b/docs/ApplicationSettings.md
index 51f32210f..07dac9dac 100644
--- a/docs/ApplicationSettings.md
+++ b/docs/ApplicationSettings.md
@@ -1,4 +1,5 @@
 # Okta.Sdk.Model.ApplicationSettings
+App settings
 
 ## Properties
 
diff --git a/docs/ApplicationSignOnMode.md b/docs/ApplicationSignOnMode.md
index f5eb6639c..76b7bd635 100644
--- a/docs/ApplicationSignOnMode.md
+++ b/docs/ApplicationSignOnMode.md
@@ -1,4 +1,5 @@
 # Okta.Sdk.Model.ApplicationSignOnMode
+Authentication mode for the app
 
 ## Properties
 
diff --git a/docs/ApplicationType.md b/docs/ApplicationType.md
new file mode 100644
index 000000000..e878d6b7e
--- /dev/null
+++ b/docs/ApplicationType.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.ApplicationType
+The type of client application. Default value: `web`.
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/ApplicationVisibility.md b/docs/ApplicationVisibility.md
index e9d969abf..a1b3d8775 100644
--- a/docs/ApplicationVisibility.md
+++ b/docs/ApplicationVisibility.md
@@ -4,9 +4,9 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**AppLinks** | **Dictionary&lt;string, bool&gt;** |  | [optional] 
-**AutoLaunch** | **bool** |  | [optional] 
-**AutoSubmitToolbar** | **bool** |  | [optional] 
+**AppLinks** | **Dictionary&lt;string, bool&gt;** | Links or icons that appear on the End-User Dashboard when they&#39;re assigned to the app | [optional] 
+**AutoLaunch** | **bool** | Automatically signs in to the app when user signs into Okta | [optional] 
+**AutoSubmitToolbar** | **bool** | Automatically sign in when user lands on the sign-in page | [optional] 
 **Hide** | [**ApplicationVisibilityHide**](ApplicationVisibilityHide.md) |  | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
diff --git a/docs/ApplicationVisibilityHide.md b/docs/ApplicationVisibilityHide.md
index 2fa89a3ff..f49b3dc0e 100644
--- a/docs/ApplicationVisibilityHide.md
+++ b/docs/ApplicationVisibilityHide.md
@@ -1,4 +1,5 @@
 # Okta.Sdk.Model.ApplicationVisibilityHide
+Hides the app for specific end-user apps
 
 ## Properties
 
diff --git a/docs/AssignRoleToClientRequest.md b/docs/AssignRoleToClientRequest.md
new file mode 100644
index 000000000..ddf68f2fb
--- /dev/null
+++ b/docs/AssignRoleToClientRequest.md
@@ -0,0 +1,12 @@
+# Okta.Sdk.Model.AssignRoleToClientRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Type** | **string** | Standard role type | [optional] 
+**ResourceSet** | **string** | Resource Set ID | [optional] 
+**Role** | **string** | Custom Role ID | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AssignUserToRealm.md b/docs/AssignUserToRealm.md
new file mode 100644
index 000000000..d2aad5073
--- /dev/null
+++ b/docs/AssignUserToRealm.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.AssignUserToRealm
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**RealmId** | **string** |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AttackProtectionAuthenticatorSettings.md b/docs/AttackProtectionAuthenticatorSettings.md
new file mode 100644
index 000000000..704a969fa
--- /dev/null
+++ b/docs/AttackProtectionAuthenticatorSettings.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.AttackProtectionAuthenticatorSettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**VerifyKnowledgeSecondWhen2faRequired** | **bool** | If true, requires users to verify a possession factor before verifying a knowledge factor when the assurance requires two-factor authentication (2FA). | [optional] [default to false]
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthServerLinks.md b/docs/AuthServerLinks.md
new file mode 100644
index 000000000..0399dfc47
--- /dev/null
+++ b/docs/AuthServerLinks.md
@@ -0,0 +1,16 @@
+# Okta.Sdk.Model.AuthServerLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | [**HrefObjectSelfLink**](HrefObjectSelfLink.md) |  | [optional] 
+**Claims** | **Object** |  | [optional] 
+**Deactivate** | [**HrefObjectDeactivateLink**](HrefObjectDeactivateLink.md) |  | [optional] 
+**Metadata** | [**List&lt;HrefObject&gt;**](HrefObject.md) | Link to the authorization server metadata | [optional] 
+**Policies** | **Object** |  | [optional] 
+**RotateKey** | **Object** |  | [optional] 
+**Scopes** | **Object** |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticationProvider.md b/docs/AuthenticationProvider.md
index 6bf0d195b..6ce639d90 100644
--- a/docs/AuthenticationProvider.md
+++ b/docs/AuthenticationProvider.md
@@ -1,10 +1,11 @@
 # Okta.Sdk.Model.AuthenticationProvider
+Specifies the authentication provider that validates the user's password credential. The user's current provider  is managed by the Delegated Authentication settings for your organization. The provider object is read-only.
 
 ## Properties
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Name** | **string** |  | [optional] 
+**Name** | **string** | The name of the authentication provider | [optional] [readonly] 
 **Type** | **AuthenticationProviderType** |  | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
diff --git a/docs/AuthenticationProviderType.md b/docs/AuthenticationProviderType.md
index 51351f560..265b3984c 100644
--- a/docs/AuthenticationProviderType.md
+++ b/docs/AuthenticationProviderType.md
@@ -1,4 +1,5 @@
 # Okta.Sdk.Model.AuthenticationProviderType
+The type of authentication provider
 
 ## Properties
 
diff --git a/docs/AuthenticatorBase.md b/docs/AuthenticatorBase.md
new file mode 100644
index 000000000..4a22c5dd0
--- /dev/null
+++ b/docs/AuthenticatorBase.md
@@ -0,0 +1,17 @@
+# Okta.Sdk.Model.AuthenticatorBase
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | **DateTimeOffset** | Timestamp when the Authenticator was created | [optional] [readonly] 
+**Id** | **string** | A unique identifier for the Authenticator | [optional] [readonly] 
+**Key** | **AuthenticatorKeyEnum** |  | [optional] 
+**LastUpdated** | **DateTimeOffset** | Timestamp when the Authenticator was last modified | [optional] [readonly] 
+**Name** | **string** | Display name of the Authenticator | [optional] 
+**Status** | **LifecycleStatus** |  | [optional] 
+**Type** | **AuthenticatorType** |  | [optional] 
+**Links** | [**AuthenticatorLinks**](AuthenticatorLinks.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeyCustomApp.md b/docs/AuthenticatorKeyCustomApp.md
new file mode 100644
index 000000000..02f21800b
--- /dev/null
+++ b/docs/AuthenticatorKeyCustomApp.md
@@ -0,0 +1,12 @@
+# Okta.Sdk.Model.AuthenticatorKeyCustomApp
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AgreeToTerms** | **bool** | A value of &#x60;true&#x60; indicates that the administrator accepts the [terms](https://www.okta.com/privacy-policy/)for creating a new authenticator. Okta requires that you accept the terms when creating a new &#x60;custom_app&#x60; authenticator. Other authenticators don&#39;t require this field. | [optional] 
+**Provider** | [**AuthenticatorKeyCustomAppAllOfProvider**](AuthenticatorKeyCustomAppAllOfProvider.md) |  | [optional] 
+**Settings** | [**AuthenticatorKeyCustomAppAllOfSettings**](AuthenticatorKeyCustomAppAllOfSettings.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeyCustomAppAllOfProvider.md b/docs/AuthenticatorKeyCustomAppAllOfProvider.md
new file mode 100644
index 000000000..3770f3187
--- /dev/null
+++ b/docs/AuthenticatorKeyCustomAppAllOfProvider.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.AuthenticatorKeyCustomAppAllOfProvider
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Type** | **string** | Provider type | [optional] 
+**_Configuration** | [**AuthenticatorKeyCustomAppAllOfProviderConfiguration**](AuthenticatorKeyCustomAppAllOfProviderConfiguration.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeyCustomAppAllOfProviderConfiguration.md b/docs/AuthenticatorKeyCustomAppAllOfProviderConfiguration.md
new file mode 100644
index 000000000..a5f7ebfce
--- /dev/null
+++ b/docs/AuthenticatorKeyCustomAppAllOfProviderConfiguration.md
@@ -0,0 +1,12 @@
+# Okta.Sdk.Model.AuthenticatorKeyCustomAppAllOfProviderConfiguration
+The configuration of the provider
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Apns** | [**AuthenticatorKeyCustomAppAllOfProviderConfigurationApns**](AuthenticatorKeyCustomAppAllOfProviderConfigurationApns.md) |  | [optional] 
+**Fcm** | [**AuthenticatorKeyCustomAppAllOfProviderConfigurationFcm**](AuthenticatorKeyCustomAppAllOfProviderConfigurationFcm.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeyCustomAppAllOfProviderConfigurationApns.md b/docs/AuthenticatorKeyCustomAppAllOfProviderConfigurationApns.md
new file mode 100644
index 000000000..55e46ab6b
--- /dev/null
+++ b/docs/AuthenticatorKeyCustomAppAllOfProviderConfigurationApns.md
@@ -0,0 +1,12 @@
+# Okta.Sdk.Model.AuthenticatorKeyCustomAppAllOfProviderConfigurationApns
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | **string** | ID of the APNs (Apple Push Notification Service) [configurations](https://developer.okta.com/docs/reference/api/push-providers/) | [optional] 
+**AppBundleId** | **string** | AppBundleId of the APNs (Apple Push Notification Service) [configurations](https://developer.okta.com/docs/reference/api/push-providers/) | [optional] 
+**DebugAppBundleId** | **string** | DebugAppBundleId of the APNs (Apple Push Notification Service) [configurations](https://developer.okta.com/docs/reference/api/push-providers/) | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeyCustomAppAllOfProviderConfigurationFcm.md b/docs/AuthenticatorKeyCustomAppAllOfProviderConfigurationFcm.md
new file mode 100644
index 000000000..c6c7d50d7
--- /dev/null
+++ b/docs/AuthenticatorKeyCustomAppAllOfProviderConfigurationFcm.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.AuthenticatorKeyCustomAppAllOfProviderConfigurationFcm
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | **string** | ID of the FCM (Firebase Cloud Messaging Service) [configurations](https://developer.okta.com/docs/reference/api/push-providers/) | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeyCustomAppAllOfSettings.md b/docs/AuthenticatorKeyCustomAppAllOfSettings.md
new file mode 100644
index 000000000..967bfdcb4
--- /dev/null
+++ b/docs/AuthenticatorKeyCustomAppAllOfSettings.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.AuthenticatorKeyCustomAppAllOfSettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**UserVerification** | **CustomAppUserVerificationEnum** |  | [optional] 
+**AppInstanceId** | **string** | The application instance ID. For custom_app, you need to create an OIDC native app using the [Apps API](https://developer.okta.com/docs/reference/api/apps/) with &#x60;Authorization Code&#x60; and &#x60;Refresh Token&#x60; grant types. You can leave both &#x60;Sign-in redirect URIs&#x60; and &#x60;Sign-out redirect URIs&#x60; as the default values. | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeyDuo.md b/docs/AuthenticatorKeyDuo.md
new file mode 100644
index 000000000..b0f5cfa1a
--- /dev/null
+++ b/docs/AuthenticatorKeyDuo.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.AuthenticatorKeyDuo
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Provider** | [**AuthenticatorKeyDuoAllOfProvider**](AuthenticatorKeyDuoAllOfProvider.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeyDuoAllOfProvider.md b/docs/AuthenticatorKeyDuoAllOfProvider.md
new file mode 100644
index 000000000..8bcc987ed
--- /dev/null
+++ b/docs/AuthenticatorKeyDuoAllOfProvider.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.AuthenticatorKeyDuoAllOfProvider
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Type** | **string** | Provider type | [optional] 
+**_Configuration** | [**AuthenticatorKeyDuoAllOfProviderConfiguration**](AuthenticatorKeyDuoAllOfProviderConfiguration.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeyDuoAllOfProviderConfiguration.md b/docs/AuthenticatorKeyDuoAllOfProviderConfiguration.md
new file mode 100644
index 000000000..9a865a36e
--- /dev/null
+++ b/docs/AuthenticatorKeyDuoAllOfProviderConfiguration.md
@@ -0,0 +1,13 @@
+# Okta.Sdk.Model.AuthenticatorKeyDuoAllOfProviderConfiguration
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Host** | **string** | The Duo Security API hostname | [optional] 
+**IntegrationKey** | **string** | The Duo Security integration key | [optional] 
+**SecretKey** | **string** | The Duo Security secret key | [optional] 
+**UserNameTemplate** | [**AuthenticatorKeyDuoAllOfProviderConfigurationUserNameTemplate**](AuthenticatorKeyDuoAllOfProviderConfigurationUserNameTemplate.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeyDuoAllOfProviderConfigurationUserNameTemplate.md b/docs/AuthenticatorKeyDuoAllOfProviderConfigurationUserNameTemplate.md
new file mode 100644
index 000000000..b1fa62873
--- /dev/null
+++ b/docs/AuthenticatorKeyDuoAllOfProviderConfigurationUserNameTemplate.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.AuthenticatorKeyDuoAllOfProviderConfigurationUserNameTemplate
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Template** | **string** | The Duo Security user template name | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeyEmail.md b/docs/AuthenticatorKeyEmail.md
new file mode 100644
index 000000000..41cb6265d
--- /dev/null
+++ b/docs/AuthenticatorKeyEmail.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.AuthenticatorKeyEmail
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Settings** | [**AuthenticatorKeyEmailAllOfSettings**](AuthenticatorKeyEmailAllOfSettings.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeyEmailAllOfSettings.md b/docs/AuthenticatorKeyEmailAllOfSettings.md
new file mode 100644
index 000000000..d9a8245fa
--- /dev/null
+++ b/docs/AuthenticatorKeyEmailAllOfSettings.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.AuthenticatorKeyEmailAllOfSettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AllowedFor** | **AllowedForEnum** |  | [optional] 
+**TokenLifetimeInMinutes** | **decimal** | Specifies the lifetime of an email token. Default value is 5 minutes. | [optional] [default to 5M]
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeyEnum.md b/docs/AuthenticatorKeyEnum.md
new file mode 100644
index 000000000..16ef367e8
--- /dev/null
+++ b/docs/AuthenticatorKeyEnum.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.AuthenticatorKeyEnum
+A human-readable string that identifies the Authenticator
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeyExternalIdp.md b/docs/AuthenticatorKeyExternalIdp.md
new file mode 100644
index 000000000..5dc43c7b0
--- /dev/null
+++ b/docs/AuthenticatorKeyExternalIdp.md
@@ -0,0 +1,9 @@
+# Okta.Sdk.Model.AuthenticatorKeyExternalIdp
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeyGoogleOtp.md b/docs/AuthenticatorKeyGoogleOtp.md
new file mode 100644
index 000000000..53053310c
--- /dev/null
+++ b/docs/AuthenticatorKeyGoogleOtp.md
@@ -0,0 +1,9 @@
+# Okta.Sdk.Model.AuthenticatorKeyGoogleOtp
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeyOktaVerify.md b/docs/AuthenticatorKeyOktaVerify.md
new file mode 100644
index 000000000..abeccecc7
--- /dev/null
+++ b/docs/AuthenticatorKeyOktaVerify.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.AuthenticatorKeyOktaVerify
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Settings** | [**AuthenticatorKeyOktaVerifyAllOfSettings**](AuthenticatorKeyOktaVerifyAllOfSettings.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeyOktaVerifyAllOfSettings.md b/docs/AuthenticatorKeyOktaVerifyAllOfSettings.md
new file mode 100644
index 000000000..12f26abf0
--- /dev/null
+++ b/docs/AuthenticatorKeyOktaVerifyAllOfSettings.md
@@ -0,0 +1,13 @@
+# Okta.Sdk.Model.AuthenticatorKeyOktaVerifyAllOfSettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ChannelBinding** | [**ChannelBinding**](ChannelBinding.md) |  | [optional] 
+**Compliance** | [**Compliance**](Compliance.md) |  | [optional] 
+**UserVerification** | **UserVerificationEnum** |  | [optional] 
+**AppInstanceId** | **string** | The application instance ID | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeyOnprem.md b/docs/AuthenticatorKeyOnprem.md
new file mode 100644
index 000000000..be3e7e6f0
--- /dev/null
+++ b/docs/AuthenticatorKeyOnprem.md
@@ -0,0 +1,9 @@
+# Okta.Sdk.Model.AuthenticatorKeyOnprem
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeyPassword.md b/docs/AuthenticatorKeyPassword.md
new file mode 100644
index 000000000..ce64ba118
--- /dev/null
+++ b/docs/AuthenticatorKeyPassword.md
@@ -0,0 +1,9 @@
+# Okta.Sdk.Model.AuthenticatorKeyPassword
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeyPhone.md b/docs/AuthenticatorKeyPhone.md
new file mode 100644
index 000000000..2cdcec874
--- /dev/null
+++ b/docs/AuthenticatorKeyPhone.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.AuthenticatorKeyPhone
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Settings** | [**AuthenticatorKeyPhoneAllOfSettings**](AuthenticatorKeyPhoneAllOfSettings.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeyPhoneAllOfSettings.md b/docs/AuthenticatorKeyPhoneAllOfSettings.md
new file mode 100644
index 000000000..21e4cd952
--- /dev/null
+++ b/docs/AuthenticatorKeyPhoneAllOfSettings.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.AuthenticatorKeyPhoneAllOfSettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AllowedFor** | **AllowedForEnum** |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeySecurityKey.md b/docs/AuthenticatorKeySecurityKey.md
new file mode 100644
index 000000000..c1c943716
--- /dev/null
+++ b/docs/AuthenticatorKeySecurityKey.md
@@ -0,0 +1,9 @@
+# Okta.Sdk.Model.AuthenticatorKeySecurityKey
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeySecurityQuestion.md b/docs/AuthenticatorKeySecurityQuestion.md
new file mode 100644
index 000000000..a9610cd5a
--- /dev/null
+++ b/docs/AuthenticatorKeySecurityQuestion.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.AuthenticatorKeySecurityQuestion
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Settings** | [**AuthenticatorKeyPhoneAllOfSettings**](AuthenticatorKeyPhoneAllOfSettings.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeySmartCard.md b/docs/AuthenticatorKeySmartCard.md
new file mode 100644
index 000000000..aeccbf0f5
--- /dev/null
+++ b/docs/AuthenticatorKeySmartCard.md
@@ -0,0 +1,9 @@
+# Okta.Sdk.Model.AuthenticatorKeySmartCard
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeySymantecVip.md b/docs/AuthenticatorKeySymantecVip.md
new file mode 100644
index 000000000..8855c76e3
--- /dev/null
+++ b/docs/AuthenticatorKeySymantecVip.md
@@ -0,0 +1,9 @@
+# Okta.Sdk.Model.AuthenticatorKeySymantecVip
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeyWebauthn.md b/docs/AuthenticatorKeyWebauthn.md
new file mode 100644
index 000000000..f35e3eaba
--- /dev/null
+++ b/docs/AuthenticatorKeyWebauthn.md
@@ -0,0 +1,9 @@
+# Okta.Sdk.Model.AuthenticatorKeyWebauthn
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorKeyYubikey.md b/docs/AuthenticatorKeyYubikey.md
new file mode 100644
index 000000000..8bbf632e2
--- /dev/null
+++ b/docs/AuthenticatorKeyYubikey.md
@@ -0,0 +1,9 @@
+# Okta.Sdk.Model.AuthenticatorKeyYubikey
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorMethodAlgorithm.md b/docs/AuthenticatorMethodAlgorithm.md
index 686bcf34b..f75e8a1a8 100644
--- a/docs/AuthenticatorMethodAlgorithm.md
+++ b/docs/AuthenticatorMethodAlgorithm.md
@@ -1,5 +1,4 @@
 # Okta.Sdk.Model.AuthenticatorMethodAlgorithm
-The encryption algorithm for this authenticator method
 
 ## Properties
 
diff --git a/docs/AuthenticatorMethodConstraint.md b/docs/AuthenticatorMethodConstraint.md
index 15d664cf0..ec3f0cd60 100644
--- a/docs/AuthenticatorMethodConstraint.md
+++ b/docs/AuthenticatorMethodConstraint.md
@@ -5,8 +5,8 @@ Limits the authenticators that can be used for a given method. Currently, only t
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Method** | **string** |  | [optional] 
 **AllowedAuthenticators** | [**List&lt;AuthenticatorIdentity&gt;**](AuthenticatorIdentity.md) |  | [optional] 
+**Method** | **string** |  | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/AuthenticatorMethodOtp.md b/docs/AuthenticatorMethodOtp.md
index c9984dc7e..9f53d3830 100644
--- a/docs/AuthenticatorMethodOtp.md
+++ b/docs/AuthenticatorMethodOtp.md
@@ -5,13 +5,13 @@
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **VerifiableProperties** | [**List&lt;AuthenticatorMethodProperty&gt;**](AuthenticatorMethodProperty.md) |  | [optional] 
-**AcceptableAdjacentIntervals** | **int** |  | [optional] 
+**AcceptableAdjacentIntervals** | **int** | The number of acceptable adjacent intervals, also known as the clock drift interval. This setting allows you to build in tolerance for any time difference between the token and the server. For example, with a &#x60;timeIntervalInSeconds&#x60; of 60 seconds and an &#x60;acceptableAdjacentIntervals&#x60; value of 5, Okta accepts passcodes within 300 seconds (60 * 5) before or after the end user enters their code. | [optional] 
 **Algorithm** | **OtpTotpAlgorithm** |  | [optional] 
 **Encoding** | **OtpTotpEncoding** |  | [optional] 
-**FactorProfileId** | **string** |  | [optional] 
-**PassCodeLength** | **int** |  | [optional] 
+**FactorProfileId** | **string** | The &#x60;id&#x60; value of the factor profile | [optional] 
+**PassCodeLength** | **int** | Number of digits in an OTP value | [optional] 
 **Protocol** | **OtpProtocol** |  | [optional] 
-**TimeIntervalInSeconds** | **int** |  | [optional] 
+**TimeIntervalInSeconds** | **int** | Time interval for TOTP in seconds | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/AuthenticatorMethodTotpAllOfSettings.md b/docs/AuthenticatorMethodTotpAllOfSettings.md
index ad8733fd4..55edc61e5 100644
--- a/docs/AuthenticatorMethodTotpAllOfSettings.md
+++ b/docs/AuthenticatorMethodTotpAllOfSettings.md
@@ -4,10 +4,10 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**TimeIntervalInSeconds** | **int** |  | [optional] 
-**Encoding** | **string** |  | [optional] 
-**Algorithm** | **string** |  | [optional] 
-**PassCodeLength** | **int** |  | [optional] 
+**TimeIntervalInSeconds** | **int** | Time interval for TOTP in seconds | [optional] 
+**Encoding** | **OtpTotpEncoding** |  | [optional] 
+**Algorithm** | **OtpTotpAlgorithm** |  | [optional] 
+**PassCodeLength** | **int** | Number of digits in an OTP value | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/AuthenticatorMethodType.md b/docs/AuthenticatorMethodType.md
index 37eb35297..54e90e2bf 100644
--- a/docs/AuthenticatorMethodType.md
+++ b/docs/AuthenticatorMethodType.md
@@ -1,4 +1,5 @@
 # Okta.Sdk.Model.AuthenticatorMethodType
+The type of authenticator method
 
 ## Properties
 
diff --git a/docs/AuthenticatorMethodWebAuthnAllOfSettings.md b/docs/AuthenticatorMethodWebAuthnAllOfSettings.md
index fa6a0fe21..1037f1df2 100644
--- a/docs/AuthenticatorMethodWebAuthnAllOfSettings.md
+++ b/docs/AuthenticatorMethodWebAuthnAllOfSettings.md
@@ -4,6 +4,7 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
+**AaguidGroups** | [**List&lt;AAGUIDGroupObject&gt;**](AAGUIDGroupObject.md) | &lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt; The FIDO2 AAGUID groups available to the WebAuthn authenticator | [optional] 
 **UserVerification** | **UserVerificationEnum** |  | [optional] 
 **Attachment** | **WebAuthnAttachment** |  | [optional] 
 
diff --git a/docs/AuthenticatorSimple.md b/docs/AuthenticatorSimple.md
new file mode 100644
index 000000000..0ae68ae62
--- /dev/null
+++ b/docs/AuthenticatorSimple.md
@@ -0,0 +1,17 @@
+# Okta.Sdk.Model.AuthenticatorSimple
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | **DateTimeOffset** | Timestamp when the Authenticator was created | [optional] [readonly] 
+**Id** | **string** | A unique identifier for the Authenticator | [optional] [readonly] 
+**Key** | [**AuthenticatorKeyEnum**](AuthenticatorKeyEnum.md) |  | [optional] 
+**LastUpdated** | **DateTimeOffset** | Timestamp when the Authenticator was last modified | [optional] [readonly] 
+**Name** | **string** | Display name of the Authenticator | [optional] 
+**Status** | [**LifecycleStatus**](LifecycleStatus.md) |  | [optional] 
+**Type** | [**AuthenticatorType**](AuthenticatorType.md) |  | [optional] 
+**Links** | [**AuthenticatorLinks**](AuthenticatorLinks.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthenticatorType.md b/docs/AuthenticatorType.md
index d1fff594e..1eb52a181 100644
--- a/docs/AuthenticatorType.md
+++ b/docs/AuthenticatorType.md
@@ -1,4 +1,5 @@
 # Okta.Sdk.Model.AuthenticatorType
+The type of Authenticator
 
 ## Properties
 
diff --git a/docs/AuthorizationServer.md b/docs/AuthorizationServer.md
index 010762720..e467ed975 100644
--- a/docs/AuthorizationServer.md
+++ b/docs/AuthorizationServer.md
@@ -4,17 +4,17 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Audiences** | **List&lt;string&gt;** |  | [optional] 
+**Audiences** | **List&lt;string&gt;** | The recipients that the tokens are intended for. This becomes the &#x60;aud&#x60; claim in an access token. Okta currently supports only one audience. | [optional] 
 **Created** | **DateTimeOffset** |  | [optional] [readonly] 
 **Credentials** | [**AuthorizationServerCredentials**](AuthorizationServerCredentials.md) |  | [optional] 
-**Description** | **string** |  | [optional] 
-**Id** | **string** |  | [optional] [readonly] 
-**Issuer** | **string** |  | [optional] 
-**IssuerMode** | **IssuerMode** |  | [optional] 
+**Description** | **string** | The description of the custom authorization server | [optional] 
+**Id** | **string** | The ID of the custom authorization server | [optional] [readonly] 
+**Issuer** | **string** | The complete URL for the custom authorization server. This becomes the &#x60;iss&#x60; claim in an access token. | [optional] 
+**IssuerMode** | **string** | Indicates which value is specified in the issuer of the tokens that a custom authorization server returns: the Okta org domain URL or a custom domain URL.  &#x60;issuerMode&#x60; is visible if you have a custom URL domain configured or the Dynamic Issuer Mode feature enabled. If you have a custom URL domain configured, you can set a custom domain URL in a custom authorization server, and this property is returned in the appropriate responses.  When set to &#x60;ORG_URL&#x60;, then in responses, &#x60;issuer&#x60; is the Okta org domain URL: &#x60;https://${yourOktaDomain}&#x60;.  When set to &#x60;CUSTOM_URL&#x60;, then in responses, &#x60;issuer&#x60; is the custom domain URL configured in the administration user interface.  When set to &#x60;DYNAMIC&#x60;, then in responses, &#x60;issuer&#x60; is the custom domain URL if the OAuth 2.0 request was sent to the custom domain, or is the Okta org&#39;s domain URL if the OAuth 2.0 request was sent to the original Okta org domain.  After you configure a custom URL domain, all new custom authorization servers use &#x60;CUSTOM_URL&#x60; by default. If the Dynamic Issuer Mode feature is enabled, then all new custom authorization servers use &#x60;DYNAMIC&#x60; by default. All existing custom authorization servers continue to use the original value until they&#39;re changed using the Admin Console or the API. This way, existing integrations with the client and resource server continue to work after the feature is enabled. | [optional] 
 **LastUpdated** | **DateTimeOffset** |  | [optional] [readonly] 
-**Name** | **string** |  | [optional] 
+**Name** | **string** | The name of the custom authorization server | [optional] 
 **Status** | **LifecycleStatus** |  | [optional] 
-**Links** | [**LinksSelf**](LinksSelf.md) |  | [optional] 
+**Links** | [**AuthServerLinks**](AuthServerLinks.md) |  | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/AuthorizationServerCredentialsRotationMode.md b/docs/AuthorizationServerCredentialsRotationMode.md
index bb2887784..a5561f17d 100644
--- a/docs/AuthorizationServerCredentialsRotationMode.md
+++ b/docs/AuthorizationServerCredentialsRotationMode.md
@@ -1,4 +1,5 @@
 # Okta.Sdk.Model.AuthorizationServerCredentialsRotationMode
+The Key rotation mode for the authorization server
 
 ## Properties
 
diff --git a/docs/AuthorizationServerCredentialsSigningConfig.md b/docs/AuthorizationServerCredentialsSigningConfig.md
index 12f8e84f4..51598cc36 100644
--- a/docs/AuthorizationServerCredentialsSigningConfig.md
+++ b/docs/AuthorizationServerCredentialsSigningConfig.md
@@ -4,9 +4,9 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Kid** | **string** |  | [optional] 
-**LastRotated** | **DateTimeOffset** |  | [optional] [readonly] 
-**NextRotation** | **DateTimeOffset** |  | [optional] [readonly] 
+**Kid** | **string** | The ID of the JSON Web Key used for signing tokens issued by the authorization server | [optional] [readonly] 
+**LastRotated** | **DateTimeOffset** | The timestamp when the authorization server started using the &#x60;kid&#x60; for signing tokens | [optional] [readonly] 
+**NextRotation** | **DateTimeOffset** | The timestamp when the authorization server changes the Key for signing tokens. This is only returned when &#x60;rotationMode&#x60; is set to &#x60;AUTO&#x60;. | [optional] [readonly] 
 **RotationMode** | **AuthorizationServerCredentialsRotationMode** |  | [optional] 
 **Use** | **AuthorizationServerCredentialsUse** |  | [optional] 
 
diff --git a/docs/AuthorizationServerCredentialsUse.md b/docs/AuthorizationServerCredentialsUse.md
index 4183b82e3..4bd7e35a6 100644
--- a/docs/AuthorizationServerCredentialsUse.md
+++ b/docs/AuthorizationServerCredentialsUse.md
@@ -1,4 +1,5 @@
 # Okta.Sdk.Model.AuthorizationServerCredentialsUse
+How the key is used
 
 ## Properties
 
diff --git a/docs/AuthorizationServerJsonWebKey.md b/docs/AuthorizationServerJsonWebKey.md
new file mode 100644
index 000000000..83fa2ac36
--- /dev/null
+++ b/docs/AuthorizationServerJsonWebKey.md
@@ -0,0 +1,17 @@
+# Okta.Sdk.Model.AuthorizationServerJsonWebKey
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Alg** | **string** | The algorithm used with the Key. Valid value: &#x60;RS256&#x60; | [optional] 
+**E** | **string** | RSA key value (public exponent) for Key binding | [optional] [readonly] 
+**Kid** | **string** | Unique identifier for the key | [optional] [readonly] 
+**Kty** | **string** | Cryptographic algorithm family for the certificate&#39;s keypair. Valid value: &#x60;RSA&#x60; | [optional] [readonly] 
+**N** | **string** | RSA modulus value that is used by both the public and private keys and provides a link between them | [optional] 
+**Status** | **string** | An &#x60;ACTIVE&#x60; Key is used to sign tokens issued by the authorization server. Supported values: &#x60;ACTIVE&#x60;, &#x60;NEXT&#x60;, or &#x60;EXPIRED&#x60;&lt;br&gt; A &#x60;NEXT&#x60; Key is the next Key that the authorization server uses to sign tokens when Keys are rotated. The &#x60;NEXT&#x60; Key might not be listed if it hasn&#39;t been generated. An &#x60;EXPIRED&#x60; Key is the previous Key that the authorization server used to sign tokens. The &#x60;EXPIRED&#x60; Key might not be listed if no Key has expired or the expired Key was deleted. | [optional] 
+**Use** | **string** | Acceptable use of the key. Valid value: &#x60;sig&#x60; | [optional] [readonly] 
+**Links** | [**LinksSelf**](LinksSelf.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthorizationServerPolicy.md b/docs/AuthorizationServerPolicy.md
index d31ccba29..c1ecbdb6b 100644
--- a/docs/AuthorizationServerPolicy.md
+++ b/docs/AuthorizationServerPolicy.md
@@ -4,18 +4,7 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Created** | **DateTimeOffset** | Timestamp when the Policy was created | [optional] [readonly] 
-**Description** | **string** | Policy description | [optional] 
-**Id** | **string** | Policy ID | [optional] [readonly] 
-**LastUpdated** | **DateTimeOffset** | Timestamp when the Policy was last updated | [optional] [readonly] 
-**Name** | **string** | Policy name | [optional] 
-**Priority** | **int** | Specifies the order in which this Policy is evaluated in relation to the other policies | [optional] 
-**Status** | [**LifecycleStatus**](LifecycleStatus.md) |  | [optional] 
-**System** | **bool** | Specifies whether Okta created the Policy | [optional] 
-**Type** | [**PolicyType**](PolicyType.md) |  | [optional] 
-**Embedded** | **Dictionary&lt;string, Object&gt;** |  | [optional] [readonly] 
-**Links** | [**PolicyLinks**](PolicyLinks.md) |  | [optional] 
-**Conditions** | [**PolicyRuleConditions**](PolicyRuleConditions.md) |  | [optional] 
+**Conditions** | [**AuthorizationServerPolicyConditions**](AuthorizationServerPolicyConditions.md) |  | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/AuthorizationServerPolicyConditions.md b/docs/AuthorizationServerPolicyConditions.md
new file mode 100644
index 000000000..6de4fea09
--- /dev/null
+++ b/docs/AuthorizationServerPolicyConditions.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.AuthorizationServerPolicyConditions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Clients** | [**ClientPolicyCondition**](ClientPolicyCondition.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthorizationServerPolicyPeopleCondition.md b/docs/AuthorizationServerPolicyPeopleCondition.md
new file mode 100644
index 000000000..f87fc4234
--- /dev/null
+++ b/docs/AuthorizationServerPolicyPeopleCondition.md
@@ -0,0 +1,12 @@
+# Okta.Sdk.Model.AuthorizationServerPolicyPeopleCondition
+Identifies Users and Groups that are used together
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Groups** | [**AuthorizationServerPolicyRuleGroupCondition**](AuthorizationServerPolicyRuleGroupCondition.md) |  | [optional] 
+**Users** | [**AuthorizationServerPolicyRuleUserCondition**](AuthorizationServerPolicyRuleUserCondition.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthorizationServerPolicyRuleConditions.md b/docs/AuthorizationServerPolicyRuleConditions.md
index 89ac89143..6fb1a6a91 100644
--- a/docs/AuthorizationServerPolicyRuleConditions.md
+++ b/docs/AuthorizationServerPolicyRuleConditions.md
@@ -4,27 +4,9 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**App** | [**AppAndInstancePolicyRuleCondition**](AppAndInstancePolicyRuleCondition.md) |  | [optional] 
-**Apps** | [**AppInstancePolicyRuleCondition**](AppInstancePolicyRuleCondition.md) |  | [optional] 
-**AuthContext** | [**PolicyRuleAuthContextCondition**](PolicyRuleAuthContextCondition.md) |  | [optional] 
-**AuthProvider** | [**PasswordPolicyAuthenticationProviderCondition**](PasswordPolicyAuthenticationProviderCondition.md) |  | [optional] 
-**BeforeScheduledAction** | [**BeforeScheduledActionPolicyRuleCondition**](BeforeScheduledActionPolicyRuleCondition.md) |  | [optional] 
-**Clients** | [**ClientPolicyCondition**](ClientPolicyCondition.md) |  | [optional] 
-**Context** | [**ContextPolicyRuleCondition**](ContextPolicyRuleCondition.md) |  | [optional] 
-**Device** | [**DevicePolicyRuleCondition**](DevicePolicyRuleCondition.md) |  | [optional] 
 **GrantTypes** | [**GrantTypePolicyRuleCondition**](GrantTypePolicyRuleCondition.md) |  | [optional] 
-**Groups** | [**GroupPolicyRuleCondition**](GroupPolicyRuleCondition.md) |  | [optional] 
-**IdentityProvider** | [**IdentityProviderPolicyRuleCondition**](IdentityProviderPolicyRuleCondition.md) |  | [optional] 
-**MdmEnrollment** | [**MDMEnrollmentPolicyRuleCondition**](MDMEnrollmentPolicyRuleCondition.md) |  | [optional] 
-**Network** | [**PolicyNetworkCondition**](PolicyNetworkCondition.md) |  | [optional] 
-**People** | [**PolicyPeopleCondition**](PolicyPeopleCondition.md) |  | [optional] 
-**Platform** | [**PlatformPolicyRuleCondition**](PlatformPolicyRuleCondition.md) |  | [optional] 
-**Risk** | [**RiskPolicyRuleCondition**](RiskPolicyRuleCondition.md) |  | [optional] 
-**RiskScore** | [**RiskScorePolicyRuleCondition**](RiskScorePolicyRuleCondition.md) |  | [optional] 
+**People** | [**AuthorizationServerPolicyPeopleCondition**](AuthorizationServerPolicyPeopleCondition.md) |  | [optional] 
 **Scopes** | [**OAuth2ScopesMediationPolicyRuleCondition**](OAuth2ScopesMediationPolicyRuleCondition.md) |  | [optional] 
-**UserIdentifier** | [**UserIdentifierPolicyRuleCondition**](UserIdentifierPolicyRuleCondition.md) |  | [optional] 
-**Users** | [**UserPolicyRuleCondition**](UserPolicyRuleCondition.md) |  | [optional] 
-**UserStatus** | [**UserStatusPolicyRuleCondition**](UserStatusPolicyRuleCondition.md) |  | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/AuthorizationServerPolicyRuleGroupCondition.md b/docs/AuthorizationServerPolicyRuleGroupCondition.md
new file mode 100644
index 000000000..112ae208d
--- /dev/null
+++ b/docs/AuthorizationServerPolicyRuleGroupCondition.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.AuthorizationServerPolicyRuleGroupCondition
+Specifies a set of Groups whose Users are to be included
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Include** | **List&lt;string&gt;** | Groups to be included | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AuthorizationServerPolicyRuleUserCondition.md b/docs/AuthorizationServerPolicyRuleUserCondition.md
new file mode 100644
index 000000000..4a79d677e
--- /dev/null
+++ b/docs/AuthorizationServerPolicyRuleUserCondition.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.AuthorizationServerPolicyRuleUserCondition
+Specifies a set of Users to be included
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Include** | **List&lt;string&gt;** | Users to be included | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AutoAssignAdminAppSetting.md b/docs/AutoAssignAdminAppSetting.md
new file mode 100644
index 000000000..0df47ef14
--- /dev/null
+++ b/docs/AutoAssignAdminAppSetting.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.AutoAssignAdminAppSetting
+The org setting that automatically assigns the Okta Admin Console when an admin role is assigned
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**_AutoAssignAdminAppSetting** | **bool** |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/AutoLoginApplication.md b/docs/AutoLoginApplication.md
index 775dbf483..5065290df 100644
--- a/docs/AutoLoginApplication.md
+++ b/docs/AutoLoginApplication.md
@@ -5,20 +5,20 @@
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **Accessibility** | [**ApplicationAccessibility**](ApplicationAccessibility.md) |  | [optional] 
-**Created** | **DateTimeOffset** |  | [optional] [readonly] 
-**Features** | **List&lt;string&gt;** |  | [optional] 
-**Id** | **string** |  | [optional] [readonly] 
-**Label** | **string** |  | [optional] 
-**LastUpdated** | **DateTimeOffset** |  | [optional] [readonly] 
+**Created** | **DateTimeOffset** | Timestamp when the Application object was created | [optional] [readonly] 
+**Features** | **List&lt;string&gt;** | Enabled app features | [optional] 
+**Id** | **string** | Unique ID for the app instance | [optional] [readonly] 
+**Label** | **string** | User-defined display name for app | 
+**LastUpdated** | **DateTimeOffset** | Timestamp when the Application object was last updated | [optional] [readonly] 
 **Licensing** | [**ApplicationLicensing**](ApplicationLicensing.md) |  | [optional] 
-**Profile** | **Dictionary&lt;string, Object&gt;** |  | [optional] 
-**SignOnMode** | [**ApplicationSignOnMode**](ApplicationSignOnMode.md) |  | [optional] 
+**Profile** | **Dictionary&lt;string, Object&gt;** | Contains any valid JSON schema for specifying properties that can be referenced from a request (only available to OAuth 2.0 client apps) | [optional] 
+**SignOnMode** | [**ApplicationSignOnMode**](ApplicationSignOnMode.md) |  | 
 **Status** | [**ApplicationLifecycleStatus**](ApplicationLifecycleStatus.md) |  | [optional] 
 **Visibility** | [**ApplicationVisibility**](ApplicationVisibility.md) |  | [optional] 
 **Embedded** | **Dictionary&lt;string, Object&gt;** |  | [optional] [readonly] 
 **Links** | [**ApplicationLinks**](ApplicationLinks.md) |  | [optional] 
 **Credentials** | [**SchemeApplicationCredentials**](SchemeApplicationCredentials.md) |  | [optional] 
-**Name** | **string** |  | [optional] 
+**Name** | **string** | A unique key is generated for the custom SWA app instance when you use AUTO_LOGIN &#x60;signOnMode&#x60;. | [optional] [readonly] 
 **Settings** | [**AutoLoginApplicationSettings**](AutoLoginApplicationSettings.md) |  | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
diff --git a/docs/AutoLoginApplicationSettingsSignOn.md b/docs/AutoLoginApplicationSettingsSignOn.md
index 49143a27f..f8969bb42 100644
--- a/docs/AutoLoginApplicationSettingsSignOn.md
+++ b/docs/AutoLoginApplicationSettingsSignOn.md
@@ -4,8 +4,8 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**LoginUrl** | **string** |  | [optional] 
-**RedirectUrl** | **string** |  | [optional] 
+**LoginUrl** | **string** | Primary URL of the sign-in page for this app | [optional] 
+**RedirectUrl** | **string** | Secondary URL of the sign-in page for this app | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/BaseEmailServer.md b/docs/BaseEmailServer.md
index 91706ff41..7f439da62 100644
--- a/docs/BaseEmailServer.md
+++ b/docs/BaseEmailServer.md
@@ -4,11 +4,11 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Alias** | **string** | A name to identify this configuration | [optional] 
-**Enabled** | **bool** | True if and only if all email traffic should be routed through this SMTP Server | [optional] 
-**Host** | **string** | The address of the SMTP Server | [optional] 
-**Port** | **int** | The port number of the SMTP Server | [optional] 
-**Username** | **string** | The username to use with your SMTP Server | [optional] 
+**Alias** | **string** | Human-readable name for your SMTP server | [optional] 
+**Enabled** | **bool** | If &#x60;true&#x60;, routes all email traffic through your SMTP server | [optional] 
+**Host** | **string** | Hostname or IP address of your SMTP server | [optional] 
+**Port** | **int** | Port number of your SMTP server | [optional] 
+**Username** | **string** | Username used to access your SMTP server | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/BasicAuthApplication.md b/docs/BasicAuthApplication.md
index 0b3f95314..a5ed9c682 100644
--- a/docs/BasicAuthApplication.md
+++ b/docs/BasicAuthApplication.md
@@ -5,21 +5,21 @@
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **Accessibility** | [**ApplicationAccessibility**](ApplicationAccessibility.md) |  | [optional] 
-**Created** | **DateTimeOffset** |  | [optional] [readonly] 
-**Features** | **List&lt;string&gt;** |  | [optional] 
-**Id** | **string** |  | [optional] [readonly] 
-**Label** | **string** |  | [optional] 
-**LastUpdated** | **DateTimeOffset** |  | [optional] [readonly] 
+**Created** | **DateTimeOffset** | Timestamp when the Application object was created | [optional] [readonly] 
+**Features** | **List&lt;string&gt;** | Enabled app features | [optional] 
+**Id** | **string** | Unique ID for the app instance | [optional] [readonly] 
+**Label** | **string** | User-defined display name for app | 
+**LastUpdated** | **DateTimeOffset** | Timestamp when the Application object was last updated | [optional] [readonly] 
 **Licensing** | [**ApplicationLicensing**](ApplicationLicensing.md) |  | [optional] 
-**Profile** | **Dictionary&lt;string, Object&gt;** |  | [optional] 
-**SignOnMode** | [**ApplicationSignOnMode**](ApplicationSignOnMode.md) |  | [optional] 
+**Profile** | **Dictionary&lt;string, Object&gt;** | Contains any valid JSON schema for specifying properties that can be referenced from a request (only available to OAuth 2.0 client apps) | [optional] 
+**SignOnMode** | [**ApplicationSignOnMode**](ApplicationSignOnMode.md) |  | 
 **Status** | [**ApplicationLifecycleStatus**](ApplicationLifecycleStatus.md) |  | [optional] 
 **Visibility** | [**ApplicationVisibility**](ApplicationVisibility.md) |  | [optional] 
 **Embedded** | **Dictionary&lt;string, Object&gt;** |  | [optional] [readonly] 
 **Links** | [**ApplicationLinks**](ApplicationLinks.md) |  | [optional] 
 **Credentials** | [**SchemeApplicationCredentials**](SchemeApplicationCredentials.md) |  | [optional] 
-**Name** | **string** |  | [optional] [default to "template_basic_auth"]
-**Settings** | [**BasicApplicationSettings**](BasicApplicationSettings.md) |  | [optional] 
+**Name** | **string** | &#x60;template_basic_auth&#x60; is the key name for a basic authentication scheme app instance | 
+**Settings** | [**BasicApplicationSettings**](BasicApplicationSettings.md) |  | 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/BindingMethod.md b/docs/BindingMethod.md
new file mode 100644
index 000000000..5ccacc5cc
--- /dev/null
+++ b/docs/BindingMethod.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.BindingMethod
+The method used to bind the out-of-band channel with the primary channel.
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/BookmarkApplication.md b/docs/BookmarkApplication.md
index 7fff7c56d..fe73539e4 100644
--- a/docs/BookmarkApplication.md
+++ b/docs/BookmarkApplication.md
@@ -5,21 +5,21 @@
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **Accessibility** | [**ApplicationAccessibility**](ApplicationAccessibility.md) |  | [optional] 
-**Created** | **DateTimeOffset** |  | [optional] [readonly] 
-**Features** | **List&lt;string&gt;** |  | [optional] 
-**Id** | **string** |  | [optional] [readonly] 
-**Label** | **string** |  | [optional] 
-**LastUpdated** | **DateTimeOffset** |  | [optional] [readonly] 
+**Created** | **DateTimeOffset** | Timestamp when the Application object was created | [optional] [readonly] 
+**Features** | **List&lt;string&gt;** | Enabled app features | [optional] 
+**Id** | **string** | Unique ID for the app instance | [optional] [readonly] 
+**Label** | **string** | User-defined display name for app | 
+**LastUpdated** | **DateTimeOffset** | Timestamp when the Application object was last updated | [optional] [readonly] 
 **Licensing** | [**ApplicationLicensing**](ApplicationLicensing.md) |  | [optional] 
-**Profile** | **Dictionary&lt;string, Object&gt;** |  | [optional] 
-**SignOnMode** | [**ApplicationSignOnMode**](ApplicationSignOnMode.md) |  | [optional] 
+**Profile** | **Dictionary&lt;string, Object&gt;** | Contains any valid JSON schema for specifying properties that can be referenced from a request (only available to OAuth 2.0 client apps) | [optional] 
+**SignOnMode** | [**ApplicationSignOnMode**](ApplicationSignOnMode.md) |  | 
 **Status** | [**ApplicationLifecycleStatus**](ApplicationLifecycleStatus.md) |  | [optional] 
 **Visibility** | [**ApplicationVisibility**](ApplicationVisibility.md) |  | [optional] 
 **Embedded** | **Dictionary&lt;string, Object&gt;** |  | [optional] [readonly] 
 **Links** | [**ApplicationLinks**](ApplicationLinks.md) |  | [optional] 
 **Credentials** | [**ApplicationCredentials**](ApplicationCredentials.md) |  | [optional] 
-**Name** | **string** |  | [optional] [default to "bookmark"]
-**Settings** | [**BookmarkApplicationSettings**](BookmarkApplicationSettings.md) |  | [optional] 
+**Name** | **string** | &#x60;bookmark&#x60; is the key name for a Bookmark app | 
+**Settings** | [**BookmarkApplicationSettings**](BookmarkApplicationSettings.md) |  | 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/Brand.md b/docs/Brand.md
index 72da2a54d..9f3e11b7d 100644
--- a/docs/Brand.md
+++ b/docs/Brand.md
@@ -4,15 +4,15 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**AgreeToCustomPrivacyPolicy** | **bool** |  | [optional] 
-**CustomPrivacyPolicyUrl** | **string** |  | [optional] 
+**AgreeToCustomPrivacyPolicy** | **bool** | Consent for updating the custom privacy URL. Not required when resetting the URL. | [optional] 
+**CustomPrivacyPolicyUrl** | **string** | Custom privacy policy URL | [optional] 
 **DefaultApp** | [**DefaultApp**](DefaultApp.md) |  | [optional] 
-**EmailDomainId** | **string** |  | [optional] 
-**Id** | **string** |  | [optional] [readonly] 
-**IsDefault** | **bool** |  | [optional] [readonly] 
+**EmailDomainId** | **string** | The ID of the email domain | [optional] 
+**Id** | **string** | The Brand ID | [optional] [readonly] 
+**IsDefault** | **bool** | If &#x60;true&#x60;, the Brand is used for the Okta subdomain | [optional] [readonly] 
 **Locale** | **string** | The language specified as an [IETF BCP 47 language tag](https://datatracker.ietf.org/doc/html/rfc5646) | [optional] 
-**Name** | **string** |  | [optional] 
-**RemovePoweredByOkta** | **bool** |  | [optional] 
+**Name** | **string** | The name of the Brand | [optional] 
+**RemovePoweredByOkta** | **bool** | Removes \&quot;Powered by Okta\&quot; from the sign-in page in redirect authentication deployments, and \&quot;© [current year] Okta, Inc.\&quot; from the Okta End-User Dashboard | [optional] [default to false]
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/BrandRequest.md b/docs/BrandRequest.md
index ff3d66557..af45e21fc 100644
--- a/docs/BrandRequest.md
+++ b/docs/BrandRequest.md
@@ -4,13 +4,13 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**AgreeToCustomPrivacyPolicy** | **bool** |  | [optional] 
-**CustomPrivacyPolicyUrl** | **string** |  | [optional] 
+**AgreeToCustomPrivacyPolicy** | **bool** | Consent for updating the custom privacy URL. Not required when resetting the URL. | [optional] 
+**CustomPrivacyPolicyUrl** | **string** | Custom privacy policy URL | [optional] 
 **DefaultApp** | [**DefaultApp**](DefaultApp.md) |  | [optional] 
-**EmailDomainId** | **string** |  | [optional] 
+**EmailDomainId** | **string** | The ID of the email domain | [optional] 
 **Locale** | **string** | The language specified as an [IETF BCP 47 language tag](https://datatracker.ietf.org/doc/html/rfc5646) | [optional] 
-**Name** | **string** |  | [optional] 
-**RemovePoweredByOkta** | **bool** |  | [optional] 
+**Name** | **string** | The name of the Brand | 
+**RemovePoweredByOkta** | **bool** | Removes \&quot;Powered by Okta\&quot; from the sign-in page in redirect authentication deployments, and \&quot;© [current year] Okta, Inc.\&quot; from the Okta End-User Dashboard | [optional] [default to false]
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/BrandWithEmbedded.md b/docs/BrandWithEmbedded.md
index 43cb5d02e..bd1385734 100644
--- a/docs/BrandWithEmbedded.md
+++ b/docs/BrandWithEmbedded.md
@@ -6,15 +6,15 @@ Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **Embedded** | **Object** |  | [optional] [readonly] 
 **Links** | [**LinksSelf**](LinksSelf.md) |  | [optional] 
-**AgreeToCustomPrivacyPolicy** | **bool** |  | [optional] 
-**CustomPrivacyPolicyUrl** | **string** |  | [optional] 
+**AgreeToCustomPrivacyPolicy** | **bool** | Consent for updating the custom privacy URL. Not required when resetting the URL. | [optional] 
+**CustomPrivacyPolicyUrl** | **string** | Custom privacy policy URL | [optional] 
 **DefaultApp** | [**DefaultApp**](DefaultApp.md) |  | [optional] 
-**EmailDomainId** | **string** |  | [optional] 
-**Id** | **string** |  | [optional] [readonly] 
-**IsDefault** | **bool** |  | [optional] [readonly] 
+**EmailDomainId** | **string** | The ID of the email domain | [optional] 
+**Id** | **string** | The Brand ID | [optional] [readonly] 
+**IsDefault** | **bool** | If &#x60;true&#x60;, the Brand is used for the Okta subdomain | [optional] [readonly] 
 **Locale** | **string** | The language specified as an [IETF BCP 47 language tag](https://datatracker.ietf.org/doc/html/rfc5646) | [optional] 
-**Name** | **string** |  | [optional] 
-**RemovePoweredByOkta** | **bool** |  | [optional] 
+**Name** | **string** | The name of the Brand | [optional] 
+**RemovePoweredByOkta** | **bool** | Removes \&quot;Powered by Okta\&quot; from the sign-in page in redirect authentication deployments, and \&quot;© [current year] Okta, Inc.\&quot; from the Okta End-User Dashboard | [optional] [default to false]
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/BrowserPluginApplication.md b/docs/BrowserPluginApplication.md
index 1365c514b..9481440f9 100644
--- a/docs/BrowserPluginApplication.md
+++ b/docs/BrowserPluginApplication.md
@@ -5,21 +5,21 @@
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **Accessibility** | [**ApplicationAccessibility**](ApplicationAccessibility.md) |  | [optional] 
-**Created** | **DateTimeOffset** |  | [optional] [readonly] 
-**Features** | **List&lt;string&gt;** |  | [optional] 
-**Id** | **string** |  | [optional] [readonly] 
-**Label** | **string** |  | [optional] 
-**LastUpdated** | **DateTimeOffset** |  | [optional] [readonly] 
+**Created** | **DateTimeOffset** | Timestamp when the Application object was created | [optional] [readonly] 
+**Features** | **List&lt;string&gt;** | Enabled app features | [optional] 
+**Id** | **string** | Unique ID for the app instance | [optional] [readonly] 
+**Label** | **string** | User-defined display name for app | 
+**LastUpdated** | **DateTimeOffset** | Timestamp when the Application object was last updated | [optional] [readonly] 
 **Licensing** | [**ApplicationLicensing**](ApplicationLicensing.md) |  | [optional] 
-**Profile** | **Dictionary&lt;string, Object&gt;** |  | [optional] 
-**SignOnMode** | [**ApplicationSignOnMode**](ApplicationSignOnMode.md) |  | [optional] 
+**Profile** | **Dictionary&lt;string, Object&gt;** | Contains any valid JSON schema for specifying properties that can be referenced from a request (only available to OAuth 2.0 client apps) | [optional] 
+**SignOnMode** | [**ApplicationSignOnMode**](ApplicationSignOnMode.md) |  | 
 **Status** | [**ApplicationLifecycleStatus**](ApplicationLifecycleStatus.md) |  | [optional] 
 **Visibility** | [**ApplicationVisibility**](ApplicationVisibility.md) |  | [optional] 
 **Embedded** | **Dictionary&lt;string, Object&gt;** |  | [optional] [readonly] 
 **Links** | [**ApplicationLinks**](ApplicationLinks.md) |  | [optional] 
 **Credentials** | [**SchemeApplicationCredentials**](SchemeApplicationCredentials.md) |  | [optional] 
-**Name** | **string** |  | [optional] 
-**Settings** | [**SwaApplicationSettings**](SwaApplicationSettings.md) |  | [optional] 
+**Name** | **string** | The key name for the app definition | 
+**Settings** | [**SwaApplicationSettings**](SwaApplicationSettings.md) |  | 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/BundleEntitlement.md b/docs/BundleEntitlement.md
new file mode 100644
index 000000000..351762bad
--- /dev/null
+++ b/docs/BundleEntitlement.md
@@ -0,0 +1,14 @@
+# Okta.Sdk.Model.BundleEntitlement
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Description** | **string** |  | [optional] 
+**Id** | **string** |  | [optional] 
+**Name** | **string** |  | [optional] 
+**Role** | **string** |  | [optional] 
+**Links** | [**BundleEntitlementLinks**](BundleEntitlementLinks.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/BundleEntitlementLinks.md b/docs/BundleEntitlementLinks.md
new file mode 100644
index 000000000..099907c91
--- /dev/null
+++ b/docs/BundleEntitlementLinks.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.BundleEntitlementLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Values** | [**HrefObject**](HrefObject.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/BundleEntitlementsResponse.md b/docs/BundleEntitlementsResponse.md
new file mode 100644
index 000000000..e537348d4
--- /dev/null
+++ b/docs/BundleEntitlementsResponse.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.BundleEntitlementsResponse
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Entitlements** | [**List&lt;BundleEntitlement&gt;**](BundleEntitlement.md) |  | [optional] 
+**Links** | [**BundleEntitlementsResponseLinks**](BundleEntitlementsResponseLinks.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/BundleEntitlementsResponseLinks.md b/docs/BundleEntitlementsResponseLinks.md
new file mode 100644
index 000000000..fd8cff784
--- /dev/null
+++ b/docs/BundleEntitlementsResponseLinks.md
@@ -0,0 +1,12 @@
+# Okta.Sdk.Model.BundleEntitlementsResponseLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | [**HrefObjectSelfLink**](HrefObjectSelfLink.md) |  | [optional] 
+**Next** | [**HrefObject**](HrefObject.md) |  | [optional] 
+**Bundle** | [**HrefObject**](HrefObject.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/BundleEntitlementsResponseLinksAnyOf.md b/docs/BundleEntitlementsResponseLinksAnyOf.md
new file mode 100644
index 000000000..61e3ea614
--- /dev/null
+++ b/docs/BundleEntitlementsResponseLinksAnyOf.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.BundleEntitlementsResponseLinksAnyOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Bundle** | [**HrefObject**](HrefObject.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/CaepDeviceComplianceChangeEvent.md b/docs/CaepDeviceComplianceChangeEvent.md
new file mode 100644
index 000000000..7d679fa7b
--- /dev/null
+++ b/docs/CaepDeviceComplianceChangeEvent.md
@@ -0,0 +1,17 @@
+# Okta.Sdk.Model.CaepDeviceComplianceChangeEvent
+The subject's device compliance was revoked
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**CurrentStatus** | **string** | Current device compliance status | 
+**EventTimestamp** | **long** | The time of the event (UNIX timestamp) | 
+**InitiatingEntity** | **string** | The entity that initiated the event | [optional] 
+**PreviousStatus** | **string** | Previous device compliance status | 
+**ReasonAdmin** | [**CaepDeviceComplianceChangeEventReasonAdmin**](CaepDeviceComplianceChangeEventReasonAdmin.md) |  | [optional] 
+**ReasonUser** | [**CaepDeviceComplianceChangeEventReasonUser**](CaepDeviceComplianceChangeEventReasonUser.md) |  | [optional] 
+**Subjects** | [**SecurityEventSubject**](.md) |  | 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/CaepDeviceComplianceChangeEventReasonAdmin.md b/docs/CaepDeviceComplianceChangeEventReasonAdmin.md
new file mode 100644
index 000000000..f9d432974
--- /dev/null
+++ b/docs/CaepDeviceComplianceChangeEventReasonAdmin.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.CaepDeviceComplianceChangeEventReasonAdmin
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**En** | **string** | The event reason in English | 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/CaepDeviceComplianceChangeEventReasonUser.md b/docs/CaepDeviceComplianceChangeEventReasonUser.md
new file mode 100644
index 000000000..25b4f290f
--- /dev/null
+++ b/docs/CaepDeviceComplianceChangeEventReasonUser.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.CaepDeviceComplianceChangeEventReasonUser
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**En** | **string** | The event reason in English | 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/CaepSecurityEvent.md b/docs/CaepSecurityEvent.md
new file mode 100644
index 000000000..d0af4a59d
--- /dev/null
+++ b/docs/CaepSecurityEvent.md
@@ -0,0 +1,14 @@
+# Okta.Sdk.Model.CaepSecurityEvent
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**EventTimestamp** | **long** | The time of the event (UNIX timestamp) | 
+**InitiatingEntity** | **string** | The entity that initiated the event | [optional] 
+**ReasonAdmin** | [**CaepDeviceComplianceChangeEventReasonAdmin**](CaepDeviceComplianceChangeEventReasonAdmin.md) |  | [optional] 
+**ReasonUser** | [**CaepDeviceComplianceChangeEventReasonUser**](CaepDeviceComplianceChangeEventReasonUser.md) |  | [optional] 
+**Subjects** | [**SecurityEventSubject**](.md) |  | 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/CaepSessionRevokedEvent.md b/docs/CaepSessionRevokedEvent.md
new file mode 100644
index 000000000..68a856445
--- /dev/null
+++ b/docs/CaepSessionRevokedEvent.md
@@ -0,0 +1,19 @@
+# Okta.Sdk.Model.CaepSessionRevokedEvent
+The session of the subject was revoked
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**CurrentIp** | **string** | Current IP of the session | [optional] 
+**CurrentUserAgent** | **string** | Current User Agent of the session | [optional] 
+**EventTimestamp** | **long** | The time of the event (UNIX timestamp) | 
+**InitiatingEntity** | **string** | The entity that initiated the event | [optional] 
+**LastKnownIp** | **string** | Last known IP of the session | [optional] 
+**LastKnownUserAgent** | **string** | Last known User Agent of the session | [optional] 
+**ReasonAdmin** | [**CaepDeviceComplianceChangeEventReasonAdmin**](CaepDeviceComplianceChangeEventReasonAdmin.md) |  | [optional] 
+**ReasonUser** | [**CaepDeviceComplianceChangeEventReasonUser**](CaepDeviceComplianceChangeEventReasonUser.md) |  | [optional] 
+**Subjects** | [**SecurityEventSubject**](.md) |  | 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/Call.md b/docs/Call.md
new file mode 100644
index 000000000..cf34cb8ce
--- /dev/null
+++ b/docs/Call.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.Call
+Attempts to activate a `call` Factor with the specified passcode.
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**PassCode** | **string** | OTP for the current time window | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/Call1.md b/docs/Call1.md
new file mode 100644
index 000000000..9b19093e5
--- /dev/null
+++ b/docs/Call1.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.Call1
+Verifies an OTP sent by a `call` Factor challenge. If you omit `passCode` in the request, a new OTP is sent to the phone.
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**PassCode** | **string** | OTP for the current time window | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/CapabilitiesImportRulesObject.md b/docs/CapabilitiesImportRulesObject.md
new file mode 100644
index 000000000..9743dd35b
--- /dev/null
+++ b/docs/CapabilitiesImportRulesObject.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.CapabilitiesImportRulesObject
+Defines user import rules
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**UserCreateAndMatch** | [**CapabilitiesImportRulesUserCreateAndMatchObject**](CapabilitiesImportRulesUserCreateAndMatchObject.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/CapabilitiesImportRulesUserCreateAndMatchObject.md b/docs/CapabilitiesImportRulesUserCreateAndMatchObject.md
new file mode 100644
index 000000000..f02008afe
--- /dev/null
+++ b/docs/CapabilitiesImportRulesUserCreateAndMatchObject.md
@@ -0,0 +1,16 @@
+# Okta.Sdk.Model.CapabilitiesImportRulesUserCreateAndMatchObject
+Rules for matching and creating users
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AllowPartialMatch** | **bool** | Allows user import upon partial matching. Partial matching occurs when the first and last names of an imported user match those of an existing Okta user, even if the username or email attributes don&#39;t match. | [optional] 
+**AutoActivateNewUsers** | **bool** | If set to &#x60;true&#x60;, imported new users are automatically activated. | [optional] 
+**AutoConfirmExactMatch** | **bool** | If set to &#x60;true&#x60;, exact-matched users are automatically confirmed on activation. If set to &#x60;false&#x60;, exact-matched users need to be confirmed manually. | [optional] 
+**AutoConfirmNewUsers** | **bool** | If set to &#x60;true&#x60;, imported new users are automatically confirmed on activation. This doesn&#39;t apply to imported users that already exist in Okta. | [optional] 
+**AutoConfirmPartialMatch** | **bool** | If set to &#x60;true&#x60;, partially matched users are automatically confirmed on activation. If set to &#x60;false&#x60;, partially matched users need to be confirmed manually. | [optional] 
+**ExactMatchCriteria** | **string** | Determines the attribute to match users | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/CapabilitiesImportSettingsObject.md b/docs/CapabilitiesImportSettingsObject.md
new file mode 100644
index 000000000..f02663247
--- /dev/null
+++ b/docs/CapabilitiesImportSettingsObject.md
@@ -0,0 +1,12 @@
+# Okta.Sdk.Model.CapabilitiesImportSettingsObject
+Defines import settings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Schedule** | [**ImportScheduleObject**](ImportScheduleObject.md) |  | [optional] 
+**Username** | [**ImportUsernameObject**](ImportUsernameObject.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/CapabilitiesInboundProvisioningObject.md b/docs/CapabilitiesInboundProvisioningObject.md
new file mode 100644
index 000000000..ebe54debe
--- /dev/null
+++ b/docs/CapabilitiesInboundProvisioningObject.md
@@ -0,0 +1,12 @@
+# Okta.Sdk.Model.CapabilitiesInboundProvisioningObject
+Defines the configuration for the INBOUND_PROVISIONING feature
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ImportRules** | [**CapabilitiesImportRulesObject**](CapabilitiesImportRulesObject.md) |  | 
+**ImportSettings** | [**CapabilitiesImportSettingsObject**](CapabilitiesImportSettingsObject.md) |  | 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/CapabilitiesObject.md b/docs/CapabilitiesObject.md
index 6579f6a30..d77a47d43 100644
--- a/docs/CapabilitiesObject.md
+++ b/docs/CapabilitiesObject.md
@@ -1,5 +1,5 @@
 # Okta.Sdk.Model.CapabilitiesObject
-Defines the configurations related to an application feature
+Defines the configurations for the USER_PROVISIONING feature
 
 ## Properties
 
diff --git a/docs/ChallengeType.md b/docs/ChallengeType.md
new file mode 100644
index 000000000..9c9c2e19d
--- /dev/null
+++ b/docs/ChallengeType.md
@@ -0,0 +1,9 @@
+# Okta.Sdk.Model.ChallengeType
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/Channel.md b/docs/Channel.md
new file mode 100644
index 000000000..cf4e2e88c
--- /dev/null
+++ b/docs/Channel.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.Channel
+The out-of-band channel for use with authentication. Required for all `/oob-authenticate` requests and any `/challenge` request with an out-of-band authenticator.
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/ClientPrivilegesSetting.md b/docs/ClientPrivilegesSetting.md
new file mode 100644
index 000000000..91728d52b
--- /dev/null
+++ b/docs/ClientPrivilegesSetting.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.ClientPrivilegesSetting
+The org setting that assigns the super admin role by default to a public client app
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**_ClientPrivilegesSetting** | **bool** |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/CodeChallengeMethod.md b/docs/CodeChallengeMethod.md
new file mode 100644
index 000000000..f06d04339
--- /dev/null
+++ b/docs/CodeChallengeMethod.md
@@ -0,0 +1,9 @@
+# Okta.Sdk.Model.CodeChallengeMethod
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/Conditions.md b/docs/Conditions.md
new file mode 100644
index 000000000..d5b0763bb
--- /dev/null
+++ b/docs/Conditions.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.Conditions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Expression** | [**Expression**](Expression.md) |  | [optional] 
+**ProfileSourceId** | **string** |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/ContinuousAccessFailureActionsObject.md b/docs/ContinuousAccessFailureActionsObject.md
new file mode 100644
index 000000000..d825fb1b6
--- /dev/null
+++ b/docs/ContinuousAccessFailureActionsObject.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.ContinuousAccessFailureActionsObject
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Action** | **string** |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/ContinuousAccessPolicy.md b/docs/ContinuousAccessPolicy.md
new file mode 100644
index 000000000..688145080
--- /dev/null
+++ b/docs/ContinuousAccessPolicy.md
@@ -0,0 +1,21 @@
+# Okta.Sdk.Model.ContinuousAccessPolicy
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | **DateTimeOffset** | Timestamp when the Policy was created | [optional] [readonly] 
+**Description** | **string** | Policy description | [optional] 
+**Id** | **string** | Policy ID | [optional] [readonly] 
+**LastUpdated** | **DateTimeOffset** | Timestamp when the Policy was last updated | [optional] [readonly] 
+**Name** | **string** | Policy name | [optional] 
+**Priority** | **int** | Specifies the order in which this Policy is evaluated in relation to the other policies | [optional] 
+**Status** | [**LifecycleStatus**](LifecycleStatus.md) |  | [optional] 
+**System** | **bool** | Specifies whether Okta created the Policy | [optional] 
+**Type** | [**PolicyType**](PolicyType.md) |  | [optional] 
+**Embedded** | **Dictionary&lt;string, Object&gt;** |  | [optional] [readonly] 
+**Links** | [**PolicyLinks**](PolicyLinks.md) |  | [optional] 
+**Conditions** | **string** | Policy conditions aren&#39;t supported for this policy type. | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/ContinuousAccessPolicyRule.md b/docs/ContinuousAccessPolicyRule.md
new file mode 100644
index 000000000..fc687af0f
--- /dev/null
+++ b/docs/ContinuousAccessPolicyRule.md
@@ -0,0 +1,19 @@
+# Okta.Sdk.Model.ContinuousAccessPolicyRule
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | **DateTimeOffset?** | Timestamp when the rule was created | [optional] [readonly] 
+**Id** | **string** | Identifier for the rule | [optional] 
+**LastUpdated** | **DateTimeOffset?** | Timestamp when the rule was last modified | [optional] [readonly] 
+**Name** | **string** | Name of the rule | [optional] 
+**Priority** | **int** | Priority of the rule | [optional] 
+**Status** | [**LifecycleStatus**](LifecycleStatus.md) |  | [optional] 
+**System** | **bool** | Specifies whether Okta created the Policy Rule (&#x60;system&#x3D;true&#x60;). You can&#39;t delete Policy Rules that have &#x60;system&#x60; set to &#x60;true&#x60;. | [optional] [default to false]
+**Type** | [**PolicyRuleType**](PolicyRuleType.md) |  | [optional] 
+**Actions** | [**ContinuousAccessPolicyRuleAllOfActions**](ContinuousAccessPolicyRuleAllOfActions.md) |  | [optional] 
+**Conditions** | [**ContinuousAccessPolicyRuleAllOfConditions**](ContinuousAccessPolicyRuleAllOfConditions.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/ContinuousAccessPolicyRuleAllOfActions.md b/docs/ContinuousAccessPolicyRuleAllOfActions.md
new file mode 100644
index 000000000..0be250389
--- /dev/null
+++ b/docs/ContinuousAccessPolicyRuleAllOfActions.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.ContinuousAccessPolicyRuleAllOfActions
+The action to take in response to a failure of the reevaluated global session policy or authentication polices.
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ContinuousAccess** | [**ContinuousAccessPolicyRuleAllOfActionsContinuousAccess**](ContinuousAccessPolicyRuleAllOfActionsContinuousAccess.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/ContinuousAccessPolicyRuleAllOfActionsContinuousAccess.md b/docs/ContinuousAccessPolicyRuleAllOfActionsContinuousAccess.md
new file mode 100644
index 000000000..941113a5c
--- /dev/null
+++ b/docs/ContinuousAccessPolicyRuleAllOfActionsContinuousAccess.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.ContinuousAccessPolicyRuleAllOfActionsContinuousAccess
+This object contains a `failureActions` array that defines the specific action to take when Continuous Access evaluation detects a failure.
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**FailureActions** | [**List&lt;ContinuousAccessFailureActionsObject&gt;**](ContinuousAccessFailureActionsObject.md) | An array of objects that define the action. It can be empty or contain two &#x60;action&#x60; value pairs. | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/ContinuousAccessPolicyRuleAllOfConditions.md b/docs/ContinuousAccessPolicyRuleAllOfConditions.md
new file mode 100644
index 000000000..56c3da2c4
--- /dev/null
+++ b/docs/ContinuousAccessPolicyRuleAllOfConditions.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.ContinuousAccessPolicyRuleAllOfConditions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**People** | [**PolicyPeopleCondition**](PolicyPeopleCondition.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/ContinuousAccessPolicyRuleRunWorkflow.md b/docs/ContinuousAccessPolicyRuleRunWorkflow.md
new file mode 100644
index 000000000..6795dbfd0
--- /dev/null
+++ b/docs/ContinuousAccessPolicyRuleRunWorkflow.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.ContinuousAccessPolicyRuleRunWorkflow
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Action** | **string** |  | [optional] 
+**Workflow** | [**ContinuousAccessPolicyRuleRunWorkflowWorkflow**](ContinuousAccessPolicyRuleRunWorkflowWorkflow.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/ContinuousAccessPolicyRuleRunWorkflowWorkflow.md b/docs/ContinuousAccessPolicyRuleRunWorkflowWorkflow.md
new file mode 100644
index 000000000..61fe2c136
--- /dev/null
+++ b/docs/ContinuousAccessPolicyRuleRunWorkflowWorkflow.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.ContinuousAccessPolicyRuleRunWorkflowWorkflow
+This action runs a workflow
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | **int** | The &#x60;id&#x60; of the workflow that runs. | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/ContinuousAccessPolicyRuleTerminateSession.md b/docs/ContinuousAccessPolicyRuleTerminateSession.md
new file mode 100644
index 000000000..d4112d75a
--- /dev/null
+++ b/docs/ContinuousAccessPolicyRuleTerminateSession.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.ContinuousAccessPolicyRuleTerminateSession
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Action** | **string** | The action to take when Continuous Access evaluation detects a failure. | [optional] 
+**Slo** | [**ContinuousAccessPolicyRuleTerminateSessionSlo**](ContinuousAccessPolicyRuleTerminateSessionSlo.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/ContinuousAccessPolicyRuleTerminateSessionSlo.md b/docs/ContinuousAccessPolicyRuleTerminateSessionSlo.md
new file mode 100644
index 000000000..51fd8af75
--- /dev/null
+++ b/docs/ContinuousAccessPolicyRuleTerminateSessionSlo.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.ContinuousAccessPolicyRuleTerminateSessionSlo
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AppSelectionMode** | **string** | This property defines the session to terminate - everyone, no one, or a specific app instance. | [optional] 
+**AppInstanceIds** | **List&lt;string&gt;** | This property defines the app instance access to terminate. Only include this property when &#x60;appSelectionMode&#x60; is set to &#x60;SPECIFIC&#x60;. | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/CreateBrandRequest.md b/docs/CreateBrandRequest.md
index 3a7ba386d..5a947a2a5 100644
--- a/docs/CreateBrandRequest.md
+++ b/docs/CreateBrandRequest.md
@@ -4,7 +4,7 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Name** | **string** |  | 
+**Name** | **string** | The name of the Brand | 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/CreateIamRoleRequest.md b/docs/CreateIamRoleRequest.md
index ca1732fa4..311d804dc 100644
--- a/docs/CreateIamRoleRequest.md
+++ b/docs/CreateIamRoleRequest.md
@@ -6,7 +6,7 @@ Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **Description** | **string** | Description of the role | 
 **Label** | **string** | Unique label for the role | 
-**Permissions** | [**List&lt;RolePermissionType&gt;**](RolePermissionType.md) | Array of permissions that the role will grant. See [Permission Types](https://developer.okta.com/docs/concepts/role-assignment/#permission-types). | 
+**Permissions** | [**List&lt;RolePermissionType&gt;**](RolePermissionType.md) | Array of permissions that the role will grant. See [Permissions](/openapi/okta-management/guides/roles/#permission). | 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/CreateRealmAssignmentRequest.md b/docs/CreateRealmAssignmentRequest.md
new file mode 100644
index 000000000..25f0a5fbf
--- /dev/null
+++ b/docs/CreateRealmAssignmentRequest.md
@@ -0,0 +1,13 @@
+# Okta.Sdk.Model.CreateRealmAssignmentRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Actions** | [**Actions**](Actions.md) |  | [optional] 
+**Conditions** | [**Conditions**](Conditions.md) |  | [optional] 
+**Name** | **string** |  | [optional] 
+**Priority** | **int** |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/CreateRealmRequest.md b/docs/CreateRealmRequest.md
new file mode 100644
index 000000000..07e93fb51
--- /dev/null
+++ b/docs/CreateRealmRequest.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.CreateRealmRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Profile** | [**RealmProfile**](RealmProfile.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/CreateResourceSetRequest.md b/docs/CreateResourceSetRequest.md
index 502925995..e9f14ddc8 100644
--- a/docs/CreateResourceSetRequest.md
+++ b/docs/CreateResourceSetRequest.md
@@ -5,8 +5,8 @@
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **Description** | **string** | Description of the Resource Set | [optional] 
-**Label** | **string** | Unique label for the Resource Set | [optional] 
-**Resources** | **List&lt;string&gt;** |  | [optional] 
+**Label** | **string** | Unique name for the Resource Set | [optional] 
+**Resources** | **List&lt;string&gt;** | The endpoint (URL) that references all resource objects included in the Resource Set. Resources are identified by either an Okta Resource Name (ORN) or by a REST URL format. See [Okta Resource Name](/openapi/okta-management/guides/roles/#okta-resource-name-orn). | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/CreateUISchema.md b/docs/CreateUISchema.md
index 5bcec2175..0929d982c 100644
--- a/docs/CreateUISchema.md
+++ b/docs/CreateUISchema.md
@@ -5,7 +5,7 @@ The request body properties for the new UI Schema
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**UiSchema** | [**UISchemaObject**](.md) |  | [optional] 
+**UiSchema** | [**UISchemaObject**](UISchemaObject.md) |  | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/CreateUserRequest.md b/docs/CreateUserRequest.md
index 8ea2401b6..cfd0a7de2 100644
--- a/docs/CreateUserRequest.md
+++ b/docs/CreateUserRequest.md
@@ -7,8 +7,8 @@ Name | Type | Description | Notes
 **Credentials** | [**UserCredentials**](UserCredentials.md) |  | [optional] 
 **GroupIds** | **List&lt;string&gt;** |  | [optional] 
 **Profile** | [**UserProfile**](UserProfile.md) |  | 
-**RealmId** | **string** | The ID of the realm in which the user is residing | [optional] 
-**Type** | [**UserType**](UserType.md) |  | [optional] 
+**RealmId** | **string** | &lt;div class&#x3D;\&quot;x-lifecycle-container\&quot;&gt;&lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt;&lt;/div&gt;The ID of the Realm in which the user is residing | [optional] 
+**Type** | [**CreateUserRequestType**](CreateUserRequestType.md) |  | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/CreateUserRequestType.md b/docs/CreateUserRequestType.md
new file mode 100644
index 000000000..aa18f89c4
--- /dev/null
+++ b/docs/CreateUserRequestType.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.CreateUserRequestType
+The ID of the user type. Add this value if you want to create a user with a non-default [user type](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/UserType/). The user type determines which [schema](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Schema/) applies to that user. After a user has been created, the user can  only be assigned a different user type by an administrator through a full replacement (`PUT`) operation.
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | **string** | The ID of the user type | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/CredentialSyncState.md b/docs/CredentialSyncState.md
new file mode 100644
index 000000000..8e2595f21
--- /dev/null
+++ b/docs/CredentialSyncState.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.CredentialSyncState
+Current credential sync status of the privileged resource
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/Csr.md b/docs/Csr.md
index 60e49d74b..f43f46eab 100644
--- a/docs/Csr.md
+++ b/docs/Csr.md
@@ -4,7 +4,7 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Created** | **DateTimeOffset** |  | [optional] [readonly] 
+**Created** | **DateTimeOffset** | Timestamp when the object was created | [optional] [readonly] 
 **_Csr** | **string** |  | [optional] [readonly] 
 **Id** | **string** |  | [optional] [readonly] 
 **Kty** | **string** |  | [optional] [readonly] 
diff --git a/docs/CustomAppUserVerificationEnum.md b/docs/CustomAppUserVerificationEnum.md
new file mode 100644
index 000000000..4c7c83bc1
--- /dev/null
+++ b/docs/CustomAppUserVerificationEnum.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.CustomAppUserVerificationEnum
+User verification setting
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/CustomRoleAssignmentSchema.md b/docs/CustomRoleAssignmentSchema.md
new file mode 100644
index 000000000..0e5683a6b
--- /dev/null
+++ b/docs/CustomRoleAssignmentSchema.md
@@ -0,0 +1,12 @@
+# Okta.Sdk.Model.CustomRoleAssignmentSchema
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ResourceSet** | **string** | Resource Set ID | [optional] 
+**Role** | **string** | Custom Role ID | [optional] 
+**Type** | **string** | Standard role type | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/CustomizablePage.md b/docs/CustomizablePage.md
index 1300ff8b1..0f24e2be4 100644
--- a/docs/CustomizablePage.md
+++ b/docs/CustomizablePage.md
@@ -4,7 +4,7 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**PageContent** | **string** |  | [optional] 
+**PageContent** | **string** | The HTML for the page | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/DTCChromeOS.md b/docs/DTCChromeOS.md
index ee6a95236..c751b0f44 100644
--- a/docs/DTCChromeOS.md
+++ b/docs/DTCChromeOS.md
@@ -10,10 +10,11 @@ Name | Type | Description | Notes
 **BuiltInDnsClientEnabled** | **bool** | Indicates if a software stack is used to communicate with the DNS server | [optional] 
 **ChromeRemoteDesktopAppBlocked** | **bool** | Indicates whether access to the Chrome Remote Desktop application is blocked through a policy | [optional] 
 **DeviceEnrollmentDomain** | **string** | Enrollment domain of the customer that is currently managing the device | [optional] 
-**DiskEnrypted** | **bool** | Indicates whether the main disk is encrypted | [optional] 
+**DiskEncrypted** | **bool** | Indicates whether the main disk is encrypted | [optional] 
 **KeyTrustLevel** | **KeyTrustLevelOSMode** |  | [optional] 
+**ManagedDevice** | **bool** | Indicates whether the device is enrolled in ChromeOS device management | [optional] 
 **OsFirewall** | **bool** | Indicates whether a firewall is enabled at the OS-level on the device | [optional] 
-**OsVersion** | [**OSVersion**](OSVersion.md) |  | [optional] 
+**OsVersion** | [**OSVersionFourComponents**](OSVersionFourComponents.md) |  | [optional] 
 **PasswordProtectionWarningTrigger** | **PasswordProtectionWarningTrigger** |  | [optional] 
 **RealtimeUrlCheckMode** | **bool** | Indicates whether enterprise-grade (custom) unsafe URL scanning is enabled | [optional] 
 **SafeBrowsingProtectionLevel** | **SafeBrowsingProtectionLevel** |  | [optional] 
diff --git a/docs/DTCMacOS.md b/docs/DTCMacOS.md
index 5601a1aee..d02b8194b 100644
--- a/docs/DTCMacOS.md
+++ b/docs/DTCMacOS.md
@@ -9,10 +9,10 @@ Name | Type | Description | Notes
 **BuiltInDnsClientEnabled** | **bool** | Indicates if a software stack is used to communicate with the DNS server | [optional] 
 **ChromeRemoteDesktopAppBlocked** | **bool** | Indicates whether access to the Chrome Remote Desktop application is blocked through a policy | [optional] 
 **DeviceEnrollmentDomain** | **string** | Enrollment domain of the customer that is currently managing the device | [optional] 
-**DiskEnrypted** | **bool** | Indicates whether the main disk is encrypted | [optional] 
+**DiskEncrypted** | **bool** | Indicates whether the main disk is encrypted | [optional] 
 **KeyTrustLevel** | **KeyTrustLevelBrowserKey** |  | [optional] 
 **OsFirewall** | **bool** | Indicates whether a firewall is enabled at the OS-level on the device | [optional] 
-**OsVersion** | [**OSVersion**](OSVersion.md) |  | [optional] 
+**OsVersion** | [**OSVersionThreeComponents**](OSVersionThreeComponents.md) |  | [optional] 
 **PasswordProtectionWarningTrigger** | **PasswordProtectionWarningTrigger** |  | [optional] 
 **RealtimeUrlCheckMode** | **bool** | Indicates whether enterprise-grade (custom) unsafe URL scanning is enabled | [optional] 
 **SafeBrowsingProtectionLevel** | **SafeBrowsingProtectionLevel** |  | [optional] 
diff --git a/docs/DTCWindows.md b/docs/DTCWindows.md
index 053a86a64..25a3105a0 100644
--- a/docs/DTCWindows.md
+++ b/docs/DTCWindows.md
@@ -11,10 +11,10 @@ Name | Type | Description | Notes
 **CrowdStrikeAgentId** | **string** | Agent ID of an installed CrowdStrike agent | [optional] 
 **CrowdStrikeCustomerId** | **string** | Customer ID of an installed CrowdStrike agent | [optional] 
 **DeviceEnrollmentDomain** | **string** | Enrollment domain of the customer that is currently managing the device | [optional] 
-**DiskEnrypted** | **bool** | Indicates whether the main disk is encrypted | [optional] 
+**DiskEncrypted** | **bool** | Indicates whether the main disk is encrypted | [optional] 
 **KeyTrustLevel** | **KeyTrustLevelBrowserKey** |  | [optional] 
 **OsFirewall** | **bool** | Indicates whether a firewall is enabled at the OS-level on the device | [optional] 
-**OsVersion** | [**OSVersion**](OSVersion.md) |  | [optional] 
+**OsVersion** | [**OSVersionFourComponents**](OSVersionFourComponents.md) |  | [optional] 
 **PasswordProtectionWarningTrigger** | **PasswordProtectionWarningTrigger** |  | [optional] 
 **RealtimeUrlCheckMode** | **bool** | Indicates whether enterprise-grade (custom) unsafe URL scanning is enabled | [optional] 
 **SafeBrowsingProtectionLevel** | **SafeBrowsingProtectionLevel** |  | [optional] 
diff --git a/docs/DefaultApp.md b/docs/DefaultApp.md
index 92fa229d8..dcc426ec5 100644
--- a/docs/DefaultApp.md
+++ b/docs/DefaultApp.md
@@ -4,9 +4,9 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**AppInstanceId** | **string** |  | [optional] 
-**AppLinkName** | **string** |  | [optional] 
-**ClassicApplicationUri** | **string** |  | [optional] 
+**AppInstanceId** | **string** | ID for the App instance | [optional] 
+**AppLinkName** | **string** | Name for the app instance | [optional] 
+**ClassicApplicationUri** | **string** | Application URI for classic Orgs | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/DetectedRiskEvents.md b/docs/DetectedRiskEvents.md
new file mode 100644
index 000000000..75fd14e2b
--- /dev/null
+++ b/docs/DetectedRiskEvents.md
@@ -0,0 +1,9 @@
+# Okta.Sdk.Model.DetectedRiskEvents
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/DeviceAccessPolicyRuleCondition.md b/docs/DeviceAccessPolicyRuleCondition.md
index b1e9760ba..1a0c08b5b 100644
--- a/docs/DeviceAccessPolicyRuleCondition.md
+++ b/docs/DeviceAccessPolicyRuleCondition.md
@@ -8,9 +8,9 @@ Name | Type | Description | Notes
 **Platform** | [**DevicePolicyRuleConditionPlatform**](DevicePolicyRuleConditionPlatform.md) |  | [optional] 
 **Rooted** | **bool** |  | [optional] 
 **TrustLevel** | **DevicePolicyTrustLevel** |  | [optional] 
+**Assurance** | [**DevicePolicyRuleConditionAssurance**](DevicePolicyRuleConditionAssurance.md) |  | [optional] 
 **Managed** | **bool** |  | [optional] 
 **Registered** | **bool** |  | [optional] 
-**Assurance** | [**DevicePolicyRuleConditionAssurance**](DevicePolicyRuleConditionAssurance.md) |  | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/DeviceAssurance.md b/docs/DeviceAssurance.md
index 702c959cd..209f16a5a 100644
--- a/docs/DeviceAssurance.md
+++ b/docs/DeviceAssurance.md
@@ -7,8 +7,8 @@ Name | Type | Description | Notes
 **CreatedBy** | **string** |  | [optional] [readonly] 
 **CreatedDate** | **string** |  | [optional] [readonly] 
 **Id** | **string** |  | [optional] [readonly] 
+**LastUpdate** | **string** |  | [optional] [readonly] 
 **LastUpdatedBy** | **string** |  | [optional] [readonly] 
-**LastUpdatedDate** | **string** |  | [optional] [readonly] 
 **Name** | **string** | Display name of the Device Assurance Policy | [optional] 
 **Platform** | **Platform** |  | [optional] 
 **Links** | [**LinksSelf**](LinksSelf.md) |  | [optional] 
diff --git a/docs/DeviceAssuranceAndroidPlatform.md b/docs/DeviceAssuranceAndroidPlatform.md
index a987bf5c6..2fd88a356 100644
--- a/docs/DeviceAssuranceAndroidPlatform.md
+++ b/docs/DeviceAssuranceAndroidPlatform.md
@@ -7,8 +7,8 @@ Name | Type | Description | Notes
 **CreatedBy** | **string** |  | [optional] [readonly] 
 **CreatedDate** | **string** |  | [optional] [readonly] 
 **Id** | **string** |  | [optional] [readonly] 
+**LastUpdate** | **string** |  | [optional] [readonly] 
 **LastUpdatedBy** | **string** |  | [optional] [readonly] 
-**LastUpdatedDate** | **string** |  | [optional] [readonly] 
 **Name** | **string** | Display name of the Device Assurance Policy | [optional] 
 **Platform** | [**Platform**](Platform.md) |  | [optional] 
 **Links** | [**LinksSelf**](LinksSelf.md) |  | [optional] 
diff --git a/docs/DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType.md b/docs/DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType.md
index 08bcfbead..76935c543 100644
--- a/docs/DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType.md
+++ b/docs/DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType.md
@@ -4,7 +4,7 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Include** | [**List&lt;DiskEncryptionType&gt;**](DiskEncryptionType.md) |  | [optional] 
+**Include** | [**List&lt;DiskEncryptionTypeAndroid&gt;**](DiskEncryptionTypeAndroid.md) |  | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/DeviceAssuranceChromeOSPlatform.md b/docs/DeviceAssuranceChromeOSPlatform.md
index 2d71a1f8d..d7e5da456 100644
--- a/docs/DeviceAssuranceChromeOSPlatform.md
+++ b/docs/DeviceAssuranceChromeOSPlatform.md
@@ -7,8 +7,8 @@ Name | Type | Description | Notes
 **CreatedBy** | **string** |  | [optional] [readonly] 
 **CreatedDate** | **string** |  | [optional] [readonly] 
 **Id** | **string** |  | [optional] [readonly] 
+**LastUpdate** | **string** |  | [optional] [readonly] 
 **LastUpdatedBy** | **string** |  | [optional] [readonly] 
-**LastUpdatedDate** | **string** |  | [optional] [readonly] 
 **Name** | **string** | Display name of the Device Assurance Policy | [optional] 
 **Platform** | [**Platform**](Platform.md) |  | [optional] 
 **Links** | [**LinksSelf**](LinksSelf.md) |  | [optional] 
diff --git a/docs/DeviceAssuranceIOSPlatform.md b/docs/DeviceAssuranceIOSPlatform.md
index 29bd7558b..1f1310b36 100644
--- a/docs/DeviceAssuranceIOSPlatform.md
+++ b/docs/DeviceAssuranceIOSPlatform.md
@@ -7,16 +7,14 @@ Name | Type | Description | Notes
 **CreatedBy** | **string** |  | [optional] [readonly] 
 **CreatedDate** | **string** |  | [optional] [readonly] 
 **Id** | **string** |  | [optional] [readonly] 
+**LastUpdate** | **string** |  | [optional] [readonly] 
 **LastUpdatedBy** | **string** |  | [optional] [readonly] 
-**LastUpdatedDate** | **string** |  | [optional] [readonly] 
 **Name** | **string** | Display name of the Device Assurance Policy | [optional] 
 **Platform** | [**Platform**](Platform.md) |  | [optional] 
 **Links** | [**LinksSelf**](LinksSelf.md) |  | [optional] 
-**DiskEncryptionType** | [**DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType**](DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType.md) |  | [optional] 
 **Jailbreak** | **bool** |  | [optional] 
 **OsVersion** | [**OSVersion**](OSVersion.md) |  | [optional] 
 **ScreenLockType** | [**DeviceAssuranceAndroidPlatformAllOfScreenLockType**](DeviceAssuranceAndroidPlatformAllOfScreenLockType.md) |  | [optional] 
-**SecureHardwarePresent** | **bool** |  | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/DeviceAssuranceMacOSPlatform.md b/docs/DeviceAssuranceMacOSPlatform.md
index e6dee5f07..aca9b2093 100644
--- a/docs/DeviceAssuranceMacOSPlatform.md
+++ b/docs/DeviceAssuranceMacOSPlatform.md
@@ -7,13 +7,12 @@ Name | Type | Description | Notes
 **CreatedBy** | **string** |  | [optional] [readonly] 
 **CreatedDate** | **string** |  | [optional] [readonly] 
 **Id** | **string** |  | [optional] [readonly] 
+**LastUpdate** | **string** |  | [optional] [readonly] 
 **LastUpdatedBy** | **string** |  | [optional] [readonly] 
-**LastUpdatedDate** | **string** |  | [optional] [readonly] 
 **Name** | **string** | Display name of the Device Assurance Policy | [optional] 
 **Platform** | [**Platform**](Platform.md) |  | [optional] 
 **Links** | [**LinksSelf**](LinksSelf.md) |  | [optional] 
-**DiskEncryptionType** | [**DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType**](DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType.md) |  | [optional] 
-**Jailbreak** | **bool** |  | [optional] 
+**DiskEncryptionType** | [**DeviceAssuranceMacOSPlatformAllOfDiskEncryptionType**](DeviceAssuranceMacOSPlatformAllOfDiskEncryptionType.md) |  | [optional] 
 **OsVersion** | [**OSVersion**](OSVersion.md) |  | [optional] 
 **ScreenLockType** | [**DeviceAssuranceAndroidPlatformAllOfScreenLockType**](DeviceAssuranceAndroidPlatformAllOfScreenLockType.md) |  | [optional] 
 **SecureHardwarePresent** | **bool** |  | [optional] 
diff --git a/docs/DeviceAssuranceMacOSPlatformAllOfDiskEncryptionType.md b/docs/DeviceAssuranceMacOSPlatformAllOfDiskEncryptionType.md
new file mode 100644
index 000000000..fe6108cef
--- /dev/null
+++ b/docs/DeviceAssuranceMacOSPlatformAllOfDiskEncryptionType.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.DeviceAssuranceMacOSPlatformAllOfDiskEncryptionType
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Include** | [**List&lt;DiskEncryptionTypeDesktop&gt;**](DiskEncryptionTypeDesktop.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/DeviceAssuranceWindowsPlatform.md b/docs/DeviceAssuranceWindowsPlatform.md
index e658547f6..27b517cf3 100644
--- a/docs/DeviceAssuranceWindowsPlatform.md
+++ b/docs/DeviceAssuranceWindowsPlatform.md
@@ -7,14 +7,14 @@ Name | Type | Description | Notes
 **CreatedBy** | **string** |  | [optional] [readonly] 
 **CreatedDate** | **string** |  | [optional] [readonly] 
 **Id** | **string** |  | [optional] [readonly] 
+**LastUpdate** | **string** |  | [optional] [readonly] 
 **LastUpdatedBy** | **string** |  | [optional] [readonly] 
-**LastUpdatedDate** | **string** |  | [optional] [readonly] 
 **Name** | **string** | Display name of the Device Assurance Policy | [optional] 
 **Platform** | [**Platform**](Platform.md) |  | [optional] 
 **Links** | [**LinksSelf**](LinksSelf.md) |  | [optional] 
-**DiskEncryptionType** | [**DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType**](DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType.md) |  | [optional] 
-**Jailbreak** | **bool** |  | [optional] 
-**OsVersion** | [**OSVersion**](OSVersion.md) |  | [optional] 
+**DiskEncryptionType** | [**DeviceAssuranceMacOSPlatformAllOfDiskEncryptionType**](DeviceAssuranceMacOSPlatformAllOfDiskEncryptionType.md) |  | [optional] 
+**OsVersion** | [**OSVersionFourComponents**](OSVersionFourComponents.md) |  | [optional] 
+**OsVersionConstraints** | [**List&lt;OSVersionConstraint&gt;**](OSVersionConstraint.md) | &lt;div class&#x3D;\&quot;x-lifecycle-container\&quot;&gt;&lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt;&lt;/div&gt;Specifies the Windows version requirements for the assurance policy. Each requirement must correspond to a different major version (Windows 11 or Windows 10). If a requirement isn&#39;t specified for a major version, then devices on that major version satisfy the condition.  There are two types of OS requirements: * **Static**: A specific Windows version requirement that doesn&#39;t change until you update the policy. A static OS Windows requirement is specified with &#x60;majorVersionConstraint&#x60; and &#x60;minimum&#x60;. * **Dynamic**: A Windows version requirement that is relative to the latest major release and security patch. A dynamic OS Windows requirement is specified with &#x60;majorVersionConstraint&#x60; and &#x60;dynamicVersionRequirement&#x60;.  &gt; **Note:** Dynamic OS requirements are available only if the **Dynamic OS version compliance** [self-service EA](/openapi/okta-management/guides/release-lifecycle/#early-access-ea) feature is enabled. The &#x60;osVersionConstraints&#x60; property is only supported for the Windows platform. You can&#39;t specify both &#x60;osVersion.minimum&#x60; and &#x60;osVersionConstraints&#x60; properties at the same time.  | [optional] 
 **ScreenLockType** | [**DeviceAssuranceAndroidPlatformAllOfScreenLockType**](DeviceAssuranceAndroidPlatformAllOfScreenLockType.md) |  | [optional] 
 **SecureHardwarePresent** | **bool** |  | [optional] 
 **ThirdPartySignalProviders** | [**DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders**](DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders.md) |  | [optional] 
diff --git a/docs/DeviceList.md b/docs/DeviceList.md
new file mode 100644
index 000000000..b686a4628
--- /dev/null
+++ b/docs/DeviceList.md
@@ -0,0 +1,20 @@
+# Okta.Sdk.Model.DeviceList
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | **DateTimeOffset** | Timestamp when the device was created | [optional] [readonly] 
+**Id** | **string** | Unique key for the device | [optional] [readonly] 
+**LastUpdated** | **DateTimeOffset** | Timestamp when the device record was last updated. Updates occur when Okta collects and saves device signals during authentication, and when the lifecycle state of the device changes. | [optional] [readonly] 
+**Profile** | [**DeviceProfile**](DeviceProfile.md) |  | [optional] 
+**ResourceAlternateId** | **string** |  | [optional] [readonly] 
+**ResourceDisplayName** | [**DeviceDisplayName**](DeviceDisplayName.md) |  | [optional] 
+**ResourceId** | **string** | Alternate key for the &#x60;id&#x60; | [optional] [readonly] 
+**ResourceType** | **string** |  | [optional] [readonly] [default to "UDDevice"]
+**Status** | **DeviceStatus** |  | [optional] 
+**Links** | [**LinksSelfAndFullUsersLifecycle**](LinksSelfAndFullUsersLifecycle.md) |  | [optional] 
+**Embedded** | [**DeviceListAllOfEmbedded**](DeviceListAllOfEmbedded.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/DeviceListAllOfEmbedded.md b/docs/DeviceListAllOfEmbedded.md
new file mode 100644
index 000000000..5fb2395fc
--- /dev/null
+++ b/docs/DeviceListAllOfEmbedded.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.DeviceListAllOfEmbedded
+List of associated users for the device if the `expand=user` query parameter is specified in the request. Use `expand=userSummary` to get only a summary of each associated user for the device.
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Users** | [**List&lt;DeviceUser&gt;**](DeviceUser.md) | Users for the device | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/DeviceProfile.md b/docs/DeviceProfile.md
index 51db7785c..469691955 100644
--- a/docs/DeviceProfile.md
+++ b/docs/DeviceProfile.md
@@ -17,7 +17,7 @@ Name | Type | Description | Notes
 **SecureHardwarePresent** | **bool** | Indicates if the device contains a secure hardware functionality | [optional] 
 **SerialNumber** | **string** | Serial number of the device | [optional] 
 **Sid** | **string** | Windows Security identifier of the device | [optional] 
-**TpmPublicKeyHash** | **string** | Windows Trsted Platform Module hash value | [optional] 
+**TpmPublicKeyHash** | **string** | Windows Trusted Platform Module hash value | [optional] 
 **Udid** | **string** | macOS Unique Device identifier of the device | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
diff --git a/docs/DigestAlgorithm.md b/docs/DigestAlgorithm.md
index cc5512c31..983e44caa 100644
--- a/docs/DigestAlgorithm.md
+++ b/docs/DigestAlgorithm.md
@@ -1,4 +1,5 @@
 # Okta.Sdk.Model.DigestAlgorithm
+Algorithm used to generate the key. Only required for the PBKDF2 algorithm.
 
 ## Properties
 
diff --git a/docs/DiskEncryptionTypeAndroid.md b/docs/DiskEncryptionTypeAndroid.md
new file mode 100644
index 000000000..9c4651eb9
--- /dev/null
+++ b/docs/DiskEncryptionTypeAndroid.md
@@ -0,0 +1,9 @@
+# Okta.Sdk.Model.DiskEncryptionTypeAndroid
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/DiskEncryptionTypeDesktop.md b/docs/DiskEncryptionTypeDesktop.md
new file mode 100644
index 000000000..923e05657
--- /dev/null
+++ b/docs/DiskEncryptionTypeDesktop.md
@@ -0,0 +1,9 @@
+# Okta.Sdk.Model.DiskEncryptionTypeDesktop
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/DynamicNetworkZone.md b/docs/DynamicNetworkZone.md
new file mode 100644
index 000000000..46d612417
--- /dev/null
+++ b/docs/DynamicNetworkZone.md
@@ -0,0 +1,21 @@
+# Okta.Sdk.Model.DynamicNetworkZone
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | **DateTimeOffset** | Timestamp when the object was created | [optional] [readonly] 
+**Id** | **string** | Unique identifier for the Network Zone | [optional] [readonly] 
+**LastUpdated** | **DateTimeOffset** | Timestamp when the object was last modified | [optional] [readonly] 
+**Name** | **string** | Unique name for this Network Zone | 
+**Status** | [**NetworkZoneStatus**](NetworkZoneStatus.md) |  | [optional] 
+**System** | **bool** | Indicates a system Network Zone: * &#x60;true&#x60; for system Network Zones * &#x60;false&#x60; for custom Network Zones  The Okta org provides the following default system Network Zones: * &#x60;LegacyIpZone&#x60; * &#x60;BlockedIpZone&#x60; * &lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt; &#x60;DefaultEnhancedDynamicZone&#x60;  Admins can modify the name of the default system Network Zone and add up to 5000 gateway or proxy IP entries.  | [optional] [readonly] 
+**Type** | [**NetworkZoneType**](NetworkZoneType.md) |  | 
+**Usage** | [**NetworkZoneUsage**](NetworkZoneUsage.md) |  | [optional] 
+**Links** | [**LinksSelfAndLifecycle**](LinksSelfAndLifecycle.md) |  | [optional] 
+**Asns** | **List** |  | [optional] 
+**ProxyType** | **string** | The proxy type used for a Dynamic Network Zone | [optional] 
+**Locations** | **List** |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/ECKeyJWK.md b/docs/ECKeyJWK.md
new file mode 100644
index 000000000..90d272b80
--- /dev/null
+++ b/docs/ECKeyJWK.md
@@ -0,0 +1,16 @@
+# Okta.Sdk.Model.ECKeyJWK
+Elliptic Curve Key in JWK format, currently used during enrollment to encrypt fulfillment requests to Yubico, or during activation to verify Yubico's JWS objects in fulfillment responses. The currently agreed protocol uses P-384.
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Crv** | **string** |  | 
+**Kid** | **string** | The unique identifier of the key | 
+**Kty** | **string** | The type of public key | 
+**Use** | **string** | The intended use for the key. The ECKeyJWK is always &#x60;enc&#x60; because Okta uses it to encrypt requests to Yubico. | 
+**X** | **string** | The public x coordinate for the elliptic curve point | 
+**Y** | **string** | The public y coordinate for the elliptic curve point | 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/Email.md b/docs/Email.md
new file mode 100644
index 000000000..bc9e04f23
--- /dev/null
+++ b/docs/Email.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.Email
+Attempts to activate a `email` Factor with the specified passcode.
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**PassCode** | **string** | OTP for the current time window | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/Email1.md b/docs/Email1.md
new file mode 100644
index 000000000..49c3951d5
--- /dev/null
+++ b/docs/Email1.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.Email1
+Verifies an OTP sent by a `email` Factor challenge. If you omit `passCode` in the request, a new OTP is sent to the phone.
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**PassCode** | **string** | OTP for the current time window | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EmailContent.md b/docs/EmailContent.md
index 77dc9225e..ba38b4927 100644
--- a/docs/EmailContent.md
+++ b/docs/EmailContent.md
@@ -4,8 +4,8 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Body** | **string** | The email&#39;s HTML body. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references). | 
-**Subject** | **string** | The email&#39;s subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references). | 
+**Body** | **string** | The HTML body of the email. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).   &lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt; Not required if Custom languages for Okta Email Templates is enabled. A &#x60;null&#x60; body is replaced with a default value from one of the following in priority order:  1. An existing default email customization, if one exists 2. Okta-provided translated content for the specified language, if one exists 3. Okta-provided translated content for the brand locale, if it&#39;s set  4. Okta-provided content in English  | 
+**Subject** | **string** | The email subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).  &lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt; Not required if Custom languages for Okta Email Templates is enabled. A &#x60;null&#x60; subject is replaced with a default value from one of the following in priority order:  1. An existing default email customization, if one exists 2. Okta-provided translated content for the specified language, if one exists 3. Okta-provided translated content for the brand locale, if it&#39;s set 4. Okta-provided content in English  | 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/EmailCustomization.md b/docs/EmailCustomization.md
index 3e663b383..7e4a3863e 100644
--- a/docs/EmailCustomization.md
+++ b/docs/EmailCustomization.md
@@ -4,8 +4,8 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Body** | **string** | The email&#39;s HTML body. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references). | 
-**Subject** | **string** | The email&#39;s subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references). | 
+**Body** | **string** | The HTML body of the email. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).   &lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt; Not required if Custom languages for Okta Email Templates is enabled. A &#x60;null&#x60; body is replaced with a default value from one of the following in priority order:  1. An existing default email customization, if one exists 2. Okta-provided translated content for the specified language, if one exists 3. Okta-provided translated content for the brand locale, if it&#39;s set  4. Okta-provided content in English  | 
+**Subject** | **string** | The email subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).  &lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt; Not required if Custom languages for Okta Email Templates is enabled. A &#x60;null&#x60; subject is replaced with a default value from one of the following in priority order:  1. An existing default email customization, if one exists 2. Okta-provided translated content for the specified language, if one exists 3. Okta-provided translated content for the brand locale, if it&#39;s set 4. Okta-provided content in English  | 
 **Created** | **DateTimeOffset** | The UTC time at which this email customization was created. | [optional] [readonly] 
 **Id** | **string** | A unique identifier for this email customization | [optional] [readonly] 
 **IsDefault** | **bool** | Whether this is the default customization for the email template. Each customized email template must have exactly one default customization. Defaults to &#x60;true&#x60; for the first customization and &#x60;false&#x60; thereafter. | [optional] 
diff --git a/docs/EmailDefaultContent.md b/docs/EmailDefaultContent.md
index 3e93f6724..62f396644 100644
--- a/docs/EmailDefaultContent.md
+++ b/docs/EmailDefaultContent.md
@@ -4,8 +4,8 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Body** | **string** | The email&#39;s HTML body. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references). | 
-**Subject** | **string** | The email&#39;s subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references). | 
+**Body** | **string** | The HTML body of the email. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).   &lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt; Not required if Custom languages for Okta Email Templates is enabled. A &#x60;null&#x60; body is replaced with a default value from one of the following in priority order:  1. An existing default email customization, if one exists 2. Okta-provided translated content for the specified language, if one exists 3. Okta-provided translated content for the brand locale, if it&#39;s set  4. Okta-provided content in English  | 
+**Subject** | **string** | The email subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).  &lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt; Not required if Custom languages for Okta Email Templates is enabled. A &#x60;null&#x60; subject is replaced with a default value from one of the following in priority order:  1. An existing default email customization, if one exists 2. Okta-provided translated content for the specified language, if one exists 3. Okta-provided translated content for the brand locale, if it&#39;s set 4. Okta-provided content in English  | 
 **Links** | [**LinksSelf**](LinksSelf.md) |  | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
diff --git a/docs/EmailDomain.md b/docs/EmailDomain.md
index 91fcb3e80..dcfca3236 100644
--- a/docs/EmailDomain.md
+++ b/docs/EmailDomain.md
@@ -6,6 +6,7 @@ Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **BrandId** | **string** |  | 
 **Domain** | **string** |  | 
+**ValidationSubdomain** | **string** | Subdomain for the email sender&#39;s custom mail domain. Specify your subdomain when you configure a custom mail domain. | [optional] [default to "mail"]
 **DisplayName** | **string** |  | 
 **UserName** | **string** |  | 
 
diff --git a/docs/EmailDomainResponse.md b/docs/EmailDomainResponse.md
index c513fee1e..7a5a564ad 100644
--- a/docs/EmailDomainResponse.md
+++ b/docs/EmailDomainResponse.md
@@ -8,6 +8,7 @@ Name | Type | Description | Notes
 **Domain** | **string** |  | [optional] 
 **Id** | **string** |  | [optional] 
 **ValidationStatus** | **EmailDomainStatus** |  | [optional] 
+**ValidationSubdomain** | **string** | The subdomain for the email sender&#39;s custom mail domain | [optional] [default to "mail"]
 **DisplayName** | **string** |  | 
 **UserName** | **string** |  | 
 
diff --git a/docs/EmailServerPost.md b/docs/EmailServerPost.md
index 29f0ae240..4c373f534 100644
--- a/docs/EmailServerPost.md
+++ b/docs/EmailServerPost.md
@@ -4,12 +4,12 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Alias** | **string** | A name to identify this configuration | 
-**Enabled** | **bool** | True if and only if all email traffic should be routed through this SMTP Server | [optional] 
-**Host** | **string** | The address of the SMTP Server | 
-**Port** | **int** | The port number of the SMTP Server | 
-**Username** | **string** | The username to use with your SMTP Server | 
-**Password** | **string** | The password to use with your SMTP server | 
+**Alias** | **string** | Human-readable name for your SMTP server | 
+**Enabled** | **bool** | If &#x60;true&#x60;, routes all email traffic through your SMTP server | [optional] 
+**Host** | **string** | Hostname or IP address of your SMTP server | 
+**Port** | **int** | Port number of your SMTP server | 
+**Username** | **string** | Username used to access your SMTP server | 
+**Password** | **string** | Password used to access your SMTP server | 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/EmailServerRequest.md b/docs/EmailServerRequest.md
index 286700448..103c8957a 100644
--- a/docs/EmailServerRequest.md
+++ b/docs/EmailServerRequest.md
@@ -4,12 +4,12 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Alias** | **string** | A name to identify this configuration | [optional] 
-**Enabled** | **bool** | True if and only if all email traffic should be routed through this SMTP Server | [optional] 
-**Host** | **string** | The address of the SMTP Server | [optional] 
-**Port** | **int** | The port number of the SMTP Server | [optional] 
-**Username** | **string** | The username to use with your SMTP Server | [optional] 
-**Password** | **string** | The password to use with your SMTP server | [optional] 
+**Alias** | **string** | Human-readable name for your SMTP server | [optional] 
+**Enabled** | **bool** | If &#x60;true&#x60;, routes all email traffic through your SMTP server | [optional] 
+**Host** | **string** | Hostname or IP address of your SMTP server | [optional] 
+**Port** | **int** | Port number of your SMTP server | [optional] 
+**Username** | **string** | Username used to access your SMTP server | [optional] 
+**Password** | **string** | Password used to access your SMTP server | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/EmailServerResponse.md b/docs/EmailServerResponse.md
index e1317c6a9..c53b904a8 100644
--- a/docs/EmailServerResponse.md
+++ b/docs/EmailServerResponse.md
@@ -4,12 +4,12 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Alias** | **string** | A name to identify this configuration | [optional] 
-**Enabled** | **bool** | True if and only if all email traffic should be routed through this SMTP Server | [optional] 
-**Host** | **string** | The address of the SMTP Server | [optional] 
-**Port** | **int** | The port number of the SMTP Server | [optional] 
-**Username** | **string** | The username to use with your SMTP Server | [optional] 
-**Id** | **string** |  | [optional] 
+**Alias** | **string** | Human-readable name for your SMTP server | [optional] 
+**Enabled** | **bool** | If &#x60;true&#x60;, routes all email traffic through your SMTP server | [optional] 
+**Host** | **string** | Hostname or IP address of your SMTP server | [optional] 
+**Port** | **int** | Port number of your SMTP server | [optional] 
+**Username** | **string** | Username used to access your SMTP server | [optional] 
+**Id** | **string** | ID of your SMTP server | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/EmailSettingsResponse.md b/docs/EmailSettingsResponse.md
new file mode 100644
index 000000000..a8b1ff143
--- /dev/null
+++ b/docs/EmailSettingsResponse.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.EmailSettingsResponse
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Recipients** | **string** |  | [optional] 
+**Links** | [**EmailSettingsResponseLinks**](EmailSettingsResponseLinks.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EmailSettingsResponseLinks.md b/docs/EmailSettingsResponseLinks.md
new file mode 100644
index 000000000..21c9ae01a
--- /dev/null
+++ b/docs/EmailSettingsResponseLinks.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.EmailSettingsResponseLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | [**HrefObject**](HrefObject.md) |  | [optional] 
+**Template** | [**HrefObject**](HrefObject.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EmailTemplateResponse.md b/docs/EmailTemplateResponse.md
new file mode 100644
index 000000000..36148b371
--- /dev/null
+++ b/docs/EmailTemplateResponse.md
@@ -0,0 +1,12 @@
+# Okta.Sdk.Model.EmailTemplateResponse
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Name** | **string** | The name of this email template | [optional] [readonly] 
+**Embedded** | [**EmailTemplateResponseEmbedded**](EmailTemplateResponseEmbedded.md) |  | [optional] 
+**Links** | [**EmailTemplateResponseLinks**](EmailTemplateResponseLinks.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EmailTemplateResponseEmbedded.md b/docs/EmailTemplateResponseEmbedded.md
new file mode 100644
index 000000000..2b134148f
--- /dev/null
+++ b/docs/EmailTemplateResponseEmbedded.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.EmailTemplateResponseEmbedded
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Settings** | [**EmailSettingsResponse**](EmailSettingsResponse.md) |  | [optional] 
+**CustomizationCount** | **int** |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EmailTemplateResponseLinks.md b/docs/EmailTemplateResponseLinks.md
new file mode 100644
index 000000000..3e576e689
--- /dev/null
+++ b/docs/EmailTemplateResponseLinks.md
@@ -0,0 +1,14 @@
+# Okta.Sdk.Model.EmailTemplateResponseLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | [**HrefObjectSelfLink**](HrefObjectSelfLink.md) |  | [optional] 
+**Settings** | [**HrefObject**](HrefObject.md) |  | [optional] 
+**DefaultContent** | [**HrefObject**](HrefObject.md) |  | [optional] 
+**Customizations** | [**HrefObject**](HrefObject.md) |  | [optional] 
+**Test** | [**HrefObject**](HrefObject.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EmailTemplateTouchPointVariant.md b/docs/EmailTemplateTouchPointVariant.md
index 093f12788..409905645 100644
--- a/docs/EmailTemplateTouchPointVariant.md
+++ b/docs/EmailTemplateTouchPointVariant.md
@@ -1,4 +1,5 @@
 # Okta.Sdk.Model.EmailTemplateTouchPointVariant
+Variant for email templates. You can publish a theme for email templates with different combinations of assets. Variants are preset combinations of those assets. 
 
 ## Properties
 
diff --git a/docs/EmailTestAddresses.md b/docs/EmailTestAddresses.md
index a78599ef7..2cfe3bc13 100644
--- a/docs/EmailTestAddresses.md
+++ b/docs/EmailTestAddresses.md
@@ -4,8 +4,8 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**From** | **string** | An email address to send the test email from | 
-**To** | **string** | An email address to send the test email to | 
+**From** | **string** | Email address that sends test emails | 
+**To** | **string** | Email address that receives test emails | 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/EndUserDashboardTouchPointVariant.md b/docs/EndUserDashboardTouchPointVariant.md
index d8e21ee78..46a075597 100644
--- a/docs/EndUserDashboardTouchPointVariant.md
+++ b/docs/EndUserDashboardTouchPointVariant.md
@@ -1,4 +1,5 @@
 # Okta.Sdk.Model.EndUserDashboardTouchPointVariant
+Variant for the Okta End-User Dashboard. You can publish a theme for end-user dashboard with different combinations of assets. Variants are preset combinations of those assets. 
 
 ## Properties
 
diff --git a/docs/EndpointAuthMethod.md b/docs/EndpointAuthMethod.md
new file mode 100644
index 000000000..2a2c13449
--- /dev/null
+++ b/docs/EndpointAuthMethod.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.EndpointAuthMethod
+Requested authentication method for OAuth 2.0 endpoints.
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EnhancedDynamicNetworkZone.md b/docs/EnhancedDynamicNetworkZone.md
new file mode 100644
index 000000000..9b4d86459
--- /dev/null
+++ b/docs/EnhancedDynamicNetworkZone.md
@@ -0,0 +1,21 @@
+# Okta.Sdk.Model.EnhancedDynamicNetworkZone
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | **DateTimeOffset** | Timestamp when the object was created | [optional] [readonly] 
+**Id** | **string** | Unique identifier for the Network Zone | [optional] [readonly] 
+**LastUpdated** | **DateTimeOffset** | Timestamp when the object was last modified | [optional] [readonly] 
+**Name** | **string** | Unique name for this Network Zone | 
+**Status** | [**NetworkZoneStatus**](NetworkZoneStatus.md) |  | [optional] 
+**System** | **bool** | Indicates a system Network Zone: * &#x60;true&#x60; for system Network Zones * &#x60;false&#x60; for custom Network Zones  The Okta org provides the following default system Network Zones: * &#x60;LegacyIpZone&#x60; * &#x60;BlockedIpZone&#x60; * &lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt; &#x60;DefaultEnhancedDynamicZone&#x60;  Admins can modify the name of the default system Network Zone and add up to 5000 gateway or proxy IP entries.  | [optional] [readonly] 
+**Type** | [**NetworkZoneType**](NetworkZoneType.md) |  | 
+**Usage** | [**NetworkZoneUsage**](NetworkZoneUsage.md) |  | [optional] 
+**Links** | [**LinksSelfAndLifecycle**](LinksSelfAndLifecycle.md) |  | [optional] 
+**Asns** | [**EnhancedDynamicNetworkZoneAllOfAsns**](EnhancedDynamicNetworkZoneAllOfAsns.md) |  | [optional] 
+**Locations** | [**EnhancedDynamicNetworkZoneAllOfLocations**](EnhancedDynamicNetworkZoneAllOfLocations.md) |  | [optional] 
+**IpServiceCategories** | [**EnhancedDynamicNetworkZoneAllOfIpServiceCategories**](EnhancedDynamicNetworkZoneAllOfIpServiceCategories.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EnhancedDynamicNetworkZoneAllOfAsns.md b/docs/EnhancedDynamicNetworkZoneAllOfAsns.md
new file mode 100644
index 000000000..625cbd18b
--- /dev/null
+++ b/docs/EnhancedDynamicNetworkZoneAllOfAsns.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.EnhancedDynamicNetworkZoneAllOfAsns
+<div class=\"x-lifecycle-container\"><x-lifecycle class=\"ea\"></x-lifecycle></div>The list of ASNs associated with an Enhanced Dynamic Network Zone
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Include** | **List** |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EnhancedDynamicNetworkZoneAllOfIpServiceCategories.md b/docs/EnhancedDynamicNetworkZoneAllOfIpServiceCategories.md
new file mode 100644
index 000000000..bd95faf85
--- /dev/null
+++ b/docs/EnhancedDynamicNetworkZoneAllOfIpServiceCategories.md
@@ -0,0 +1,12 @@
+# Okta.Sdk.Model.EnhancedDynamicNetworkZoneAllOfIpServiceCategories
+<div class=\"x-lifecycle-container\"><x-lifecycle class=\"ea\"></x-lifecycle></div>IP services, such as a proxy or VPN, to include or exclude for an Enhanced Dynamic Network Zone
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Include** | [**List&lt;IPServiceCategory&gt;**](IPServiceCategory.md) | IP services to include for an Enhanced Dynamic Network Zone | [optional] 
+**Exclude** | [**List&lt;IPServiceCategory&gt;**](IPServiceCategory.md) | IP services to exclude for an Enhanced Dynamic Network Zone | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EnhancedDynamicNetworkZoneAllOfLocations.md b/docs/EnhancedDynamicNetworkZoneAllOfLocations.md
new file mode 100644
index 000000000..8159caeae
--- /dev/null
+++ b/docs/EnhancedDynamicNetworkZoneAllOfLocations.md
@@ -0,0 +1,12 @@
+# Okta.Sdk.Model.EnhancedDynamicNetworkZoneAllOfLocations
+<div class=\"x-lifecycle-container\"><x-lifecycle class=\"ea\"></x-lifecycle></div>The list of geolocations to include or exclude for an Enhanced Dynamic Network Zone
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Include** | **List** |  | [optional] 
+**Exclude** | **List** |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EnrollmentActivationRequest.md b/docs/EnrollmentActivationRequest.md
new file mode 100644
index 000000000..b2c5bb266
--- /dev/null
+++ b/docs/EnrollmentActivationRequest.md
@@ -0,0 +1,17 @@
+# Okta.Sdk.Model.EnrollmentActivationRequest
+Enrollment Initialization Request
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**CredResponses** | [**List&lt;WebAuthnCredResponse&gt;**](WebAuthnCredResponse.md) | List of credential responses from the fulfillment provider | [optional] 
+**FulfillmentProvider** | **string** | Name of the fulfillment provider for the WebAuthn Preregistration Factor | [optional] 
+**PinResponseJwe** | **string** | Encrypted JWE of PIN response from the fulfillment provider | [optional] 
+**Serial** | **string** | Serial number of the YubiKey | [optional] 
+**UserId** | **string** | ID of an existing Okta user | [optional] 
+**_Version** | **string** | Firmware version of the YubiKey | [optional] 
+**YubicoSigningJwks** | [**List&lt;ECKeyJWK&gt;**](ECKeyJWK.md) | List of usable signing keys from Yubico (in JWKS format) used to verify the JWS inside the JWE | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EnrollmentActivationResponse.md b/docs/EnrollmentActivationResponse.md
new file mode 100644
index 000000000..9e3eae084
--- /dev/null
+++ b/docs/EnrollmentActivationResponse.md
@@ -0,0 +1,13 @@
+# Okta.Sdk.Model.EnrollmentActivationResponse
+Enrollment Initialization Response
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AuthenticatorEnrollmentIds** | **List&lt;string&gt;** | List of IDs for preregistered WebAuthn Factors in Okta | [optional] 
+**FulfillmentProvider** | **string** | Name of the fulfillment provider for the WebAuthn Preregistration Factor | [optional] 
+**UserId** | **string** | ID of an existing Okta user | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EnrollmentInitializationRequest.md b/docs/EnrollmentInitializationRequest.md
new file mode 100644
index 000000000..5b13485a1
--- /dev/null
+++ b/docs/EnrollmentInitializationRequest.md
@@ -0,0 +1,14 @@
+# Okta.Sdk.Model.EnrollmentInitializationRequest
+Enrollment Initialization Request
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**EnrollmentRpIds** | **List&lt;string&gt;** | List of Relying Party hostnames to register on the YubiKey. | [optional] 
+**FulfillmentProvider** | **string** | Name of the fulfillment provider for the WebAuthn Preregistration Factor | [optional] 
+**UserId** | **string** | ID of an existing Okta user | [optional] 
+**YubicoTransportKeyJWK** | [**ECKeyJWK**](ECKeyJWK.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EnrollmentInitializationResponse.md b/docs/EnrollmentInitializationResponse.md
new file mode 100644
index 000000000..407188c56
--- /dev/null
+++ b/docs/EnrollmentInitializationResponse.md
@@ -0,0 +1,14 @@
+# Okta.Sdk.Model.EnrollmentInitializationResponse
+Yubico Transport Key in the form of a JWK, used to encrypt our fulfillment request to Yubico. The currently agreed protocol uses P-384.
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**CredRequests** | [**List&lt;WebAuthnCredRequest&gt;**](WebAuthnCredRequest.md) | List of credential requests for the fulfillment provider | [optional] 
+**FulfillmentProvider** | **string** | Name of the fulfillment provider for the WebAuthn Preregistration Factor | [optional] 
+**PinRequestJwe** | **string** | Encrypted JWE of PIN request for the fulfillment provider | [optional] 
+**UserId** | **string** | ID of an existing Okta user | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EntitlementValue.md b/docs/EntitlementValue.md
new file mode 100644
index 000000000..6f7f6a8ce
--- /dev/null
+++ b/docs/EntitlementValue.md
@@ -0,0 +1,13 @@
+# Okta.Sdk.Model.EntitlementValue
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | **string** |  | [optional] 
+**Name** | **string** |  | [optional] 
+**Value** | **string** |  | [optional] 
+**Links** | [**EntitlementValueLinks**](EntitlementValueLinks.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EntitlementValueLinks.md b/docs/EntitlementValueLinks.md
new file mode 100644
index 000000000..6435958fb
--- /dev/null
+++ b/docs/EntitlementValueLinks.md
@@ -0,0 +1,12 @@
+# Okta.Sdk.Model.EntitlementValueLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Group** | [**HrefObject**](HrefObject.md) |  | [optional] 
+**App** | [**HrefObject**](HrefObject.md) |  | [optional] 
+**ResourceSet** | [**HrefObject**](HrefObject.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EntitlementValueLinksAnyOf.md b/docs/EntitlementValueLinksAnyOf.md
new file mode 100644
index 000000000..8be97cdd2
--- /dev/null
+++ b/docs/EntitlementValueLinksAnyOf.md
@@ -0,0 +1,12 @@
+# Okta.Sdk.Model.EntitlementValueLinksAnyOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Group** | [**HrefObject**](HrefObject.md) |  | [optional] 
+**App** | [**HrefObject**](HrefObject.md) |  | [optional] 
+**ResourceSet** | [**HrefObject**](HrefObject.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EntitlementValuesResponse.md b/docs/EntitlementValuesResponse.md
new file mode 100644
index 000000000..4b51b4534
--- /dev/null
+++ b/docs/EntitlementValuesResponse.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.EntitlementValuesResponse
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**EntitlementValues** | [**List&lt;EntitlementValue&gt;**](EntitlementValue.md) |  | [optional] 
+**Links** | [**EntitlementValuesResponseLinks**](EntitlementValuesResponseLinks.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EntitlementValuesResponseLinks.md b/docs/EntitlementValuesResponseLinks.md
new file mode 100644
index 000000000..c1e74e84f
--- /dev/null
+++ b/docs/EntitlementValuesResponseLinks.md
@@ -0,0 +1,13 @@
+# Okta.Sdk.Model.EntitlementValuesResponseLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | [**HrefObjectSelfLink**](HrefObjectSelfLink.md) |  | [optional] 
+**Next** | [**HrefObject**](HrefObject.md) |  | [optional] 
+**Bundle** | [**HrefObject**](HrefObject.md) |  | [optional] 
+**Entitlements** | [**HrefObject**](HrefObject.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EntitlementValuesResponseLinksAnyOf.md b/docs/EntitlementValuesResponseLinksAnyOf.md
new file mode 100644
index 000000000..c2c3df26a
--- /dev/null
+++ b/docs/EntitlementValuesResponseLinksAnyOf.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.EntitlementValuesResponseLinksAnyOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Bundle** | [**HrefObject**](HrefObject.md) |  | [optional] 
+**Entitlements** | [**HrefObject**](HrefObject.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EntityRiskPolicy.md b/docs/EntityRiskPolicy.md
new file mode 100644
index 000000000..2c09bdfe7
--- /dev/null
+++ b/docs/EntityRiskPolicy.md
@@ -0,0 +1,21 @@
+# Okta.Sdk.Model.EntityRiskPolicy
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | **DateTimeOffset** | Timestamp when the Policy was created | [optional] [readonly] 
+**Description** | **string** | Policy description | [optional] 
+**Id** | **string** | Policy ID | [optional] [readonly] 
+**LastUpdated** | **DateTimeOffset** | Timestamp when the Policy was last updated | [optional] [readonly] 
+**Name** | **string** | Policy name | [optional] 
+**Priority** | **int** | Specifies the order in which this Policy is evaluated in relation to the other policies | [optional] 
+**Status** | [**LifecycleStatus**](LifecycleStatus.md) |  | [optional] 
+**System** | **bool** | Specifies whether Okta created the Policy | [optional] 
+**Type** | [**PolicyType**](PolicyType.md) |  | [optional] 
+**Embedded** | **Dictionary&lt;string, Object&gt;** |  | [optional] [readonly] 
+**Links** | [**PolicyLinks**](PolicyLinks.md) |  | [optional] 
+**Conditions** | **string** | Policy conditions aren&#39;t supported for this policy types. | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EntityRiskPolicyRule.md b/docs/EntityRiskPolicyRule.md
new file mode 100644
index 000000000..daa10f6ac
--- /dev/null
+++ b/docs/EntityRiskPolicyRule.md
@@ -0,0 +1,19 @@
+# Okta.Sdk.Model.EntityRiskPolicyRule
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | **DateTimeOffset?** | Timestamp when the rule was created | [optional] [readonly] 
+**Id** | **string** | Identifier for the rule | [optional] 
+**LastUpdated** | **DateTimeOffset?** | Timestamp when the rule was last modified | [optional] [readonly] 
+**Name** | **string** | Name of the rule | [optional] 
+**Priority** | **int** | Priority of the rule | [optional] 
+**Status** | [**LifecycleStatus**](LifecycleStatus.md) |  | [optional] 
+**System** | **bool** | Specifies whether Okta created the Policy Rule (&#x60;system&#x3D;true&#x60;). You can&#39;t delete Policy Rules that have &#x60;system&#x60; set to &#x60;true&#x60;. | [optional] [default to false]
+**Type** | [**PolicyRuleType**](PolicyRuleType.md) |  | [optional] 
+**Actions** | [**EntityRiskPolicyRuleAllOfActions**](EntityRiskPolicyRuleAllOfActions.md) |  | [optional] 
+**Conditions** | [**EntityRiskPolicyRuleAllOfConditions**](EntityRiskPolicyRuleAllOfConditions.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EntityRiskPolicyRuleActionRunWorkflow.md b/docs/EntityRiskPolicyRuleActionRunWorkflow.md
new file mode 100644
index 000000000..a02673565
--- /dev/null
+++ b/docs/EntityRiskPolicyRuleActionRunWorkflow.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.EntityRiskPolicyRuleActionRunWorkflow
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Action** | **string** |  | [optional] 
+**Workflow** | [**ContinuousAccessPolicyRuleRunWorkflowWorkflow**](ContinuousAccessPolicyRuleRunWorkflowWorkflow.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EntityRiskPolicyRuleActionTerminateAllSessions.md b/docs/EntityRiskPolicyRuleActionTerminateAllSessions.md
new file mode 100644
index 000000000..8984c15ff
--- /dev/null
+++ b/docs/EntityRiskPolicyRuleActionTerminateAllSessions.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.EntityRiskPolicyRuleActionTerminateAllSessions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Action** | **string** | This action revokes or terminates all of the user&#39;s active sessions. | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EntityRiskPolicyRuleActionsObject.md b/docs/EntityRiskPolicyRuleActionsObject.md
new file mode 100644
index 000000000..2a27b45f1
--- /dev/null
+++ b/docs/EntityRiskPolicyRuleActionsObject.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.EntityRiskPolicyRuleActionsObject
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Action** | **string** |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EntityRiskPolicyRuleAllOfActions.md b/docs/EntityRiskPolicyRuleAllOfActions.md
new file mode 100644
index 000000000..8a359aeb6
--- /dev/null
+++ b/docs/EntityRiskPolicyRuleAllOfActions.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.EntityRiskPolicyRuleAllOfActions
+The action to take based on the risk event
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**EntityRisk** | [**EntityRiskPolicyRuleAllOfActionsEntityRisk**](EntityRiskPolicyRuleAllOfActionsEntityRisk.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EntityRiskPolicyRuleAllOfActionsEntityRisk.md b/docs/EntityRiskPolicyRuleAllOfActionsEntityRisk.md
new file mode 100644
index 000000000..2cb7d56af
--- /dev/null
+++ b/docs/EntityRiskPolicyRuleAllOfActionsEntityRisk.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.EntityRiskPolicyRuleAllOfActionsEntityRisk
+The object that contains the `actions` array
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Actions** | [**List&lt;EntityRiskPolicyRuleActionsObject&gt;**](EntityRiskPolicyRuleActionsObject.md) | The &#x60;entityRisk&#x60; object&#39;s &#x60;actions&#x60; array can be empty or contain one of two &#x60;action&#x60; object value pairs. This object determines the specific response to a risk event. | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EntityRiskPolicyRuleAllOfConditions.md b/docs/EntityRiskPolicyRuleAllOfConditions.md
new file mode 100644
index 000000000..b2f86c600
--- /dev/null
+++ b/docs/EntityRiskPolicyRuleAllOfConditions.md
@@ -0,0 +1,12 @@
+# Okta.Sdk.Model.EntityRiskPolicyRuleAllOfConditions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**People** | [**PolicyPeopleCondition**](PolicyPeopleCondition.md) |  | [optional] 
+**RiskDetectionTypes** | [**EntityRiskPolicyRuleAllOfConditionsRiskDetectionTypes**](EntityRiskPolicyRuleAllOfConditionsRiskDetectionTypes.md) |  | [optional] 
+**EntityRisk** | [**EntityRiskPolicyRuleAllOfConditionsEntityRisk**](EntityRiskPolicyRuleAllOfConditionsEntityRisk.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EntityRiskPolicyRuleAllOfConditionsEntityRisk.md b/docs/EntityRiskPolicyRuleAllOfConditionsEntityRisk.md
new file mode 100644
index 000000000..511e1ecfd
--- /dev/null
+++ b/docs/EntityRiskPolicyRuleAllOfConditionsEntityRisk.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.EntityRiskPolicyRuleAllOfConditionsEntityRisk
+The risk score level of the entity risk policy rule
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Level** | **string** |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EntityRiskPolicyRuleAllOfConditionsRiskDetectionTypes.md b/docs/EntityRiskPolicyRuleAllOfConditionsRiskDetectionTypes.md
new file mode 100644
index 000000000..b38e2abe4
--- /dev/null
+++ b/docs/EntityRiskPolicyRuleAllOfConditionsRiskDetectionTypes.md
@@ -0,0 +1,12 @@
+# Okta.Sdk.Model.EntityRiskPolicyRuleAllOfConditionsRiskDetectionTypes
+An object that references detected risk events. This object can have an `include` parameter or an `exclude` parameter, but not both.
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Exclude** | [**List&lt;DetectedRiskEvents&gt;**](DetectedRiskEvents.md) | An array of detected risk events to exclude in the entity policy rule | [optional] 
+**Include** | [**List&lt;DetectedRiskEvents&gt;**](DetectedRiskEvents.md) | An array of detected risk events to include in the entity policy rule | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/Error.md b/docs/Error.md
index 22676e52b..63f56d0ac 100644
--- a/docs/Error.md
+++ b/docs/Error.md
@@ -4,7 +4,7 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**ErrorCauses** | [**List&lt;ErrorErrorCausesInner&gt;**](ErrorErrorCausesInner.md) |  | [optional] 
+**ErrorCauses** | [**List&lt;ErrorCause&gt;**](ErrorCause.md) |  | [optional] 
 **ErrorCode** | **string** | An Okta code for this type of error | [optional] 
 **ErrorId** | **string** | A unique identifier for this error. This can be used by Okta Support to help with troubleshooting. | [optional] 
 **ErrorLink** | **string** | An Okta code for this type of error | [optional] 
diff --git a/docs/ErrorCause.md b/docs/ErrorCause.md
new file mode 100644
index 000000000..1cbeeb7d8
--- /dev/null
+++ b/docs/ErrorCause.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.ErrorCause
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ErrorSummary** | **string** |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/ErrorPage.md b/docs/ErrorPage.md
index d7e2a8c9e..b39d0a768 100644
--- a/docs/ErrorPage.md
+++ b/docs/ErrorPage.md
@@ -4,7 +4,7 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**PageContent** | **string** |  | [optional] 
+**PageContent** | **string** | The HTML for the page | [optional] 
 **ContentSecurityPolicySetting** | [**ContentSecurityPolicySetting**](ContentSecurityPolicySetting.md) |  | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
diff --git a/docs/ErrorPageTouchPointVariant.md b/docs/ErrorPageTouchPointVariant.md
index 5899b0613..016cc9329 100644
--- a/docs/ErrorPageTouchPointVariant.md
+++ b/docs/ErrorPageTouchPointVariant.md
@@ -1,4 +1,5 @@
 # Okta.Sdk.Model.ErrorPageTouchPointVariant
+Variant for the error page. You can publish a theme for error page with different combinations of assets. Variants are preset combinations of those assets. 
 
 ## Properties
 
diff --git a/docs/EventHook.md b/docs/EventHook.md
index bdffeaaa5..db887c314 100644
--- a/docs/EventHook.md
+++ b/docs/EventHook.md
@@ -4,16 +4,17 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Channel** | [**EventHookChannel**](EventHookChannel.md) |  | [optional] 
-**Created** | **DateTimeOffset** |  | [optional] [readonly] 
-**CreatedBy** | **string** |  | [optional] 
-**Events** | [**EventSubscriptions**](EventSubscriptions.md) |  | [optional] 
-**Id** | **string** |  | [optional] [readonly] 
-**LastUpdated** | **DateTimeOffset** |  | [optional] [readonly] 
-**Name** | **string** |  | [optional] 
-**Status** | **LifecycleStatus** |  | [optional] 
+**Channel** | [**EventHookChannel**](EventHookChannel.md) |  | 
+**Created** | **DateTimeOffset** | Timestamp of the event hook creation | [optional] [readonly] 
+**CreatedBy** | **string** | The ID of the user who created the event hook | [optional] [readonly] 
+**Description** | **string** | Description of the event hook | [optional] 
+**Events** | [**EventSubscriptions**](EventSubscriptions.md) |  | 
+**Id** | **string** | Unique key for the event hook | [optional] [readonly] 
+**LastUpdated** | **DateTimeOffset** | Date of the last event hook update | [optional] [readonly] 
+**Name** | **string** | Display name for the event hook | 
+**Status** | **string** | Status of the event hook | [optional] [readonly] 
 **VerificationStatus** | **EventHookVerificationStatus** |  | [optional] 
-**Links** | [**LinksSelf**](LinksSelf.md) |  | [optional] 
+**Links** | [**EventHookLinks**](EventHookLinks.md) |  | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/EventHookChannel.md b/docs/EventHookChannel.md
index 9166a9351..99605b3bb 100644
--- a/docs/EventHookChannel.md
+++ b/docs/EventHookChannel.md
@@ -4,9 +4,9 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Config** | [**EventHookChannelConfig**](EventHookChannelConfig.md) |  | [optional] 
-**Type** | **EventHookChannelType** |  | [optional] 
-**_Version** | **string** |  | [optional] 
+**Config** | [**EventHookChannelConfig**](EventHookChannelConfig.md) |  | 
+**Type** | **EventHookChannelType** |  | 
+**_Version** | **string** | Version of the channel. Currently the only supported version is &#x60;1.0.0&#x60;&#x60;. | 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/EventHookChannelConfig.md b/docs/EventHookChannelConfig.md
index 718e4633b..fe142adf6 100644
--- a/docs/EventHookChannelConfig.md
+++ b/docs/EventHookChannelConfig.md
@@ -5,8 +5,9 @@
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **AuthScheme** | [**EventHookChannelConfigAuthScheme**](EventHookChannelConfigAuthScheme.md) |  | [optional] 
-**Headers** | [**List&lt;EventHookChannelConfigHeader&gt;**](EventHookChannelConfigHeader.md) |  | [optional] 
-**Uri** | **string** |  | [optional] 
+**Headers** | [**List&lt;EventHookChannelConfigHeader&gt;**](EventHookChannelConfigHeader.md) | Optional list of key/value pairs for headers that can be sent with the request to the external service. For example, &#x60;X-Other-Header&#x60; is an example of an optional header, with a value of &#x60;my-header-value&#x60;, that you want Okta to pass to your external service. | [optional] 
+**Method** | **string** | The method of the Okta event hook request | [optional] [readonly] 
+**Uri** | **string** | The external service endpoint called to execute the event hook handler | 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/EventHookChannelConfigAuthScheme.md b/docs/EventHookChannelConfigAuthScheme.md
index 1fecfad9f..12ea93723 100644
--- a/docs/EventHookChannelConfigAuthScheme.md
+++ b/docs/EventHookChannelConfigAuthScheme.md
@@ -1,12 +1,13 @@
 # Okta.Sdk.Model.EventHookChannelConfigAuthScheme
+The authentication scheme used for this request.  To use Basic Auth for authentication, set `type` to `HEADER`, `key` to `Authorization`, and `value` to the Base64-encoded string of \"username:password\". Ensure that you include the scheme (including space) as part of the `value` parameter. For example, `Basic YWRtaW46c3VwZXJzZWNyZXQ=`. See [HTTP Basic Authentication](/books/api-security/authn/api-authentication-options/#http-basic-authentication).
 
 ## Properties
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Key** | **string** |  | [optional] 
+**Key** | **string** | The name for the authorization header | [optional] 
 **Type** | **EventHookChannelConfigAuthSchemeType** |  | [optional] 
-**Value** | **string** |  | [optional] 
+**Value** | **string** | The header value. This secret key is passed to your external service endpoint for security verification. This property is not returned in the response. | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/EventHookChannelConfigAuthSchemeType.md b/docs/EventHookChannelConfigAuthSchemeType.md
index 6f09a0526..e4efd1e2e 100644
--- a/docs/EventHookChannelConfigAuthSchemeType.md
+++ b/docs/EventHookChannelConfigAuthSchemeType.md
@@ -1,4 +1,5 @@
 # Okta.Sdk.Model.EventHookChannelConfigAuthSchemeType
+The authentication scheme type. Currently only supports `HEADER`.
 
 ## Properties
 
diff --git a/docs/EventHookChannelConfigHeader.md b/docs/EventHookChannelConfigHeader.md
index d67f6b182..dfe859dca 100644
--- a/docs/EventHookChannelConfigHeader.md
+++ b/docs/EventHookChannelConfigHeader.md
@@ -4,8 +4,8 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Key** | **string** |  | [optional] 
-**Value** | **string** |  | [optional] 
+**Key** | **string** | The optional field or header name | [optional] 
+**Value** | **string** | The value for the key | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/EventHookChannelType.md b/docs/EventHookChannelType.md
index 19db4f9eb..d31ab9f3c 100644
--- a/docs/EventHookChannelType.md
+++ b/docs/EventHookChannelType.md
@@ -1,4 +1,5 @@
 # Okta.Sdk.Model.EventHookChannelType
+The channel type. Currently supports `HTTP`.
 
 ## Properties
 
diff --git a/docs/EventHookFilterMapObject.md b/docs/EventHookFilterMapObject.md
new file mode 100644
index 000000000..1b9579be5
--- /dev/null
+++ b/docs/EventHookFilterMapObject.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.EventHookFilterMapObject
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Condition** | [**EventHookFilterMapObjectCondition**](EventHookFilterMapObjectCondition.md) |  | [optional] 
+**Event** | **string** | The filtered event type | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EventHookFilterMapObjectCondition.md b/docs/EventHookFilterMapObjectCondition.md
new file mode 100644
index 000000000..d1b56315d
--- /dev/null
+++ b/docs/EventHookFilterMapObjectCondition.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.EventHookFilterMapObjectCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Expression** | **string** | The Okta Expression language statement that filters the event type | [optional] 
+**_Version** | **string** | Internal field | [optional] [readonly] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EventHookFilters.md b/docs/EventHookFilters.md
new file mode 100644
index 000000000..d158a6ed6
--- /dev/null
+++ b/docs/EventHookFilters.md
@@ -0,0 +1,12 @@
+# Okta.Sdk.Model.EventHookFilters
+The optional filter defined on a specific event type  > **Note:** Event hook filters is a [self-service Early Access (EA)](/openapi/okta-management/guides/release-lifecycle/#early-access-ea) to enable. If you want to disable this feature, it's recommended to first remove all event filters.
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**EventFilterMap** | [**List&lt;EventHookFilterMapObject&gt;**](EventHookFilterMapObject.md) | The object that maps the filter to the event type | [optional] 
+**Type** | **string** | The type of filter. Currently only supports &#x60;EXPRESSION_LANGUAGE&#x60; | [optional] [readonly] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EventHookLinks.md b/docs/EventHookLinks.md
new file mode 100644
index 000000000..93804ad31
--- /dev/null
+++ b/docs/EventHookLinks.md
@@ -0,0 +1,12 @@
+# Okta.Sdk.Model.EventHookLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | [**HrefObjectSelfLink**](HrefObjectSelfLink.md) |  | [optional] 
+**Deactivate** | [**HrefObject**](HrefObject.md) |  | [optional] 
+**Verify** | [**HrefObject**](HrefObject.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/EventHookVerificationStatus.md b/docs/EventHookVerificationStatus.md
index a65a2ba44..4cbd653ec 100644
--- a/docs/EventHookVerificationStatus.md
+++ b/docs/EventHookVerificationStatus.md
@@ -1,4 +1,5 @@
 # Okta.Sdk.Model.EventHookVerificationStatus
+Verification status of the event hook. `UNVERIFIED` event hooks won't receive any events.
 
 ## Properties
 
diff --git a/docs/EventSubscriptionType.md b/docs/EventSubscriptionType.md
index ad8be5612..eaaa32a21 100644
--- a/docs/EventSubscriptionType.md
+++ b/docs/EventSubscriptionType.md
@@ -1,4 +1,5 @@
 # Okta.Sdk.Model.EventSubscriptionType
+The events object type. Currently supports `EVENT_TYPE`.
 
 ## Properties
 
diff --git a/docs/EventSubscriptions.md b/docs/EventSubscriptions.md
index 31c6b6a7e..bf473428e 100644
--- a/docs/EventSubscriptions.md
+++ b/docs/EventSubscriptions.md
@@ -4,8 +4,9 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Items** | **List&lt;string&gt;** |  | [optional] 
-**Type** | **EventSubscriptionType** |  | [optional] 
+**Filter** | [**EventHookFilters**](EventHookFilters.md) |  | [optional] 
+**Items** | **List&lt;string&gt;** | The subscribed event types that trigger the event hook. When you register an event hook you need to specify which events you want to subscribe to. To see the list of event types currently eligible for use in event hooks, use the [Event Types catalog](/docs/reference/api/event-types/#catalog) and search with the parameter &#x60;event-hook-eligible&#x60;. | 
+**Type** | **EventSubscriptionType** |  | 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/Expression.md b/docs/Expression.md
new file mode 100644
index 000000000..35461f50d
--- /dev/null
+++ b/docs/Expression.md
@@ -0,0 +1,10 @@
+# Okta.Sdk.Model.Expression
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Value** | **string** |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/FCMPushProvider.md b/docs/FCMPushProvider.md
index 8d102f985..d1e034ffd 100644
--- a/docs/FCMPushProvider.md
+++ b/docs/FCMPushProvider.md
@@ -4,8 +4,8 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Id** | **string** |  | [optional] [readonly] 
-**LastUpdatedDate** | **string** |  | [optional] [readonly] 
+**Id** | **string** | Unique key for the Push Provider | [optional] [readonly] 
+**LastUpdatedDate** | **string** | Timestamp when the Push Provider was last modified | [optional] [readonly] 
 **Name** | **string** | Display name of the push provider | [optional] 
 **ProviderType** | [**ProviderType**](ProviderType.md) |  | [optional] 
 **Links** | [**LinksSelf**](LinksSelf.md) |  | [optional] 
diff --git a/docs/Feature.md b/docs/Feature.md
index ba2478ced..224f0b6ef 100644
--- a/docs/Feature.md
+++ b/docs/Feature.md
@@ -1,16 +1,17 @@
 # Okta.Sdk.Model.Feature
+Specifies feature release cycle information
 
 ## Properties
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Description** | **string** |  | [optional] 
-**Id** | **string** |  | [optional] [readonly] 
-**Name** | **string** |  | [optional] 
+**Description** | **string** | Brief description of the feature and what it provides | [optional] 
+**Id** | **string** | Unique identifier for this feature | [optional] [readonly] 
+**Name** | **string** | Name of the feature | [optional] 
 **Stage** | [**FeatureStage**](FeatureStage.md) |  | [optional] 
 **Status** | **EnabledStatus** |  | [optional] 
 **Type** | **FeatureType** |  | [optional] 
-**Links** | [**LinksSelf**](LinksSelf.md) |  | [optional] 
+**Links** | [**FeatureLinks**](FeatureLinks.md) |  | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/docs/FeatureLinks.md b/docs/FeatureLinks.md
new file mode 100644
index 000000000..70b533333
--- /dev/null
+++ b/docs/FeatureLinks.md
@@ -0,0 +1,12 @@
+# Okta.Sdk.Model.FeatureLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | [**HrefObjectSelfLink**](HrefObjectSelfLink.md) |  | [optional] 
+**Dependents** | [**FeatureLinksAllOfDependents**](FeatureLinksAllOfDependents.md) |  | [optional] 
+**Dependencies** | [**FeatureLinksAllOfDependencies**](FeatureLinksAllOfDependencies.md) |  | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/FeatureLinksAllOfDependencies.md b/docs/FeatureLinksAllOfDependencies.md
new file mode 100644
index 000000000..4652a2da5
--- /dev/null
+++ b/docs/FeatureLinksAllOfDependencies.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.FeatureLinksAllOfDependencies
+Link to feature dependencies
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Href** | **string** | Link URI | [optional] [readonly] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/FeatureLinksAllOfDependents.md b/docs/FeatureLinksAllOfDependents.md
new file mode 100644
index 000000000..44136673b
--- /dev/null
+++ b/docs/FeatureLinksAllOfDependents.md
@@ -0,0 +1,11 @@
+# Okta.Sdk.Model.FeatureLinksAllOfDependents
+Link to feature dependents
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Href** | **string** | Link URI | [optional] [readonly] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/FeatureStage.md b/docs/FeatureStage.md
index 1ee8e4b24..37fe4883e 100644
--- a/docs/FeatureStage.md
+++ b/docs/FeatureStage.md
@@ -1,4 +1,5 @@
 # Okta.Sdk.Model.FeatureStage
+Current release cycle stage of a feature  If a feature's stage value is `EA`, the state is `null` and not returned. If the value is `BETA`, the state is `OPEN` or `CLOSED` depending on whether the `BETA` feature is manageable.  > **Note:** If a feature's stage is `OPEN BETA`, you can update it only in Preview cells. If a feature's stage is `CLOSED BETA`, you can disable it only in Preview cells.
 
 ## Properties
 
diff --git a/docs/FeatureStageState.md b/docs/FeatureStageState.md
index 3f1ae7e4c..5cd93a890 100644
--- a/docs/FeatureStageState.md
+++ b/docs/FeatureStageState.md
@@ -1,4 +1,5 @@
 # Okta.Sdk.Model.FeatureStageState
+Indicates the release state of the feature
 
 ## Properties
 
diff --git a/docs/FeatureStageValue.md b/docs/FeatureStageValue.md
index 215d1e332..ff4cee1a9 100644
--- a/docs/FeatureStageValue.md
+++ b/docs/FeatureStageValue.md
@@ -1,4 +1,5 @@
 # Okta.Sdk.Model.FeatureStageValue
+Current release stage of the feature
 
 ## Properties
 
diff --git a/docs/FeatureType.md b/docs/FeatureType.md
index cdb86a3b1..7b6ad8324 100644
--- a/docs/FeatureType.md
+++ b/docs/FeatureType.md
@@ -1,4 +1,5 @@
 # Okta.Sdk.Model.FeatureType
+Type of feature
 
 ## Properties
 
diff --git a/docs/FulfillmentData.md b/docs/FulfillmentData.md
new file mode 100644
index 000000000..64781f71d
--- /dev/null
+++ b/docs/FulfillmentData.md
@@ -0,0 +1,13 @@
+# Okta.Sdk.Model.FulfillmentData
+Fulfillment provider details
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**CustomizationId** | **string** | ID for the set of custom configurations of the requested Factor | [optional] 
+**InventoryProductId** | **string** | ID for the specific inventory bucket of the requested Factor | [optional] 
+**ProductId** | **string** | ID for the make and model of the requested Factor | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/FulfillmentRequest.md b/docs/FulfillmentRequest.md
new file mode 100644
index 000000000..8947223cd
--- /dev/null
+++ b/docs/FulfillmentRequest.md
@@ -0,0 +1,13 @@
+# Okta.Sdk.Model.FulfillmentRequest
+Fulfillment Request
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**FulfillmentData** | [**FulfillmentData**](FulfillmentData.md) |  | [optional] 
+**FulfillmentProvider** | **string** | Name of the fulfillment provider for the WebAuthn Preregistration Factor | [optional] 
+**UserId** | **string** | ID of an existing Okta user | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/openapi3/management-noEnums.yaml b/openapi3/management-noEnums.yaml
deleted file mode 100644
index 77dbe1659..000000000
--- a/openapi3/management-noEnums.yaml
+++ /dev/null
@@ -1,21266 +0,0 @@
-openapi: 3.0.3
-info:
-  title: Okta API
-  description: Allows customers to easily access the Okta API
-  termsOfService: https://developer.okta.com/terms/
-  contact:
-    name: Okta Developer Team
-    url: https://developer.okta.com/
-    email: devex-public@okta.com
-  license:
-    name: Apache-2.0
-    url: https://www.apache.org/licenses/LICENSE-2.0.html
-  version: 3.0.0
-  x-logo:
-    url: logo.svg
-    backgroundColor: transparent
-    altText: Okta Developer
-externalDocs:
-  description: Find more info here
-  url: https://developer.okta.com/docs/api/getting_started/design_principles.html
-servers:
-  - url: https://{subdomain}.{domain}
-    variables:
-      subdomain:
-        default: your-subdomain
-        description: The subdomain of your organization
-      domain:
-        enum:
-          - okta.com
-          - oktapreview.com
-          - okta-emea.com
-        default: okta.com
-        description: The okta domain of your organization.
-  - url: https://{customDomain}
-    variables:
-      customDomain:
-        default: auth.your-custom-domain.com
-        description: The custom domain configured for your organization
-tags:
-  - name: AgentPools
-    x-displayName: Agent Pools
-  - name: ApiToken
-    x-displayName: API Tokens
-  - name: Application
-    x-displayName: Applications
-  - name: Authenticator
-    x-displayName: Authenticators
-  - name: AuthorizationServer
-    x-displayName: Authorization Servers
-  - name: Behavior
-    x-displayName: Behavior Rules
-  - name: Customization
-    x-displayName: Customizations
-  - name: CAPTCHA
-    x-displayName: CAPTCHAs
-  - name: Domain
-    x-displayName: Domains
-  - name: EventHook
-    x-displayName: Event Hooks
-  - name: Feature
-    x-displayName: Features
-  - name: Group
-    x-displayName: Groups
-  - name: IdentityProvider
-    x-displayName: Identity Providers
-  - name: InlineHook
-    x-displayName: Inline Hooks
-  - name: SystemLog
-    x-displayName: System Log
-  - name: ProfileMapping
-    x-displayName: Profile Mappings
-  - name: UserType
-    x-displayName: User Types
-  - name: Schema
-    x-displayName: Schemas
-  - name: LinkedObject
-    x-displayName: Linked Objects
-  - name: OrgSetting
-    x-displayName: Org Settings
-  - name: Policy
-    x-displayName: Policies
-  - name: PrincipalRateLimit
-    x-displayName: Principal Rate Limits
-  - name: PushProvider
-    x-displayName: Push Providers
-  - name: Session
-    x-displayName: Sessions
-  - name: Subscription
-    x-displayName: Subscriptions
-  - name: Template
-    x-displayName: SMS Templates
-  - name: ThreatInsight
-    x-displayName: ThreatInsight
-  - name: TrustedOrigin
-    x-displayName: Trusted Origins
-  - name: User
-    x-displayName: Users
-  - name: UserFactor
-    x-displayName: Factors
-  - name: NetworkZone
-    x-displayName: Network Zones
-  - name: DeviceAssurance
-    x-displayName: Device Assurance Policies
-x-tagGroups:
-  - name: User Directory
-    tags:
-      - User
-      - Group
-      - UserType
-      - Schema
-      - LinkedObject
-      - ProfileMapping
-  - name: Security
-    tags:
-      - ApiToken
-      - Application
-      - Authenticator
-      - AuthorizationServer
-      - Behavior
-      - CAPTCHA
-      - DeviceAssurance
-      - IdentityProvider
-      - Policy
-      - PushProvider
-      - Session
-      - ThreatInsight
-      - TrustedOrigin
-      - UserFactor
-      - NetworkZone
-  - name: Customization
-    tags:
-      - Customization
-      - Domain
-      - Template
-  - name: Rate Limits
-    tags:
-      - PrincipalRateLimit
-  - name: Other
-    tags:
-      - AgentPools
-      - EventHook
-      - Feature
-      - InlineHook
-      - OrgSetting
-      - SystemLog
-      - Subscription
-paths:
-  /api/v1/agentPools:
-    get:
-      summary: List all Agent Pools
-      description: Fetches AgentPools based on request parameters for a given org
-      operationId: getAgentPools
-      parameters:
-        - $ref: '#/components/parameters/queryLimitPerPoolType'
-        - $ref: '#/components/parameters/queryPoolType'
-        - $ref: '#/components/parameters/queryAfter'
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/AgentPool'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.agentPools.read
-      tags:
-        - AgentPools
-  /api/v1/agentPools/{poolId}/updates:
-    get:
-      summary: List all Agent Pool updates
-      description: Gets List of Agent pool updates
-      operationId: getAgentPoolsUpdates
-      parameters:
-        - $ref: '#/components/parameters/pathPoolId'
-        - $ref: '#/components/parameters/queryScheduled'
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/AgentPoolUpdate'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.agentPools.read
-      tags:
-        - AgentPools
-    post:
-      summary: Create an Agent Pool update
-      description: Creates an Agent pool update \n For user flow 2 manual update, starts the update immediately. \n For user flow 3, schedules the update based on the configured update window and delay.
-      operationId: createAgentPoolsUpdate
-      parameters:
-        - $ref: '#/components/parameters/pathPoolId'
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/AgentPoolUpdate'
-        required: true
-      responses:
-        '201':
-          description: Created
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/AgentPoolUpdate'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.agentPools.manage
-      tags:
-        - AgentPools
-  /api/v1/agentPools/{poolId}/updates/settings:
-    parameters:
-      - $ref: '#/components/parameters/pathPoolId'
-    get:
-      summary: Retrieve an Agent Pool update's settings
-      description: Gets the current state of the agent pool update instance settings
-      operationId: getAgentPoolsUpdateSettings
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/AgentPoolUpdateSetting'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.agentPools.read
-      tags:
-        - AgentPools
-    post:
-      summary: Update an Agent pool update settings
-      description: Updates Agent pool update settings
-      operationId: setAgentPoolsUpdateSettings
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/AgentPoolUpdateSetting'
-        required: true
-      responses:
-        '201':
-          description: Updated
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/AgentPoolUpdateSetting'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.agentPools.manage
-      tags:
-        - AgentPools
-  /api/v1/agentPools/{poolId}/updates/{updateId}:
-    parameters:
-      - $ref: '#/components/parameters/pathPoolId'
-      - $ref: '#/components/parameters/pathUpdateId'
-    get:
-      summary: Retrieve an Agent Pool update by id
-      description: Gets Agent pool update from updateId
-      operationId: getAgentPoolsUpdateInstance
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/AgentPoolUpdate'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.agentPools.read
-      tags:
-        - AgentPools
-    post:
-      summary: Update an Agent Pool update by id
-      description: Updates Agent pool update and return latest agent pool update
-      operationId: updateAgentPoolsUpdate
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/AgentPoolUpdate'
-        required: true
-      responses:
-        '201':
-          description: Updated
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/AgentPoolUpdate'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.agentPools.manage
-      tags:
-        - AgentPools
-    delete:
-      summary: Delete an Agent Pool update
-      description: Deletes Agent pool update
-      operationId: deleteAgentPoolsUpdate
-      responses:
-        '204':
-          description: Deleted
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.agentPools.manage
-      tags:
-        - AgentPools
-  /api/v1/agentPools/{poolId}/updates/{updateId}/activate:
-    parameters:
-      - $ref: '#/components/parameters/pathPoolId'
-      - $ref: '#/components/parameters/pathUpdateId'
-    post:
-      summary: Activate an Agent Pool update
-      description: Activates scheduled Agent pool update
-      operationId: activateAgentPoolsUpdate
-      responses:
-        '201':
-          description: Activated
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/AgentPoolUpdate'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.agentPools.manage
-      tags:
-        - AgentPools
-  /api/v1/agentPools/{poolId}/updates/{updateId}/deactivate:
-    parameters:
-      - $ref: '#/components/parameters/pathPoolId'
-      - $ref: '#/components/parameters/pathUpdateId'
-    post:
-      summary: Deactivate an Agent Pool update
-      description: Deactivates scheduled Agent pool update
-      operationId: deactivateAgentPoolsUpdate
-      responses:
-        '201':
-          description: Deactivated
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/AgentPoolUpdate'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.agentPools.manage
-      tags:
-        - AgentPools
-  /api/v1/agentPools/{poolId}/updates/{updateId}/pause:
-    parameters:
-      - $ref: '#/components/parameters/pathPoolId'
-      - $ref: '#/components/parameters/pathUpdateId'
-    post:
-      summary: Pause an Agent Pool update
-      description: Pauses running or queued Agent pool update
-      operationId: pauseAgentPoolsUpdate
-      responses:
-        '201':
-          description: Paused
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/AgentPoolUpdate'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.agentPools.manage
-      tags:
-        - AgentPools
-  /api/v1/agentPools/{poolId}/updates/{updateId}/resume:
-    parameters:
-      - $ref: '#/components/parameters/pathPoolId'
-      - $ref: '#/components/parameters/pathUpdateId'
-    post:
-      summary: Resume an Agent Pool update
-      description: Resumes running or queued Agent pool update
-      operationId: resumeAgentPoolsUpdate
-      responses:
-        '201':
-          description: Resumed
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/AgentPoolUpdate'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.agentPools.manage
-      tags:
-        - AgentPools
-  /api/v1/agentPools/{poolId}/updates/{updateId}/retry:
-    parameters:
-      - $ref: '#/components/parameters/pathPoolId'
-      - $ref: '#/components/parameters/pathUpdateId'
-    post:
-      summary: Retry an Agent Pool update
-      description: Retries Agent pool update
-      operationId: retryAgentPoolsUpdate
-      responses:
-        '201':
-          description: Retried
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/AgentPoolUpdate'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.agentPools.manage
-      tags:
-        - AgentPools
-  /api/v1/agentPools/{poolId}/updates/{updateId}/stop:
-    parameters:
-      - $ref: '#/components/parameters/pathPoolId'
-      - $ref: '#/components/parameters/pathUpdateId'
-    post:
-      summary: Stop an Agent Pool update
-      description: Stops Agent pool update
-      operationId: stopAgentPoolsUpdate
-      responses:
-        '201':
-          description: Stopped
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/AgentPoolUpdate'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.agentPools.manage
-      tags:
-        - AgentPools
-  /api/v1/api-tokens:
-    get:
-      summary: List all API Token Metadata
-      description: Enumerates the metadata of the active API tokens in your organization.
-      operationId: listApiTokens
-      parameters:
-        - $ref: '#/components/parameters/queryAfter'
-        - $ref: '#/components/parameters/queryLimit'
-        - name: q
-          in: query
-          description: Finds a token that matches the name or clientName.
-          schema:
-            type: string
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/ApiToken'
-              examples:
-                List Tokens:
-                  $ref: '#/components/examples/ApiTokenListMetadataResponse'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apiTokens.read
-      tags:
-        - ApiToken
-  /api/v1/api-tokens/current:
-    delete:
-      summary: Revoke the Current API Token
-      description: Revokes the API token provided in the Authorization header.
-      operationId: revokeCurrentApiToken
-      responses:
-        '204':
-          description: No Content
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-      tags:
-        - ApiToken
-  /api/v1/api-tokens/{apiTokenId}:
-    parameters:
-      - $ref: '#/components/parameters/pathApiTokenId'
-    get:
-      summary: Retrieve an API Token's Metadata
-      description: Get the metadata for an active API token by id.
-      operationId: getApiToken
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ApiToken'
-              examples:
-                HCaptcha:
-                  $ref: '#/components/examples/ApiTokenMetadataResponse'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apiTokens.read
-      tags:
-        - ApiToken
-    delete:
-      summary: Revoke an API Token
-      description: Revoke an API token by id.
-      operationId: revokeApiToken
-      responses:
-        '204':
-          description: No Content
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apiTokens.manage
-      tags:
-        - ApiToken
-  /api/v1/apps:
-    get:
-      summary: List all Applications
-      description: Enumerates apps added to your organization with pagination. A subset of apps can be returned that match a supported filter expression or query.
-      operationId: listApplications
-      parameters:
-        - name: q
-          in: query
-          schema:
-            type: string
-        - name: after
-          in: query
-          description: Specifies the pagination cursor for the next page of apps
-          schema:
-            type: string
-        - name: limit
-          in: query
-          description: Specifies the number of results for a page
-          schema:
-            type: integer
-            format: int32
-            default: -1
-        - name: filter
-          in: query
-          description: Filters apps by status, user.id, group.id or credentials.signing.kid expression
-          schema:
-            type: string
-        - name: expand
-          in: query
-          description: Traverses users link relationship and optionally embeds Application User resource
-          schema:
-            type: string
-        - name: includeNonDeleted
-          in: query
-          schema:
-            type: boolean
-            default: false
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/Application'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.read
-      tags:
-        - Application
-    post:
-      summary: Create an Application
-      description: Adds a new application to your Okta organization.
-      operationId: createApplication
-      parameters:
-        - name: activate
-          in: query
-          description: Executes activation lifecycle operation when creating the app
-          schema:
-            type: boolean
-            default: true
-        - name: OktaAccessGateway-Agent
-          in: header
-          schema:
-            type: string
-      x-codegen-request-body-name: application
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/Application'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Application'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.manage
-      tags:
-        - Application
-  /api/v1/apps/{appId}:
-    get:
-      summary: Retrieve an Application
-      description: Fetches an application from your Okta organization by `id`.
-      operationId: getApplication
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: expand
-          in: query
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Application'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.read
-      tags:
-        - Application
-    put:
-      summary: Replace an Application
-      description: Updates an application in your organization.
-      operationId: updateApplication
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: application
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/Application'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Application'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.manage
-      tags:
-        - Application
-    delete:
-      summary: Delete an Application
-      description: Removes an inactive application.
-      operationId: deleteApplication
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.manage
-      tags:
-        - Application
-  /api/v1/apps/{appId}/connections/default:
-    get:
-      summary: Retrieve the default Provisioning Connection
-      description: Get default Provisioning Connection for application
-      operationId: getDefaultProvisioningConnectionForApplication
-      parameters:
-        - in: path
-          name: appId
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ProvisioningConnection'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.read
-      tags:
-        - Application
-    post:
-      summary: Update the default Provisioning Connection
-      description: Set default Provisioning Connection for application
-      operationId: setDefaultProvisioningConnectionForApplication
-      parameters:
-        - in: path
-          name: appId
-          required: true
-          schema:
-            type: string
-        - in: query
-          name: activate
-          schema:
-            type: boolean
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/ProvisioningConnectionRequest'
-        required: true
-      responses:
-        '201':
-          description: Created
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ProvisioningConnection'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.manage
-      tags:
-        - Application
-  /api/v1/apps/{appId}/connections/default/lifecycle/activate:
-    post:
-      summary: Activate the default Provisioning Connection
-      description: Activates the default Provisioning Connection for an application.
-      operationId: activateDefaultProvisioningConnectionForApplication
-      parameters:
-        - in: path
-          name: appId
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.manage
-      tags:
-        - Application
-  /api/v1/apps/{appId}/connections/default/lifecycle/deactivate:
-    post:
-      summary: Deactivate the default Provisioning Connection for an Application
-      description: Deactivates the default Provisioning Connection for an application.
-      operationId: deactivateDefaultProvisioningConnectionForApplication
-      parameters:
-        - in: path
-          name: appId
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.manage
-      tags:
-        - Application
-  /api/v1/apps/{appId}/credentials/csrs:
-    get:
-      summary: List all Certificate Signing Requests
-      description: Enumerates Certificate Signing Requests for an application
-      operationId: listCsrsForApplication
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/Csr'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.read
-      tags:
-        - Application
-    post:
-      summary: Generate a Certificate Signing Request
-      description: Generates a new key pair and returns the Certificate Signing Request for it.
-      operationId: generateCsrForApplication
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: metadata
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/CsrMetadata'
-        required: true
-      responses:
-        '201':
-          description: Created
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Csr'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.manage
-      tags:
-        - Application
-  /api/v1/apps/{appId}/credentials/csrs/{csrId}:
-    get:
-      summary: Retrieve a Certificate Signing Request
-      description: Fetches a certificate signing request for the app by `id`.
-      operationId: getCsrForApplication
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: csrId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Csr'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.read
-      tags:
-        - Application
-    delete:
-      summary: Revoke a Certificate Signing Request
-      description: Revokes a certificate signing request and deletes the key pair from the application.
-      operationId: revokeCsrFromApplication
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: csrId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.manage
-      tags:
-        - Application
-  /api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish:
-    post:
-      summary: Publish a Certificate Signing Request
-      description: Updates a certificate signing request for the app with a signed X.509 certificate and adds it into the application key credentials
-      operationId: publishCsrFromApplication
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: csrId
-          in: path
-          required: true
-          schema:
-            type: string
-      requestBody:
-        required: true
-        content:
-          application/x-x509-ca-cert:
-            schema:
-              type: string
-              format: binary
-              x-okta-operationId: publishBinaryCerCert
-          application/pkix-cert:
-            schema:
-              type: string
-              format: binary
-              x-okta-operationId: publishBinaryDerCert
-          application/x-pem-file:
-            schema:
-              type: string
-              format: binary
-              x-okta-operationId: publishBinaryPemCert
-      responses:
-        '201':
-          description: Created
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/JsonWebKey'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.manage
-      tags:
-        - Application
-  /api/v1/apps/{appId}/credentials/keys:
-    get:
-      summary: List all Key Credentials
-      description: Enumerates key credentials for an application
-      operationId: listApplicationKeys
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/JsonWebKey'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.read
-      tags:
-        - Application
-  /api/v1/apps/{appId}/credentials/keys/generate:
-    post:
-      summary: Generate a Key Credential
-      description: Generates a new X.509 certificate for an application key credential
-      operationId: generateApplicationKey
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: validityYears
-          in: query
-          schema:
-            type: integer
-      responses:
-        '201':
-          description: Created
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/JsonWebKey'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.manage
-      tags:
-        - Application
-  /api/v1/apps/{appId}/credentials/keys/{keyId}:
-    get:
-      summary: Retrieve a Key Credential
-      description: Gets a specific application key credential by kid
-      operationId: getApplicationKey
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: keyId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/JsonWebKey'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.read
-      tags:
-        - Application
-  /api/v1/apps/{appId}/credentials/keys/{keyId}/clone:
-    post:
-      summary: Clone a Key Credential
-      description: Clones a X.509 certificate for an application key credential from a source application to target application.
-      operationId: cloneApplicationKey
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: keyId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: targetAid
-          in: query
-          description: Unique key of the target Application
-          required: true
-          schema:
-            type: string
-      responses:
-        '201':
-          description: Created
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/JsonWebKey'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.manage
-      tags:
-        - Application
-  /api/v1/apps/{appId}/features:
-    get:
-      summary: List all Features
-      description: List Features for application
-      operationId: listFeaturesForApplication
-      parameters:
-        - in: path
-          name: appId
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                items:
-                  $ref: '#/components/schemas/ApplicationFeature'
-                type: array
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.read
-      tags:
-        - Application
-  /api/v1/apps/{appId}/features/{name}:
-    get:
-      summary: Retrieve a Feature
-      description: Fetches a Feature object for an application.
-      operationId: getFeatureForApplication
-      parameters:
-        - in: path
-          name: appId
-          required: true
-          schema:
-            type: string
-        - in: path
-          name: name
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ApplicationFeature'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.read
-      tags:
-        - Application
-    put:
-      summary: Update a Feature
-      description: Updates a Feature object for an application.
-      operationId: updateFeatureForApplication
-      parameters:
-        - in: path
-          name: appId
-          required: true
-          schema:
-            type: string
-        - in: path
-          name: name
-          required: true
-          schema:
-            type: string
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/CapabilitiesObject'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ApplicationFeature'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.manage
-      tags:
-        - Application
-  /api/v1/apps/{appId}/grants:
-    get:
-      summary: List all Scope Consent Grants
-      description: Lists all scope consent grants for the application
-      operationId: listScopeConsentGrants
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: expand
-          in: query
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-      tags:
-        - Application
-    post:
-      summary: Grant Consent to Scope
-      description: Grants consent for the application to request an OAuth 2.0 Okta scope
-      operationId: grantConsentToScope
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: oAuth2ScopeConsentGrant
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
-        required: true
-      responses:
-        '201':
-          description: Created
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-      tags:
-        - Application
-  /api/v1/apps/{appId}/grants/{grantId}:
-    get:
-      summary: Retrieve a Scope Consent Grant
-      description: Fetches a single scope consent grant for the application
-      operationId: getScopeConsentGrant
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: grantId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: expand
-          in: query
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-      tags:
-        - Application
-    delete:
-      summary: Revoke a Scope Consent Grant
-      description: Revokes permission for the application to request the given scope
-      operationId: revokeScopeConsentGrant
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: grantId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-      tags:
-        - Application
-  /api/v1/apps/{appId}/groups:
-    get:
-      summary: List all Assigned Groups
-      description: Enumerates group assignments for an application.
-      operationId: listApplicationGroupAssignments
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: q
-          in: query
-          schema:
-            type: string
-        - name: after
-          in: query
-          description: Specifies the pagination cursor for the next page of assignments
-          schema:
-            type: string
-        - name: limit
-          in: query
-          description: Specifies the number of results for a page
-          schema:
-            type: integer
-            format: int32
-            default: -1
-        - name: expand
-          in: query
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/ApplicationGroupAssignment'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.read
-      tags:
-        - Application
-  /api/v1/apps/{appId}/groups/{groupId}:
-    get:
-      summary: Retrieve an Assigned Group
-      description: Fetches an application group assignment
-      operationId: getApplicationGroupAssignment
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: expand
-          in: query
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ApplicationGroupAssignment'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.read
-      tags:
-        - Application
-    put:
-      summary: Assign a Group
-      description: Assigns a group to an application
-      operationId: createApplicationGroupAssignment
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: applicationGroupAssignment
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/ApplicationGroupAssignment'
-        required: false
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ApplicationGroupAssignment'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.manage
-      tags:
-        - Application
-    delete:
-      summary: Unassign a Group
-      description: Removes a group assignment from an application.
-      operationId: deleteApplicationGroupAssignment
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.manage
-      tags:
-        - Application
-  /api/v1/apps/{appId}/lifecycle/activate:
-    post:
-      summary: Activate an Application
-      description: Activates an inactive application.
-      operationId: activateApplication
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.manage
-      tags:
-        - Application
-  /api/v1/apps/{appId}/lifecycle/deactivate:
-    post:
-      summary: Deactivate an Application
-      description: Deactivates an active application.
-      operationId: deactivateApplication
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.manage
-      tags:
-        - Application
-  /api/v1/apps/{appId}/logo:
-    post:
-      summary: Upload a Logo
-      description: The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.
-      operationId: uploadApplicationLogo
-      parameters:
-        - in: path
-          name: appId
-          required: true
-          schema:
-            type: string
-      requestBody:
-        content:
-          multipart/form-data:
-            schema:
-              type: object
-              properties:
-                file:
-                  type: string
-                  format: binary
-              required:
-                - file
-      responses:
-        '201':
-          description: Created
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.manage
-      tags:
-        - Application
-  /api/v1/apps/{appId}/tokens:
-    get:
-      summary: List all OAuth 2.0 Tokens
-      description: Lists all tokens for the application
-      operationId: listOAuth2TokensForApplication
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: expand
-          in: query
-          schema:
-            type: string
-        - name: after
-          in: query
-          schema:
-            type: string
-        - name: limit
-          in: query
-          schema:
-            type: integer
-            format: int32
-            default: 20
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/OAuth2Token'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.read
-      tags:
-        - Application
-    delete:
-      summary: Revoke all OAuth 2.0 Tokens
-      description: Revokes all tokens for the specified application
-      operationId: revokeOAuth2TokensForApplication
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.manage
-      tags:
-        - Application
-  /api/v1/apps/{appId}/tokens/{tokenId}:
-    get:
-      summary: Retrieve an OAuth 2.0 Token
-      description: Gets a token for the specified application
-      operationId: getOAuth2TokenForApplication
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: tokenId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: expand
-          in: query
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OAuth2Token'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.read
-      tags:
-        - Application
-    delete:
-      summary: Revoke an OAuth 2.0 Token
-      description: Revokes the specified token for the specified application
-      operationId: revokeOAuth2TokenForApplication
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: tokenId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.manage
-      tags:
-        - Application
-  /api/v1/apps/{appId}/users:
-    get:
-      summary: List all Assigned Users
-      description: Enumerates all assigned [application users](#application-user-model) for an application.
-      operationId: listApplicationUsers
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: q
-          in: query
-          schema:
-            type: string
-        - name: query_scope
-          in: query
-          schema:
-            type: string
-        - name: after
-          in: query
-          description: specifies the pagination cursor for the next page of assignments
-          schema:
-            type: string
-        - name: limit
-          in: query
-          description: specifies the number of results for a page
-          schema:
-            type: integer
-            format: int32
-            default: -1
-        - name: filter
-          in: query
-          schema:
-            type: string
-        - name: expand
-          in: query
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/AppUser'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.read
-      tags:
-        - Application
-    post:
-      summary: Assign a User
-      description: Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.
-      operationId: assignUserToApplication
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: appUser
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/AppUser'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/AppUser'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.manage
-      tags:
-        - Application
-  /api/v1/apps/{appId}/users/{userId}:
-    get:
-      summary: Retrieve an Assigned User
-      description: Fetches a specific user assignment for application by `id`.
-      operationId: getApplicationUser
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: expand
-          in: query
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/AppUser'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.read
-      tags:
-        - Application
-    post:
-      summary: Update an Application Profile for Assigned User
-      description: Updates a user's profile for an application
-      operationId: updateApplicationUser
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: appUser
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/AppUser'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/AppUser'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.manage
-      tags:
-        - Application
-    delete:
-      summary: Unassign a User
-      description: Removes an assignment for a user from an application.
-      operationId: deleteApplicationUser
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: sendEmail
-          in: query
-          schema:
-            type: boolean
-            default: false
-          x-okta-added-version: 1.5.0
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.manage
-      tags:
-        - Application
-  /api/v1/authenticators:
-    get:
-      summary: List all Authenticators
-      description: Enumerates authenticators in your organization.
-      operationId: listAuthenticators
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                items:
-                  $ref: '#/components/schemas/Authenticator'
-                type: array
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authenticators.read
-      tags:
-        - Authenticator
-  /api/v1/authenticators/{authenticatorId}:
-    get:
-      summary: Retrieve an Authenticator
-      description: Fetches an authenticator from your Okta organization by `authenticatorId`.
-      operationId: getAuthenticator
-      parameters:
-        - in: path
-          name: authenticatorId
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Authenticator'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authenticators.read
-      tags:
-        - Authenticator
-    put:
-      summary: Replace an Authenticator
-      description: Updates an authenticator
-      operationId: updateAuthenticator
-      parameters:
-        - in: path
-          name: authenticatorId
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: authenticator
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/Authenticator'
-        required: true
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Authenticator'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authenticators.manage
-      tags:
-        - Authenticator
-  /api/v1/authenticators/{authenticatorId}/lifecycle/activate:
-    post:
-      summary: Activate an Authenticator
-      description: Activates an authenticator by `authenticatorId`.
-      operationId: activateAuthenticator
-      parameters:
-        - in: path
-          name: authenticatorId
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Authenticator'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authenticators.manage
-      tags:
-        - Authenticator
-  /api/v1/authenticators/{authenticatorId}/lifecycle/deactivate:
-    post:
-      summary: Deactivate an Authenticator
-      description: Deactivates an authenticator by `authenticatorId`.
-      operationId: deactivateAuthenticator
-      parameters:
-        - in: path
-          name: authenticatorId
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Authenticator'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authenticators.manage
-      tags:
-        - Authenticator
-  /api/v1/authorizationServers:
-    get:
-      summary: List all Authorization Servers
-      description: Success
-      operationId: listAuthorizationServers
-      parameters:
-        - name: q
-          in: query
-          schema:
-            type: string
-        - name: limit
-          in: query
-          schema:
-            type: string
-        - name: after
-          in: query
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/AuthorizationServer'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.read
-      tags:
-        - AuthorizationServer
-    post:
-      summary: Create an Authorization Server
-      description: Success
-      operationId: createAuthorizationServer
-      x-codegen-request-body-name: authorizationServer
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/AuthorizationServer'
-        required: true
-      responses:
-        '201':
-          description: Created
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/AuthorizationServer'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.manage
-      tags:
-        - AuthorizationServer
-  /api/v1/authorizationServers/{authServerId}:
-    get:
-      summary: Retrieve an Authorization Server
-      description: Success
-      operationId: getAuthorizationServer
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/AuthorizationServer'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.read
-      tags:
-        - AuthorizationServer
-    put:
-      summary: Replace an Authorization Server
-      description: Success
-      operationId: updateAuthorizationServer
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: authorizationServer
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/AuthorizationServer'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/AuthorizationServer'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.manage
-      tags:
-        - AuthorizationServer
-    delete:
-      summary: Delete an Authorization Server
-      description: Success
-      operationId: deleteAuthorizationServer
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.manage
-      tags:
-        - AuthorizationServer
-  /api/v1/authorizationServers/{authServerId}/claims:
-    get:
-      summary: List all Custom Token Claims
-      description: Success
-      operationId: listOAuth2Claims
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/OAuth2Claim'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.read
-      tags:
-        - AuthorizationServer
-    post:
-      summary: Create a Custom Token Claim
-      description: Success
-      operationId: createOAuth2Claim
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: oAuth2Claim
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/OAuth2Claim'
-        required: true
-      responses:
-        '201':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OAuth2Claim'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.manage
-      tags:
-        - AuthorizationServer
-  /api/v1/authorizationServers/{authServerId}/claims/{claimId}:
-    get:
-      summary: Retrieve a Custom Token Claim
-      description: Success
-      operationId: getOAuth2Claim
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: claimId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OAuth2Claim'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.read
-      tags:
-        - AuthorizationServer
-    put:
-      summary: Replace a Custom Token Claim
-      description: Success
-      operationId: updateOAuth2Claim
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: claimId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: oAuth2Claim
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/OAuth2Claim'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OAuth2Claim'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.manage
-      tags:
-        - AuthorizationServer
-    delete:
-      summary: Delete a Custom Token Claim
-      description: Success
-      operationId: deleteOAuth2Claim
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: claimId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.manage
-      tags:
-        - AuthorizationServer
-  /api/v1/authorizationServers/{authServerId}/clients:
-    get:
-      summary: List all Clients
-      description: Success
-      operationId: listOAuth2ClientsForAuthorizationServer
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/OAuth2Client'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.read
-      tags:
-        - AuthorizationServer
-  /api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens:
-    get:
-      summary: List all Refresh Tokens for a Client
-      description: Success
-      operationId: listRefreshTokensForAuthorizationServerAndClient
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: clientId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: expand
-          in: query
-          schema:
-            type: string
-        - name: after
-          in: query
-          schema:
-            type: string
-        - name: limit
-          in: query
-          schema:
-            type: integer
-            format: int32
-            default: -1
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/OAuth2RefreshToken'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.read
-      tags:
-        - AuthorizationServer
-    delete:
-      summary: Revoke all Refresh Tokens for a Client
-      description: Success
-      operationId: revokeRefreshTokensForAuthorizationServerAndClient
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: clientId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.manage
-      tags:
-        - AuthorizationServer
-  /api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}:
-    get:
-      summary: Retrieve a Refresh Token for a Client
-      description: Success
-      operationId: getRefreshTokenForAuthorizationServerAndClient
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: clientId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: tokenId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: expand
-          in: query
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OAuth2RefreshToken'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.read
-      tags:
-        - AuthorizationServer
-    delete:
-      summary: Revoke a Refresh Token for a Client
-      description: Success
-      operationId: revokeRefreshTokenForAuthorizationServerAndClient
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: clientId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: tokenId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.manage
-      tags:
-        - AuthorizationServer
-  /api/v1/authorizationServers/{authServerId}/credentials/keys:
-    get:
-      summary: List all Credential Keys
-      description: Success
-      operationId: listAuthorizationServerKeys
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/JsonWebKey'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.read
-      tags:
-        - AuthorizationServer
-  /api/v1/authorizationServers/{authServerId}/credentials/lifecycle/keyRotate:
-    post:
-      summary: Rotate all Credential Keys
-      description: Success
-      operationId: rotateAuthorizationServerKeys
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: use
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/JwkUse'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/JsonWebKey'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.manage
-      tags:
-        - AuthorizationServer
-  /api/v1/authorizationServers/{authServerId}/lifecycle/activate:
-    post:
-      summary: Activate an Authorization Server
-      description: Success
-      operationId: activateAuthorizationServer
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.manage
-      tags:
-        - AuthorizationServer
-  /api/v1/authorizationServers/{authServerId}/lifecycle/deactivate:
-    post:
-      summary: Deactivate an Authorization Server
-      description: Success
-      operationId: deactivateAuthorizationServer
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.manage
-      tags:
-        - AuthorizationServer
-  /api/v1/authorizationServers/{authServerId}/policies:
-    get:
-      summary: List all Policies
-      description: Success
-      operationId: listAuthorizationServerPolicies
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/AuthorizationServerPolicy'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.read
-      tags:
-        - AuthorizationServer
-    post:
-      summary: Create a Policy
-      description: Success
-      operationId: createAuthorizationServerPolicy
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: policy
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/AuthorizationServerPolicy'
-        required: true
-      responses:
-        '201':
-          description: Created
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/AuthorizationServerPolicy'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.manage
-      tags:
-        - AuthorizationServer
-  /api/v1/authorizationServers/{authServerId}/policies/{policyId}:
-    get:
-      summary: Retrieve a Policy
-      description: Success
-      operationId: getAuthorizationServerPolicy
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: policyId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/AuthorizationServerPolicy'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.read
-      tags:
-        - AuthorizationServer
-    put:
-      summary: Replace a Policy
-      description: Success
-      operationId: updateAuthorizationServerPolicy
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: policyId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: policy
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/AuthorizationServerPolicy'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/AuthorizationServerPolicy'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.manage
-      tags:
-        - AuthorizationServer
-    delete:
-      summary: Delete a Policy
-      description: Success
-      operationId: deleteAuthorizationServerPolicy
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: policyId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.manage
-      tags:
-        - AuthorizationServer
-  /api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/activate:
-    post:
-      summary: Activate a Policy
-      description: Activate Authorization Server Policy
-      operationId: activateAuthorizationServerPolicy
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: policyId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.manage
-      tags:
-        - AuthorizationServer
-  /api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/deactivate:
-    post:
-      summary: Deactivate a Policy
-      description: Deactivate Authorization Server Policy
-      operationId: deactivateAuthorizationServerPolicy
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: policyId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.manage
-      tags:
-        - AuthorizationServer
-  /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules:
-    get:
-      summary: List all Policy Rules
-      description: Enumerates all policy rules for the specified Custom Authorization Server and Policy.
-      operationId: listAuthorizationServerPolicyRules
-      parameters:
-        - name: policyId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/AuthorizationServerPolicyRule'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.read
-      tags:
-        - AuthorizationServer
-    post:
-      summary: Create a Policy Rule
-      description: Creates a policy rule for the specified Custom Authorization Server and Policy.
-      operationId: createAuthorizationServerPolicyRule
-      parameters:
-        - name: policyId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: policyRule
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/AuthorizationServerPolicyRule'
-        required: true
-      responses:
-        '201':
-          description: Created
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/AuthorizationServerPolicyRule'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.manage
-      tags:
-        - AuthorizationServer
-  /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}:
-    get:
-      summary: Retrieve a Policy Rule
-      description: Returns a Policy Rule by ID that is defined in the specified Custom Authorization Server and Policy.
-      operationId: getAuthorizationServerPolicyRule
-      parameters:
-        - name: policyId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: ruleId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/AuthorizationServerPolicyRule'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.read
-      tags:
-        - AuthorizationServer
-    put:
-      summary: Replace a Policy Rule
-      description: Updates the configuration of the Policy Rule defined in the specified Custom Authorization Server and Policy.
-      operationId: updateAuthorizationServerPolicyRule
-      parameters:
-        - name: policyId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: ruleId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: policyRule
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/AuthorizationServerPolicyRule'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/AuthorizationServerPolicyRule'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.manage
-      tags:
-        - AuthorizationServer
-    delete:
-      summary: Delete a Policy Rule
-      description: Deletes a Policy Rule defined in the specified Custom Authorization Server and Policy.
-      operationId: deleteAuthorizationServerPolicyRule
-      parameters:
-        - name: policyId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: ruleId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.manage
-      tags:
-        - AuthorizationServer
-  /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/activate:
-    post:
-      summary: Activate a Policy Rule
-      description: Activate Authorization Server Policy Rule
-      operationId: activateAuthorizationServerPolicyRule
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: policyId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: ruleId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.manage
-      tags:
-        - AuthorizationServer
-  /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate:
-    post:
-      summary: Deactivate a Policy Rule
-      description: Deactivate Authorization Server Policy Rule
-      operationId: deactivateAuthorizationServerPolicyRule
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: policyId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: ruleId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.manage
-      tags:
-        - AuthorizationServer
-  /api/v1/authorizationServers/{authServerId}/scopes:
-    get:
-      summary: List all Custom Token Scopes
-      description: Success
-      operationId: listOAuth2Scopes
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: q
-          in: query
-          schema:
-            type: string
-        - name: filter
-          in: query
-          schema:
-            type: string
-        - name: cursor
-          in: query
-          schema:
-            type: string
-        - name: limit
-          in: query
-          schema:
-            type: integer
-            format: int32
-            default: -1
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/OAuth2Scope'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.read
-      tags:
-        - AuthorizationServer
-    post:
-      summary: Create a Custom Token Scope
-      description: Success
-      operationId: createOAuth2Scope
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: oAuth2Scope
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/OAuth2Scope'
-        required: true
-      responses:
-        '201':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OAuth2Scope'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.manage
-      tags:
-        - AuthorizationServer
-  /api/v1/authorizationServers/{authServerId}/scopes/{scopeId}:
-    get:
-      summary: Retrieve a Custom Token Scope
-      description: Success
-      operationId: getOAuth2Scope
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: scopeId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OAuth2Scope'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.read
-      tags:
-        - AuthorizationServer
-    put:
-      summary: Replace a Custom Token Scope
-      description: Success
-      operationId: updateOAuth2Scope
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: scopeId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: oAuth2Scope
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/OAuth2Scope'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OAuth2Scope'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.manage
-      tags:
-        - AuthorizationServer
-    delete:
-      summary: Delete a Custom Token Scope
-      description: Success
-      operationId: deleteOAuth2Scope
-      parameters:
-        - name: authServerId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: scopeId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.authorizationServers.manage
-      tags:
-        - AuthorizationServer
-  /api/v1/behaviors:
-    get:
-      summary: List all Behavior Detection Rules
-      description: Enumerates Behavior Detection Rules in your organization with pagination.
-      operationId: listBehaviorDetectionRules
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/BehaviorRule'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.behaviors.read
-      tags:
-        - Behavior
-    post:
-      summary: Create a Behavior Detection Rule
-      description: Adds a new Behavior Detection Rule to your organization.
-      operationId: createBehaviorDetectionRule
-      x-codegen-request-body-name: rule
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/BehaviorRule'
-            examples:
-              BehaviorRuleRequest:
-                $ref: '#/components/examples/BehaviorRuleRequest'
-        required: true
-      responses:
-        '201':
-          description: Created
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/BehaviorRule'
-              examples:
-                BehaviorRuleReSponse:
-                  $ref: '#/components/examples/BehaviorRuleResponse'
-        '400':
-          description: Bad Request
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-              examples:
-                API Validation Failed:
-                  $ref: '#/components/examples/ErrorApiValidationFailed'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.behaviors.manage
-      tags:
-        - Behavior
-  /api/v1/behaviors/{behaviorId}:
-    parameters:
-      - $ref: '#/components/parameters/pathBehaviorId'
-    get:
-      summary: Retrieve a Behavior Detection Rule
-      description: Fetches a Behavior Detection Rule by `behaviorId`.
-      operationId: getBehaviorDetectionRule
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/BehaviorRule'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          description: Not Found
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-              examples:
-                Resource Not Found:
-                  $ref: '#/components/examples/ErrorResourceNotFound'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.behaviors.read
-      tags:
-        - Behavior
-    put:
-      summary: Replace a Behavior Detection Rule
-      description: Update a Behavior Detection Rule by `behaviorId`.
-      operationId: updateBehaviorDetectionRule
-      x-codegen-request-body-name: rule
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/BehaviorRule'
-            examples:
-              BehaviorRuleRequest:
-                $ref: '#/components/examples/BehaviorRuleRequest'
-        required: true
-      responses:
-        '200':
-          description: Created
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/BehaviorRule'
-              examples:
-                BehaviorRuleReSponse:
-                  $ref: '#/components/examples/BehaviorRuleResponse'
-        '400':
-          description: Bad Request
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-              examples:
-                API Validation Failed:
-                  $ref: '#/components/examples/ErrorApiValidationFailed'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          description: Not Found
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-              examples:
-                Resource Not Found:
-                  $ref: '#/components/examples/ErrorResourceNotFound'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.behaviors.manage
-      tags:
-        - Behavior
-    delete:
-      summary: Delete a Behavior Detection Rule
-      description: Delete a Behavior Detection Rule by `behaviorId`.
-      operationId: deleteBehaviorDetectionRule
-      responses:
-        '204':
-          description: No Content
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          description: Not Found
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-              examples:
-                Resource Not Found:
-                  $ref: '#/components/examples/ErrorResourceNotFound'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.behaviors.manage
-      tags:
-        - Behavior
-  /api/v1/behaviors/{behaviorId}/lifecycle/activate:
-    post:
-      summary: Activate a Behavior Detection Rule
-      description: Activate Behavior Detection Rule
-      operationId: activateBehaviorDetectionRule
-      parameters:
-        - $ref: '#/components/parameters/pathBehaviorId'
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/BehaviorRule'
-              examples:
-                BehaviorRuleReSponse:
-                  $ref: '#/components/examples/BehaviorRuleResponse'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.behaviors.manage
-      tags:
-        - Behavior
-  /api/v1/behaviors/{behaviorId}/lifecycle/deactivate:
-    post:
-      summary: Deactivate a Behavior Detection Rule
-      description: Deactivate Behavior Detection Rule
-      operationId: deactivateBehaviorDetectionRule
-      parameters:
-        - $ref: '#/components/parameters/pathBehaviorId'
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/BehaviorRule'
-              examples:
-                BehaviorRuleReSponse:
-                  $ref: '#/components/examples/BehaviorRuleResponse'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.behaviors.manage
-      tags:
-        - Behavior
-  /api/v1/brands:
-    get:
-      summary: List all Brands
-      description: List all the brands in your org.
-      operationId: listBrands
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/Brand'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.brands.read
-      tags:
-        - Customization
-  /api/v1/brands/{brandId}:
-    parameters:
-      - in: path
-        name: brandId
-        required: true
-        schema:
-          type: string
-    get:
-      summary: Retrieve a Brand
-      description: Fetches a brand by `brandId`
-      operationId: getBrand
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Brand'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          description: Not Found
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.brands.read
-      tags:
-        - Customization
-    put:
-      summary: Replace a Brand
-      description: Updates a brand by `brandId`
-      operationId: updateBrand
-      x-codegen-request-body-name: brand
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/Brand'
-        required: true
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Brand'
-        '400':
-          description: Bad Request
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.brands.manage
-      tags:
-        - Customization
-  /api/v1/brands/{brandId}/pages/error:
-    parameters:
-      - $ref: '#/components/parameters/pathBrandId'
-    get:
-      summary: Retrieve the Error Page
-      description: Retrieves the error page.
-      operationId: retrieveErrorPage
-      responses:
-        '200':
-          description: Successfully retrieved the error page.
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/CustomizablePage'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.brands.read
-      tags:
-        - Customization
-    put:
-      summary: Replace the Error Page
-      description: Replaces the error page.
-      operationId: replaceErrorPage
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/CustomizablePage'
-        required: true
-      responses:
-        '200':
-          description: Successfully replaced the error page.
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/CustomizablePage'
-        '400':
-          description: Bad Request
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.brands.manage
-      tags:
-        - Customization
-    delete:
-      summary: Reset the Error Page
-      description: Resets the error page.
-      operationId: resetErrorPage
-      responses:
-        '204':
-          description: Successfully reset the error page.
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.brands.manage
-      tags:
-        - Customization
-  /api/v1/brands/{brandId}/pages/error/preview:
-    parameters:
-      - $ref: '#/components/parameters/pathBrandId'
-    post:
-      summary: Preview the Error Page
-      description: Previews the error page.
-      operationId: previewErrorPage
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/CustomizablePage'
-        required: true
-      responses:
-        '200':
-          description: Successfully previewed the error page.
-          content:
-            text/html:
-              schema:
-                type: string
-        '400':
-          description: Bad Request
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.brands.read
-      tags:
-        - Customization
-  /api/v1/brands/{brandId}/pages/sign-in:
-    parameters:
-      - $ref: '#/components/parameters/pathBrandId'
-    get:
-      summary: Retrieve the Sign-in Page
-      description: Retrieves the sign-in page.
-      operationId: retrieveSignInPage
-      responses:
-        '200':
-          description: Successfully retrieved the sign-in page.
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/SignInPage'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.brands.read
-      tags:
-        - Customization
-    put:
-      summary: Replace the Sign-in Page
-      description: Replaces the sign-in page.
-      operationId: replaceSignInPage
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/SignInPage'
-        required: true
-      responses:
-        '200':
-          description: Successfully replaced the sign-in page.
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/SignInPage'
-        '400':
-          description: Bad Request
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.brands.manage
-      tags:
-        - Customization
-    delete:
-      summary: Reset the Sign-in Page
-      description: Reset the sign-in page.
-      operationId: resetSignInPage
-      responses:
-        '204':
-          description: Successfully reset the sign-in page.
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.brands.manage
-      tags:
-        - Customization
-  /api/v1/brands/{brandId}/pages/sign-in/preview:
-    parameters:
-      - $ref: '#/components/parameters/pathBrandId'
-    post:
-      summary: Preview the Sign-in Page.
-      description: Preview the sign-in page.
-      operationId: previewSignInPage
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/SignInPage'
-        required: true
-      responses:
-        '200':
-          description: Successfully previewed the sign-in page.
-          content:
-            text/html:
-              schema:
-                type: string
-        '400':
-          description: Bad Request
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.brands.read
-      tags:
-        - Customization
-  /api/v1/brands/{brandId}/pages/sign-in/widget-versions:
-    parameters:
-      - $ref: '#/components/parameters/pathBrandId'
-    get:
-      summary: List all Sign-in Widget Versions
-      description: List all sign-in widget versions.
-      operationId: listAllSignInWidgetVersions
-      responses:
-        '200':
-          description: Successfully listed the sign-in widget versions.
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  type: string
-                  pattern: ^\d+\.\d+$
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.brands.read
-      tags:
-        - Customization
-  /api/v1/brands/{brandId}/pages/sign-out:
-    parameters:
-      - $ref: '#/components/parameters/pathBrandId'
-    get:
-      summary: Retrieve the Sign-out Page Settings
-      description: Retrieves the sign-out page settings.
-      operationId: retrieveSignOutPageSettings
-      responses:
-        '200':
-          description: Successfully retrieved the sign-out page settings.
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/HostedPage'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.brands.read
-      tags:
-        - Customization
-    put:
-      summary: Replace the Sign-out Page Settings
-      description: Replaces the sign-out page settings.
-      operationId: replaceSignOutPageSettings
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/HostedPage'
-        required: true
-      responses:
-        '200':
-          description: Successfully replaced the sign-out page settings.
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/HostedPage'
-        '400':
-          description: Bad Request
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.brands.manage
-      tags:
-        - Customization
-  /api/v1/brands/{brandId}/templates/email:
-    parameters:
-      - $ref: '#/components/parameters/pathBrandId'
-    get:
-      summary: List all Email Templates
-      description: Lists all email templates.
-      operationId: listEmailTemplates
-      parameters:
-        - $ref: '#/components/parameters/queryAfter'
-        - $ref: '#/components/parameters/queryLimit'
-        - $ref: '#/components/parameters/queryExpandEmailTemplate'
-      responses:
-        '200':
-          description: Successfully returned the list of email templates.
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/EmailTemplate'
-              examples:
-                List email templates response:
-                  $ref: '#/components/examples/ListEmailTemplateResponse'
-          headers:
-            Link:
-              schema:
-                type: string
-              description: The pagination header containing links to the current and next page of results. See [Pagination](https://developer.okta.com/docs/reference/core-okta-api/#pagination) for more information.
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.templates.read
-      tags:
-        - Customization
-  /api/v1/brands/{brandId}/templates/email/{templateName}:
-    parameters:
-      - $ref: '#/components/parameters/pathBrandId'
-      - $ref: '#/components/parameters/pathTemplateName'
-    get:
-      summary: Retrieve an Email Template
-      description: Gets the details of an email template by name.
-      operationId: getEmailTemplate
-      parameters:
-        - $ref: '#/components/parameters/queryExpandEmailTemplate'
-      responses:
-        '200':
-          description: Successfully retrieved the email template.
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/EmailTemplate'
-              examples:
-                Get email template response:
-                  $ref: '#/components/examples/GetEmailTemplateResponse'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.templates.read
-      tags:
-        - Customization
-  /api/v1/brands/{brandId}/templates/email/{templateName}/customizations:
-    parameters:
-      - $ref: '#/components/parameters/pathBrandId'
-      - $ref: '#/components/parameters/pathTemplateName'
-    get:
-      summary: List all Email Customizations
-      description: Lists all customizations of an email template.
-      operationId: listEmailCustomizations
-      parameters:
-        - $ref: '#/components/parameters/queryAfter'
-        - $ref: '#/components/parameters/queryLimit'
-      responses:
-        '200':
-          description: Successfully retrieved all email customizations for the specified email template.
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/EmailCustomization'
-              examples:
-                List Email customizations response:
-                  $ref: '#/components/examples/ListEmailCustomizationResponse'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.templates.read
-      tags:
-        - Customization
-    post:
-      summary: Create an Email Customization
-      description: Creates a new email customization.
-      operationId: createEmailCustomization
-      x-codegen-request-body-name: instance
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/EmailCustomization'
-            examples:
-              Create email customization request:
-                $ref: '#/components/examples/CreateUpdateEmailCustomizationRequest'
-      responses:
-        '201':
-          description: Successfully created the email customization.
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/EmailCustomization'
-              examples:
-                Create email customization response:
-                  $ref: '#/components/examples/CreateUpdateEmailCustomizationResponse'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '409':
-          description: Could not create the email customization because it conflicts with an existing email customization.
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-              examples:
-                Default email customization already exists:
-                  $ref: '#/components/examples/ErrorEmailCustomizationDefaultAlreadyExists'
-                Email customization already exists for the specified language:
-                  $ref: '#/components/examples/ErrorEmailCustomizationLanguageAlreadyExists'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.templates.manage
-      tags:
-        - Customization
-    delete:
-      summary: Delete all Email Customizations
-      description: Deletes all customizations for an email template.
-      operationId: deleteAllCustomizations
-      responses:
-        '204':
-          description: Successfully deleted all customizations for the email template.
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.templates.manage
-      tags:
-        - Customization
-  /api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}:
-    parameters:
-      - $ref: '#/components/parameters/pathBrandId'
-      - $ref: '#/components/parameters/pathTemplateName'
-      - $ref: '#/components/parameters/pathCustomizationId'
-    get:
-      summary: Retrieve an Email Customization
-      description: Gets an email customization by its unique identifier.
-      operationId: getEmailCustomization
-      responses:
-        '200':
-          description: Successfully retrieved the email customization.
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/EmailCustomization'
-              examples:
-                Get email customization response:
-                  $ref: '#/components/examples/EmailCustomizationResponse'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.templates.read
-      tags:
-        - Customization
-    put:
-      summary: Replace an Email Customization
-      description: Updates an existing email customization using the property values provided.
-      operationId: updateEmailCustomization
-      x-codegen-request-body-name: instance
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/EmailCustomization'
-            examples:
-              Update email customization request:
-                $ref: '#/components/examples/CreateUpdateEmailCustomizationRequest'
-        description: Request
-      responses:
-        '200':
-          description: Successfully updated the email customization.
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/EmailCustomization'
-              examples:
-                Update email customization response:
-                  $ref: '#/components/examples/CreateUpdateEmailCustomizationResponse'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '409':
-          description: Could not update the email customization because the update would cause a conflict with an existing email customization.
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-              examples:
-                Default email customization already exists:
-                  $ref: '#/components/examples/ErrorEmailCustomizationDefaultAlreadyExists'
-                Email customization already exists for the specified language:
-                  $ref: '#/components/examples/ErrorEmailCustomizationLanguageAlreadyExists'
-                Cannot set the default email customization's isDefault to false:
-                  $ref: '#/components/examples/ErrorEmailCustomizationCannotClearDefault'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.templates.manage
-      tags:
-        - Customization
-    delete:
-      summary: Delete an Email Customization
-      description: Deletes an email customization by its unique identifier.
-      operationId: deleteEmailCustomization
-      responses:
-        '204':
-          description: Successfully deleted the email customization.
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '409':
-          description: Could not delete the email customization deleted because it is the default email customization.
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-              examples:
-                Cannot delete default email customization:
-                  $ref: '#/components/examples/ErrorEmailCustomizationCannotDeleteDefault'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.templates.manage
-      tags:
-        - Customization
-  /api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}/preview:
-    parameters:
-      - $ref: '#/components/parameters/pathBrandId'
-      - $ref: '#/components/parameters/pathTemplateName'
-      - $ref: '#/components/parameters/pathCustomizationId'
-    get:
-      summary: Preview an Email Customization
-      description: Generates a preview of an email customization. All variable references (e.g., `${user.profile.firstName}`) are populated using the current user's context.
-      operationId: getCustomizationPreview
-      responses:
-        '200':
-          description: Successfully generated a preview of the email customization.
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/EmailPreview'
-              examples:
-                Preview email customization response:
-                  $ref: '#/components/examples/PreviewEmailCustomizationResponse'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.templates.read
-      tags:
-        - Customization
-  /api/v1/brands/{brandId}/templates/email/{templateName}/default-content:
-    parameters:
-      - $ref: '#/components/parameters/pathBrandId'
-      - $ref: '#/components/parameters/pathTemplateName'
-    get:
-      summary: Retrieve an Email Template Default Content
-      description: Gets an email template's default content.
-      operationId: getEmailDefaultContent
-      parameters:
-        - $ref: '#/components/parameters/queryLanguage'
-      responses:
-        '200':
-          description: Successfully retrieved the email template's default content.
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/EmailDefaultContent'
-              examples:
-                Get email template default content response:
-                  $ref: '#/components/examples/EmailTemplateDefaultContentResponse'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.templates.read
-      tags:
-        - Customization
-  /api/v1/brands/{brandId}/templates/email/{templateName}/default-content/preview:
-    parameters:
-      - $ref: '#/components/parameters/pathBrandId'
-      - $ref: '#/components/parameters/pathTemplateName'
-    get:
-      summary: Preview the Email Template Default Content
-      description: Generates a preview of an email template's default content. All variable references (e.g., `${user.profile.firstName}`) are populated using the current user's context.
-      operationId: getEmailDefaultPreview
-      parameters:
-        - $ref: '#/components/parameters/queryLanguage'
-      responses:
-        '200':
-          description: Successfully generated a preview of the email template's default content.
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/EmailPreview'
-              examples:
-                Preview email template default content response:
-                  $ref: '#/components/examples/PreviewEmailTemplateDefaultContentResponse'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.templates.read
-      tags:
-        - Customization
-  /api/v1/brands/{brandId}/templates/email/{templateName}/settings:
-    parameters:
-      - $ref: '#/components/parameters/pathBrandId'
-      - $ref: '#/components/parameters/pathTemplateName'
-    get:
-      summary: Retrieve the Email Template Settings
-      description: Gets an email template's settings.
-      operationId: getEmailSettings
-      responses:
-        '200':
-          description: Successfully retrieved the email template's settings.
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/EmailSettings'
-              examples:
-                Get email template settings response:
-                  $ref: '#/components/examples/EmailSettingsResponse'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.templates.read
-      tags:
-        - Customization
-    put:
-      summary: Replace the Email Template Settings
-      description: Updates an email template's settings.
-      operationId: updateEmailSettings
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/EmailSettings'
-      responses:
-        '204':
-          description: Successfully updated the email template's settings.
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '422':
-          description: Could not update the email template's settings due to an invalid setting value.
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-              examples:
-                Invalid email template recipients:
-                  $ref: '#/components/examples/ErrorInvalidEmailTemplateRecipients'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.templates.manage
-      tags:
-        - Customization
-  /api/v1/brands/{brandId}/templates/email/{templateName}/test:
-    parameters:
-      - $ref: '#/components/parameters/pathBrandId'
-      - $ref: '#/components/parameters/pathTemplateName'
-    post:
-      summary: Send a Test Email
-      description: |-
-        Sends a test email to the current user’s primary and secondary email addresses. The email content is selected based on the following priority:
-        1. The email customization for the language specified in the `language` query parameter.
-        2. The email template's default customization.
-        3. The email template’s default content, translated to the current user's language.
-      operationId: sendTestEmail
-      parameters:
-        - $ref: '#/components/parameters/queryLanguage'
-      responses:
-        '204':
-          description: Successfully sent a test email.
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.templates.read
-      tags:
-        - Customization
-  /api/v1/brands/{brandId}/themes:
-    parameters:
-      - in: path
-        name: brandId
-        required: true
-        schema:
-          type: string
-    get:
-      summary: List all Themes
-      description: List all the themes in your brand
-      operationId: listBrandThemes
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/ThemeResponse'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.brands.read
-      tags:
-        - Customization
-  /api/v1/brands/{brandId}/themes/{themeId}:
-    parameters:
-      - in: path
-        name: brandId
-        required: true
-        schema:
-          type: string
-      - in: path
-        name: themeId
-        required: true
-        schema:
-          type: string
-    get:
-      summary: Retrieve a Theme
-      description: Fetches a theme for a brand
-      operationId: getBrandTheme
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ThemeResponse'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.brands.read
-      tags:
-        - Customization
-    put:
-      summary: Replace a Theme
-      description: Updates a theme for a brand
-      operationId: updateBrandTheme
-      x-codegen-request-body-name: theme
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/Theme'
-        required: true
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ThemeResponse'
-        '400':
-          description: Bad Request
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          description: Not Found
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.brands.manage
-      tags:
-        - Customization
-  /api/v1/brands/{brandId}/themes/{themeId}/background-image:
-    parameters:
-      - in: path
-        name: brandId
-        required: true
-        schema:
-          type: string
-      - in: path
-        name: themeId
-        required: true
-        schema:
-          type: string
-    post:
-      summary: Upload the Background Image
-      description: Updates the background image for your Theme
-      operationId: uploadBrandThemeBackgroundImage
-      requestBody:
-        content:
-          multipart/form-data:
-            schema:
-              type: object
-              description: The file must be in PNG, JPG, or GIF format and less than 2 MB in size.
-              properties:
-                file:
-                  type: string
-                  format: binary
-              required:
-                - file
-        description: background image file
-      responses:
-        '201':
-          description: Created
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ImageUploadResponse'
-        '400':
-          description: Bad Request
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          description: Not Found
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.brands.manage
-      tags:
-        - Customization
-    delete:
-      summary: Delete the Background Image
-      description: Deletes a Theme background image.
-      operationId: deleteBrandThemeBackgroundImage
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          description: Not Found
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.brands.manage
-      tags:
-        - Customization
-  /api/v1/brands/{brandId}/themes/{themeId}/favicon:
-    parameters:
-      - in: path
-        name: brandId
-        required: true
-        schema:
-          type: string
-      - in: path
-        name: themeId
-        required: true
-        schema:
-          type: string
-    post:
-      summary: Upload the Favicon
-      description: Updates the favicon for your theme
-      operationId: uploadBrandThemeFavicon
-      requestBody:
-        content:
-          multipart/form-data:
-            schema:
-              type: object
-              description: The file must be in PNG, or ico format and less than ?? in size and 128 x 128 dimensions
-              properties:
-                file:
-                  type: string
-                  format: binary
-              required:
-                - file
-        description: favicon file
-      responses:
-        '201':
-          description: Created
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ImageUploadResponse'
-        '400':
-          description: Bad Request
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          description: Not Found
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.brands.manage
-      tags:
-        - Customization
-    delete:
-      summary: Delete the Favicon
-      description: Deletes a Theme favicon. The theme will use the default Okta favicon.
-      operationId: deleteBrandThemeFavicon
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          description: Not Found
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.brands.manage
-      tags:
-        - Customization
-  /api/v1/brands/{brandId}/themes/{themeId}/logo:
-    parameters:
-      - in: path
-        name: brandId
-        required: true
-        schema:
-          type: string
-      - in: path
-        name: themeId
-        required: true
-        schema:
-          type: string
-    post:
-      summary: Upload the Logo
-      description: Updates the logo for your Theme
-      operationId: uploadBrandThemeLogo
-      requestBody:
-        content:
-          multipart/form-data:
-            schema:
-              description: The file must be in PNG, JPG, or GIF format and less than 100kB in size. For best results use landscape orientation, a transparent background, and a minimum size of 300px by 50px to prevent upscaling.
-              type: object
-              properties:
-                file:
-                  type: string
-                  format: binary
-              required:
-                - file
-        description: logo file
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ImageUploadResponse'
-        '400':
-          description: Bad Request
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          description: Not Found
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.brands.manage
-      tags:
-        - Customization
-    delete:
-      summary: Delete the Logo
-      description: Deletes a Theme logo. The theme will use the default Okta logo.
-      operationId: deleteBrandThemeLogo
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          description: Not Found
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.brands.manage
-      tags:
-        - Customization
-  /api/v1/captchas:
-    get:
-      summary: List all CAPTCHA instances
-      description: Enumerates CAPTCHA instances in your organization with pagination. A subset of CAPTCHA instances can be returned that match a supported filter expression or query.
-      operationId: listCaptchaInstances
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/CAPTCHAInstance'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.captchas.read
-      tags:
-        - CAPTCHA
-    post:
-      summary: Create a CAPTCHA instance
-      description: Adds a new CAPTCHA instance to your organization. In the current release, we only allow one CAPTCHA instance per org.
-      operationId: createCaptchaInstance
-      x-codegen-request-body-name: instance
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/CAPTCHAInstance'
-            examples:
-              HCaptcha:
-                $ref: '#/components/examples/CAPTCHAInstanceRequestHCaptcha'
-              ReCaptcha:
-                $ref: '#/components/examples/CAPTCHAInstanceRequestReCaptcha'
-        required: true
-      responses:
-        '201':
-          description: Created
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/CAPTCHAInstance'
-              examples:
-                HCaptcha:
-                  $ref: '#/components/examples/CAPTCHAInstanceResponseHCaptcha'
-                ReCaptcha:
-                  $ref: '#/components/examples/CAPTCHAInstanceResponseReCaptcha'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          description: Forbidden
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-              examples:
-                Access Denied:
-                  $ref: '#/components/examples/ErrorAccessDenied'
-                Error Limit of One CAPTCHA instance per org:
-                  $ref: '#/components/examples/ErrorCAPTCHALimitOfOne'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.captchas.manage
-      tags:
-        - CAPTCHA
-  /api/v1/captchas/{captchaId}:
-    parameters:
-      - $ref: '#/components/parameters/pathCaptchaId'
-    get:
-      summary: Retrieve a CAPTCHA Instance
-      description: Fetches a CAPTCHA instance by `captchaId`.
-      operationId: getCaptchaInstance
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/CAPTCHAInstance'
-              examples:
-                HCaptcha:
-                  $ref: '#/components/examples/CAPTCHAInstanceResponseHCaptcha'
-                ReCaptcha:
-                  $ref: '#/components/examples/CAPTCHAInstanceResponseReCaptcha'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.captchas.read
-      tags:
-        - CAPTCHA
-    post:
-      summary: Update a CAPTCHA instance
-      description: Partially update a CAPTCHA instance by `captchaId`.
-      operationId: partialUpdateCaptchaInstance
-      x-codegen-request-body-name: instance
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/CAPTCHAInstance'
-            examples:
-              HCaptcha:
-                $ref: '#/components/examples/CAPTCHAInstanceRequestHCaptcha'
-              ReCaptcha:
-                $ref: '#/components/examples/CAPTCHAInstanceRequestReCaptcha'
-        required: true
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/CAPTCHAInstance'
-              examples:
-                HCaptcha:
-                  $ref: '#/components/examples/CAPTCHAInstanceResponseHCaptcha'
-                ReCaptcha:
-                  $ref: '#/components/examples/CAPTCHAInstanceResponseReCaptcha'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.captchas.manage
-      tags:
-        - CAPTCHA
-    put:
-      summary: Replace a CAPTCHA instance
-      description: Update a CAPTCHA instance by `captchaId`.
-      operationId: updateCaptchaInstance
-      x-codegen-request-body-name: instance
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/CAPTCHAInstance'
-            examples:
-              HCaptcha:
-                $ref: '#/components/examples/CAPTCHAInstanceRequestHCaptcha'
-              ReCaptcha:
-                $ref: '#/components/examples/CAPTCHAInstanceRequestReCaptcha'
-        required: true
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/CAPTCHAInstance'
-              examples:
-                HCaptcha:
-                  $ref: '#/components/examples/CAPTCHAInstanceResponseHCaptcha'
-                ReCaptcha:
-                  $ref: '#/components/examples/CAPTCHAInstanceResponseReCaptcha'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.captchas.manage
-      tags:
-        - CAPTCHA
-    delete:
-      summary: Delete a CAPTCHA Instance
-      description: Delete a CAPTCHA instance by `captchaId`. If the CAPTCHA instance is currently being used in the org, the delete will not be allowed.
-      operationId: deleteCaptchaInstance
-      responses:
-        '204':
-          description: No Content
-        '403':
-          description: Forbidden
-          headers: {}
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-              examples:
-                Access Denied:
-                  $ref: '#/components/examples/ErrorAccessDenied'
-                Cannot remove CAPTCHA in use:
-                  $ref: '#/components/examples/ErrorCAPTCHAOrgWideSetting'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.captchas.manage
-      tags:
-        - CAPTCHA
-  /api/v1/device-assurances:
-    get:
-      summary: List all Device Assurance Policies
-      description: Enumerates Device Assurance Policies in your organization.
-      operationId: listDeviceAssurancePolicies
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/DeviceAssurance'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.deviceAssurance.read
-      tags:
-        - DeviceAssurance
-    post:
-      summary: Create a Device Assurance Policy
-      description: Adds a new Device Assurance Policy.
-      operationId: createDeviceAssurancePolicy
-      x-codegen-request-body-name: deviceAssurance
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/DeviceAssurance'
-            examples:
-              ANDROID:
-                $ref: '#/components/examples/DeviceAssuranceAndroidRequest'
-              MACOS:
-                $ref: '#/components/examples/DeviceAssuranceMacOSRequest'
-              WINDOWS:
-                $ref: '#/components/examples/DeviceAssuranceWindowsRequest'
-              IOS:
-                $ref: '#/components/examples/DeviceAssuranceIosRequest'
-        required: true
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/DeviceAssurance'
-              examples:
-                DeviceAssuranceResponse:
-                  $ref: '#/components/examples/DeviceAssuranceResponse'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.deviceAssurance.manage
-      tags:
-        - DeviceAssurance
-  /api/v1/device-assurances/{deviceAssuranceId}:
-    get:
-      summary: Retrieve a Device Assurance Policy
-      description: Fetches a Device Assurance Policy by `deviceAssuranceId`.
-      operationId: getDeviceAssurancePolicy
-      parameters:
-        - $ref: '#/components/parameters/pathDeviceAssuranceId'
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/DeviceAssurance'
-              examples:
-                DeviceAssuranceResponse:
-                  $ref: '#/components/examples/DeviceAssuranceResponse'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.deviceAssurance.read
-      tags:
-        - DeviceAssurance
-    put:
-      summary: Replace a Device Assurance Policy
-      description: Updates a Device Assurance Policy by `deviceAssuranceId`.
-      operationId: updateDeviceAssurancePolicy
-      parameters:
-        - $ref: '#/components/parameters/pathDeviceAssuranceId'
-      x-codegen-request-body-name: deviceAssurance
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/DeviceAssurance'
-            examples:
-              DeviceAssuranceResponse:
-                $ref: '#/components/examples/DeviceAssuranceResponse'
-        required: true
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/DeviceAssurance'
-              examples:
-                DeviceAssuranceResponse:
-                  $ref: '#/components/examples/DeviceAssuranceResponse'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.deviceAssurance.manage
-      tags:
-        - DeviceAssurance
-    delete:
-      summary: Delete a Device Assurance Policy
-      description: Delete a Device Assurance Policy by `deviceAssuranceId`. If the Device Assurance Policy is currently being used in the org Authentication Policies, the delete will not be allowed.
-      operationId: deleteDeviceAssurancePolicy
-      parameters:
-        - $ref: '#/components/parameters/pathDeviceAssuranceId'
-      responses:
-        '204':
-          description: No Content
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '409':
-          description: Conflict
-          headers: {}
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-              examples:
-                Cannot delete device assurance policy in use by authentication policies:
-                  $ref: '#/components/examples/ErrorDeviceAssuranceInUse'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.deviceAssurance.manage
-      tags:
-        - DeviceAssurance
-  /api/v1/domains:
-    get:
-      summary: List all Domains
-      description: List all verified custom Domains for the org.
-      operationId: listDomains
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/DomainListResponse'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.domains.read
-      tags:
-        - Domain
-    post:
-      summary: Create a Domain
-      description: Creates your domain.
-      operationId: createDomain
-      x-codegen-request-body-name: domain
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/Domain'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/DomainResponse'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.domains.manage
-      tags:
-        - Domain
-  /api/v1/domains/{domainId}:
-    get:
-      summary: Retrieve a Domain
-      description: Fetches a Domain by `id`.
-      operationId: getDomain
-      parameters:
-        - name: domainId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/DomainResponse'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.domains.read
-      tags:
-        - Domain
-    delete:
-      summary: Delete a Domain
-      description: Deletes a Domain by `id`.
-      operationId: deleteDomain
-      parameters:
-        - name: domainId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.domains.manage
-      tags:
-        - Domain
-  /api/v1/domains/{domainId}/certificate:
-    put:
-      summary: Replace the Certificate
-      description: Creates the Certificate for the Domain.
-      operationId: createCertificate
-      parameters:
-        - name: domainId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: certificate
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/DomainCertificate'
-        required: true
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.domains.manage
-      tags:
-        - Domain
-  /api/v1/domains/{domainId}/verify:
-    post:
-      summary: Verify a Domain
-      description: Verifies the Domain by `id`.
-      operationId: verifyDomain
-      parameters:
-        - name: domainId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/DomainResponse'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.domains.manage
-      tags:
-        - Domain
-  /api/v1/email-domains:
-    get:
-      summary: List all email domains
-      description: List all the email domains in your org.
-      operationId: listEmailDomains
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/EmailDomainListResponse'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.email-domains.read
-      tags:
-        - EmailDomain
-    post:
-      summary: Create an Email Domain
-      description: Creates a custom email domain.
-      operationId: createEmailDomain
-      x-codegen-request-body-name: emailDomain
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/EmailDomain'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/EmailDomainResponse'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.email-domains.manage
-      tags:
-        - EmailDomain
-  /api/v1/email-domains/{emailDomainId}:
-    get:
-      summary: Retrieve a Email Domain
-      description: Fetches an Email Domain by `emailDomainId`.
-      operationId: getEmailDomain
-      parameters:
-        - $ref: '#/components/parameters/pathEmailDomainId'
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/EmailDomainResponse'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.email-domains.read
-      tags:
-        - EmailDomain
-    put:
-      summary: Update an Email Domain
-      description: Updates an email domain by `emailDomainId`
-      operationId: updateEmailDomain
-      parameters:
-        - $ref: '#/components/parameters/pathEmailDomainId'
-      x-codegen-request-body-name: updateEmailDomain
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/UpdateEmailDomain'
-        required: true
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/EmailDomainResponse'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.email-domains.manage
-      tags:
-        - EmailDomain
-    delete:
-      summary: Delete an Email Domain
-      description: Deletes an Email Domain by `emailDomainId`.
-      operationId: deleteEmailDomain
-      parameters:
-        - $ref: '#/components/parameters/pathEmailDomainId'
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.email-domains.manage
-      tags:
-        - EmailDomain
-  /api/v1/email-domains/{emailDomainId}/brands:
-    get:
-      summary: List all brands linked to an email domain
-      description: List all brands linked to an email domain.
-      operationId: listEmailDomainBrands
-      parameters:
-        - $ref: '#/components/parameters/pathEmailDomainId'
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/Brand'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.email-domains.read
-      tags:
-        - EmailDomain
-  /api/v1/email-domains/{emailDomainId}/verify:
-    post:
-      summary: Verify Email Domain
-      description: Verifies the Email Domain by `id`.
-      operationId: verifyEmailDomain
-      parameters:
-        - $ref: '#/components/parameters/pathEmailDomainId'
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/EmailDomainResponse'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.email-domains.manage
-      tags:
-        - EmailDomain
-  /api/v1/eventHooks:
-    get:
-      summary: List all Event Hooks
-      description: Success
-      operationId: listEventHooks
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/EventHook'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.eventHooks.read
-      tags:
-        - EventHook
-    post:
-      summary: Create an Event Hook
-      description: Success
-      operationId: createEventHook
-      x-codegen-request-body-name: eventHook
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/EventHook'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/EventHook'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.eventHooks.manage
-      tags:
-        - EventHook
-  /api/v1/eventHooks/{eventHookId}:
-    get:
-      summary: Retrieve an Event Hook
-      description: Success
-      operationId: getEventHook
-      parameters:
-        - name: eventHookId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/EventHook'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.eventHooks.read
-      tags:
-        - EventHook
-    put:
-      summary: Replace an Event Hook
-      description: Success
-      operationId: updateEventHook
-      parameters:
-        - name: eventHookId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: eventHook
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/EventHook'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/EventHook'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.eventHooks.manage
-      tags:
-        - EventHook
-    delete:
-      summary: Delete an Event Hook
-      description: Success
-      operationId: deleteEventHook
-      parameters:
-        - name: eventHookId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.eventHooks.manage
-      tags:
-        - EventHook
-  /api/v1/eventHooks/{eventHookId}/lifecycle/activate:
-    post:
-      summary: Activate an Event Hook
-      description: Success
-      operationId: activateEventHook
-      parameters:
-        - name: eventHookId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/EventHook'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.eventHooks.manage
-      tags:
-        - EventHook
-  /api/v1/eventHooks/{eventHookId}/lifecycle/deactivate:
-    post:
-      summary: Deactivate an Event Hook
-      description: Success
-      operationId: deactivateEventHook
-      parameters:
-        - name: eventHookId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/EventHook'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.eventHooks.manage
-      tags:
-        - EventHook
-  /api/v1/eventHooks/{eventHookId}/lifecycle/verify:
-    post:
-      summary: Verify an Event Hook
-      description: Success
-      operationId: verifyEventHook
-      parameters:
-        - name: eventHookId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/EventHook'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.eventHooks.manage
-      tags:
-        - EventHook
-  /api/v1/features:
-    get:
-      summary: List all Features
-      description: Success
-      operationId: listFeatures
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/Feature'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.features.read
-      tags:
-        - Feature
-  /api/v1/features/{featureId}:
-    get:
-      summary: Retrieve a Feature
-      description: Success
-      operationId: getFeature
-      parameters:
-        - name: featureId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Feature'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.features.read
-      tags:
-        - Feature
-  /api/v1/features/{featureId}/dependencies:
-    get:
-      summary: List all Dependencies
-      description: Success
-      operationId: listFeatureDependencies
-      parameters:
-        - name: featureId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/Feature'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.features.read
-      tags:
-        - Feature
-  /api/v1/features/{featureId}/dependents:
-    get:
-      summary: List all Dependents
-      description: Success
-      operationId: listFeatureDependents
-      parameters:
-        - name: featureId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/Feature'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.features.read
-      tags:
-        - Feature
-  /api/v1/features/{featureId}/{lifecycle}:
-    post:
-      summary: Update a Feature Lifecycle
-      description: Success
-      operationId: updateFeatureLifecycle
-      parameters:
-        - name: featureId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: lifecycle
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: mode
-          in: query
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Feature'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.features.manage
-      tags:
-        - Feature
-  /api/v1/groups:
-    get:
-      summary: List all Groups
-      description: Enumerates groups in your organization with pagination. A subset of groups can be returned that match a supported filter expression or query.
-      operationId: listGroups
-      parameters:
-        - name: q
-          in: query
-          description: Searches the name property of groups for matching value
-          schema:
-            type: string
-        - name: search
-          in: query
-          description: Filter expression for groups
-          schema:
-            type: string
-        - name: after
-          in: query
-          description: Specifies the pagination cursor for the next page of groups
-          schema:
-            type: string
-        - name: limit
-          in: query
-          description: Specifies the number of group results in a page
-          schema:
-            type: integer
-            format: int32
-            default: 10000
-        - name: expand
-          in: query
-          description: If specified, it causes additional metadata to be included in the response.
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/Group'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.groups.read
-      tags:
-        - Group
-    post:
-      summary: Create a Group
-      description: Adds a new group with `OKTA_GROUP` type to your organization.
-      operationId: createGroup
-      x-codegen-request-body-name: group
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/Group'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Group'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.groups.manage
-      tags:
-        - Group
-  /api/v1/groups/rules:
-    get:
-      summary: List all Group Rules
-      description: Lists all group rules for your organization.
-      operationId: listGroupRules
-      parameters:
-        - name: limit
-          in: query
-          description: Specifies the number of rule results in a page
-          schema:
-            type: integer
-            format: int32
-            default: 50
-        - name: after
-          in: query
-          description: Specifies the pagination cursor for the next page of rules
-          schema:
-            type: string
-        - name: search
-          in: query
-          description: Specifies the keyword to search fules for
-          schema:
-            type: string
-        - name: expand
-          in: query
-          description: If specified as `groupIdToGroupNameMap`, then show group names
-          schema:
-            type: string
-          x-okta-added-version: 1.3.0
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/GroupRule'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.groups.read
-      tags:
-        - Group
-    post:
-      summary: Create a Group Rule
-      description: Creates a group rule to dynamically add users to the specified group if they match the condition
-      operationId: createGroupRule
-      x-codegen-request-body-name: groupRule
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/GroupRule'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/GroupRule'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.groups.manage
-      tags:
-        - Group
-  /api/v1/groups/rules/{ruleId}:
-    get:
-      summary: Retrieve a Group Rule
-      description: Fetches a specific group rule by id from your organization
-      operationId: getGroupRule
-      parameters:
-        - name: ruleId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: expand
-          in: query
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/GroupRule'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.groups.read
-      tags:
-        - Group
-    put:
-      summary: Replace a Group Rule
-      description: Updates a group rule. Only `INACTIVE` rules can be updated.
-      operationId: updateGroupRule
-      parameters:
-        - name: ruleId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: groupRule
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/GroupRule'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/GroupRule'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.groups.manage
-      tags:
-        - Group
-    delete:
-      summary: Delete a group Rule
-      description: Removes a specific group rule by id from your organization
-      operationId: deleteGroupRule
-      parameters:
-        - name: ruleId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: removeUsers
-          in: query
-          description: Indicates whether to keep or remove users from groups assigned by this rule.
-          schema:
-            type: boolean
-      responses:
-        '202':
-          description: Accepted
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.groups.manage
-      tags:
-        - Group
-  /api/v1/groups/rules/{ruleId}/lifecycle/activate:
-    post:
-      summary: Activate a Group Rule
-      description: Activates a specific group rule by id from your organization
-      operationId: activateGroupRule
-      parameters:
-        - name: ruleId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.groups.manage
-      tags:
-        - Group
-  /api/v1/groups/rules/{ruleId}/lifecycle/deactivate:
-    post:
-      summary: Deactivate a Group Rule
-      description: Deactivates a specific group rule by id from your organization
-      operationId: deactivateGroupRule
-      parameters:
-        - name: ruleId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.groups.manage
-      tags:
-        - Group
-  /api/v1/groups/{groupId}:
-    get:
-      summary: List all Group Rules
-      description: Fetches a group from your organization.
-      operationId: getGroup
-      parameters:
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Group'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.groups.read
-      tags:
-        - Group
-    put:
-      summary: Replace a Group
-      description: Updates the profile for a group with `OKTA_GROUP` type from your organization.
-      operationId: updateGroup
-      parameters:
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: group
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/Group'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Group'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.groups.manage
-      tags:
-        - Group
-    delete:
-      summary: Delete a Group
-      description: Removes a group with `OKTA_GROUP` type from your organization.
-      operationId: deleteGroup
-      parameters:
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.groups.manage
-      tags:
-        - Group
-  /api/v1/groups/{groupId}/apps:
-    get:
-      summary: List all Assigned Applications
-      description: Enumerates all applications that are assigned to a group.
-      operationId: listAssignedApplicationsForGroup
-      parameters:
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: after
-          in: query
-          description: Specifies the pagination cursor for the next page of apps
-          schema:
-            type: string
-        - name: limit
-          in: query
-          description: Specifies the number of app results for a page
-          schema:
-            type: integer
-            format: int32
-            default: 20
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/Application'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.groups.read
-      tags:
-        - Group
-  /api/v1/groups/{groupId}/roles:
-    get:
-      summary: List all Assigned Roles
-      description: Success
-      operationId: listGroupAssignedRoles
-      parameters:
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: expand
-          in: query
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/Role'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.read
-      tags:
-        - Group
-    post:
-      summary: Assign a Role
-      description: Assigns a Role to a Group
-      operationId: assignRoleToGroup
-      parameters:
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: disableNotifications
-          in: query
-          schema:
-            type: boolean
-      x-codegen-request-body-name: assignRoleRequest
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/AssignRoleRequest'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Role'
-        '201':
-          description: Success
-          content: {}
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.manage
-      tags:
-        - Group
-  /api/v1/groups/{groupId}/roles/{roleId}:
-    get:
-      summary: Retrieve a Role
-      description: Success
-      operationId: getRole
-      parameters:
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: roleId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Role'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.read
-      tags:
-        - Group
-    delete:
-      summary: Delete a Role
-      description: Unassigns a Role from a Group
-      operationId: removeRoleFromGroup
-      parameters:
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: roleId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.manage
-      tags:
-        - Group
-  /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps:
-    get:
-      summary: List all Application Targets for an Application Administrator Role
-      description: Lists all App targets for an `APP_ADMIN` Role assigned to a Group. This methods return list may include full Applications or Instances. The response for an instance will have an `ID` value, while Application will not have an ID.
-      operationId: listApplicationTargetsForApplicationAdministratorRoleForGroup
-      parameters:
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: roleId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: after
-          in: query
-          schema:
-            type: string
-        - name: limit
-          in: query
-          schema:
-            type: integer
-            format: int32
-            default: 20
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/CatalogApplication'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.read
-      tags:
-        - Group
-  /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}:
-    put:
-      summary: Assign an Application Target to Administrator Role
-      description: Success
-      operationId: addApplicationTargetToAdminRoleGivenToGroup
-      parameters:
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: roleId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: appName
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.manage
-      tags:
-        - Group
-    delete:
-      summary: Delete an Application Target from Application Administrator Role
-      description: Success
-      operationId: removeApplicationTargetFromApplicationAdministratorRoleGivenToGroup
-      parameters:
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: roleId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: appName
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.manage
-      tags:
-        - Group
-  /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}:
-    put:
-      summary: Assign an Application Instance Target to Application Administrator Role
-      description: Add App Instance Target to App Administrator Role given to a Group
-      operationId: addApplicationInstanceTargetToAppAdminRoleGivenToGroup
-      parameters:
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: roleId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: appName
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: applicationId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.manage
-      tags:
-        - Group
-    delete:
-      summary: Delete an Application Instance Target to Application Administrator Role
-      description: Remove App Instance Target to App Administrator Role given to a Group
-      operationId: removeApplicationTargetFromAdministratorRoleGivenToGroup
-      parameters:
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: roleId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: appName
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: applicationId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.manage
-      tags:
-        - Group
-  /api/v1/groups/{groupId}/roles/{roleId}/targets/groups:
-    get:
-      summary: List all Group Targets for a Group Role
-      description: Enumerates group targets for a group role.
-      operationId: listGroupTargetsForGroupRole
-      parameters:
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: roleId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: after
-          in: query
-          schema:
-            type: string
-        - name: limit
-          in: query
-          schema:
-            type: integer
-            format: int32
-            default: 20
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/Group'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.read
-      tags:
-        - Group
-  /api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}:
-    put:
-      summary: Assign a Group Target for Group Role
-      description: Enumerates group targets for a group role.
-      operationId: addGroupTargetToGroupAdministratorRoleForGroup
-      parameters:
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: roleId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: targetGroupId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.manage
-      tags:
-        - Group
-    delete:
-      summary: Delete a Group Target for Group Role
-      description: remove group target for a group role.
-      operationId: removeGroupTargetFromGroupAdministratorRoleGivenToGroup
-      parameters:
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: roleId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: targetGroupId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.manage
-      tags:
-        - Group
-  /api/v1/groups/{groupId}/users:
-    get:
-      summary: List all Member Users
-      description: Enumerates all users that are a member of a group.
-      operationId: listGroupUsers
-      parameters:
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: after
-          in: query
-          description: Specifies the pagination cursor for the next page of users
-          schema:
-            type: string
-        - name: limit
-          in: query
-          description: Specifies the number of user results in a page
-          schema:
-            type: integer
-            format: int32
-            default: 1000
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/User'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.groups.read
-      tags:
-        - Group
-  /api/v1/groups/{groupId}/users/{userId}:
-    put:
-      summary: Assign a User
-      description: Adds a user to a group with 'OKTA_GROUP' type.
-      operationId: addUserToGroup
-      parameters:
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.groups.manage
-      tags:
-        - Group
-    delete:
-      summary: Unassign a User
-      description: Removes a user from a group with 'OKTA_GROUP' type.
-      operationId: removeUserFromGroup
-      parameters:
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.groups.manage
-      tags:
-        - Group
-  /api/v1/idps:
-    get:
-      summary: List all Identity Providers
-      description: Enumerates IdPs in your organization with pagination. A subset of IdPs can be returned that match a supported filter expression or query.
-      operationId: listIdentityProviders
-      parameters:
-        - name: q
-          in: query
-          description: Searches the name property of IdPs for matching value
-          schema:
-            type: string
-        - name: after
-          in: query
-          description: Specifies the pagination cursor for the next page of IdPs
-          schema:
-            type: string
-        - name: limit
-          in: query
-          description: Specifies the number of IdP results in a page
-          schema:
-            type: integer
-            format: int32
-            default: 20
-        - name: type
-          in: query
-          description: Filters IdPs by type
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/IdentityProvider'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.idps.read
-      tags:
-        - IdentityProvider
-    post:
-      summary: Create an Identity Provider
-      description: Adds a new IdP to your organization.
-      operationId: createIdentityProvider
-      x-codegen-request-body-name: identityProvider
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/IdentityProvider'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/IdentityProvider'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.idps.manage
-      tags:
-        - IdentityProvider
-  /api/v1/idps/credentials/keys:
-    get:
-      summary: List all Credential Keys
-      description: Enumerates IdP key credentials.
-      operationId: listIdentityProviderKeys
-      parameters:
-        - name: after
-          in: query
-          description: Specifies the pagination cursor for the next page of keys
-          schema:
-            type: string
-        - name: limit
-          in: query
-          description: Specifies the number of key results in a page
-          schema:
-            type: integer
-            format: int32
-            default: 20
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/JsonWebKey'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.idps.read
-      tags:
-        - IdentityProvider
-    post:
-      summary: Create an X.509 Certificate Public Key
-      description: Adds a new X.509 certificate credential to the IdP key store.
-      operationId: createIdentityProviderKey
-      x-codegen-request-body-name: jsonWebKey
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/JsonWebKey'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/JsonWebKey'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.idps.manage
-      tags:
-        - IdentityProvider
-  /api/v1/idps/credentials/keys/{keyId}:
-    get:
-      summary: Retrieve an Credential Key
-      description: Gets a specific IdP Key Credential by `kid`
-      operationId: getIdentityProviderKey
-      parameters:
-        - name: keyId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/JsonWebKey'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.idps.read
-      tags:
-        - IdentityProvider
-    delete:
-      summary: Delete a Signing Credential Key
-      description: Deletes a specific IdP Key Credential by `kid` if it is not currently being used by an Active or Inactive IdP.
-      operationId: deleteIdentityProviderKey
-      parameters:
-        - name: keyId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.idps.manage
-      tags:
-        - IdentityProvider
-  /api/v1/idps/{idpId}:
-    get:
-      summary: Retrieve an Identity Provider
-      description: Fetches an IdP by `id`.
-      operationId: getIdentityProvider
-      parameters:
-        - name: idpId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/IdentityProvider'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.idps.read
-      tags:
-        - IdentityProvider
-    put:
-      summary: Replace an Identity Provider
-      description: Updates the configuration for an IdP.
-      operationId: updateIdentityProvider
-      parameters:
-        - name: idpId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: identityProvider
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/IdentityProvider'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/IdentityProvider'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.idps.manage
-      tags:
-        - IdentityProvider
-    delete:
-      summary: Delete an Identity Provider
-      description: Removes an IdP from your organization.
-      operationId: deleteIdentityProvider
-      parameters:
-        - name: idpId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.idps.manage
-      tags:
-        - IdentityProvider
-  /api/v1/idps/{idpId}/credentials/csrs:
-    get:
-      summary: List all Certificate Signing Requests
-      description: Enumerates Certificate Signing Requests for an IdP
-      operationId: listCsrsForIdentityProvider
-      parameters:
-        - name: idpId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/Csr'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.idps.read
-      tags:
-        - IdentityProvider
-    post:
-      summary: Generate a Certificate Signing Request
-      description: Generates a new key pair and returns a Certificate Signing Request for it.
-      operationId: generateCsrForIdentityProvider
-      parameters:
-        - name: idpId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: metadata
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/CsrMetadata'
-        required: true
-      responses:
-        '201':
-          description: Created
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Csr'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.idps.manage
-      tags:
-        - IdentityProvider
-  /api/v1/idps/{idpId}/credentials/csrs/{csrId}:
-    get:
-      summary: Retrieve a Certificate Signing Request
-      description: Gets a specific Certificate Signing Request model by id
-      operationId: getCsrForIdentityProvider
-      parameters:
-        - name: idpId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: csrId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Csr'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.idps.read
-      tags:
-        - IdentityProvider
-    delete:
-      summary: Revoke a Certificate Signing Request
-      description: Revoke a Certificate Signing Request and delete the key pair from the IdP
-      operationId: revokeCsrForIdentityProvider
-      parameters:
-        - name: idpId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: csrId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.idps.manage
-      tags:
-        - IdentityProvider
-  /api/v1/idps/{idpId}/credentials/csrs/{csrId}/lifecycle/publish:
-    post:
-      summary: Publish a Certificate Signing Request
-      description: Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.
-      operationId: publishCsrForIdentityProvider
-      parameters:
-        - name: idpId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: csrId
-          in: path
-          required: true
-          schema:
-            type: string
-      requestBody:
-        required: true
-        content:
-          application/x-x509-ca-cert:
-            schema:
-              type: string
-              format: binary
-              x-okta-operationId: publishBinaryCerCertForIdentityProvider
-          application/pkix-cert:
-            schema:
-              type: string
-              format: binary
-              x-okta-operationId: publishBinaryDerCertForIdentityProvider
-          application/x-pem-file:
-            schema:
-              type: string
-              format: binary
-              x-okta-operationId: publishBinaryPemCertForIdentityProvider
-      responses:
-        '201':
-          description: Created
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/JsonWebKey'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.idps.manage
-      tags:
-        - IdentityProvider
-  /api/v1/idps/{idpId}/credentials/keys:
-    get:
-      summary: List all Signing Credential Keys
-      description: Enumerates signing key credentials for an IdP
-      operationId: listIdentityProviderSigningKeys
-      parameters:
-        - name: idpId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/JsonWebKey'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.idps.read
-      tags:
-        - IdentityProvider
-  /api/v1/idps/{idpId}/credentials/keys/generate:
-    post:
-      summary: Generate a new Signing Credential Key
-      description: Generates a new X.509 certificate for an IdP signing key credential to be used for signing assertions sent to the IdP
-      operationId: generateIdentityProviderSigningKey
-      parameters:
-        - name: idpId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: validityYears
-          in: query
-          description: expiry of the IdP Key Credential
-          required: true
-          schema:
-            type: integer
-            format: int32
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/JsonWebKey'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.idps.manage
-      tags:
-        - IdentityProvider
-  /api/v1/idps/{idpId}/credentials/keys/{keyId}:
-    get:
-      summary: Retrieve a Signing Credential Key
-      description: Gets a specific IdP Key Credential by `kid`
-      operationId: getIdentityProviderSigningKey
-      parameters:
-        - name: idpId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: keyId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/JsonWebKey'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.idps.read
-      tags:
-        - IdentityProvider
-  /api/v1/idps/{idpId}/credentials/keys/{keyId}/clone:
-    post:
-      summary: Clone a Signing Credential Key
-      description: Clones a X.509 certificate for an IdP signing key credential from a source IdP to target IdP
-      operationId: cloneIdentityProviderKey
-      parameters:
-        - name: idpId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: keyId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: targetIdpId
-          in: query
-          required: true
-          schema:
-            type: string
-      responses:
-        '201':
-          description: Created
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/JsonWebKey'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.idps.manage
-      tags:
-        - IdentityProvider
-  /api/v1/idps/{idpId}/lifecycle/activate:
-    post:
-      summary: Activate an Identity Provider
-      description: Activates an inactive IdP.
-      operationId: activateIdentityProvider
-      parameters:
-        - name: idpId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/IdentityProvider'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.idps.manage
-      tags:
-        - IdentityProvider
-  /api/v1/idps/{idpId}/lifecycle/deactivate:
-    post:
-      summary: Deactivate an Identity Provider
-      description: Deactivates an active IdP.
-      operationId: deactivateIdentityProvider
-      parameters:
-        - name: idpId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/IdentityProvider'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.idps.manage
-      tags:
-        - IdentityProvider
-  /api/v1/idps/{idpId}/users:
-    get:
-      summary: List all Users
-      description: Find all the users linked to an identity provider
-      operationId: listIdentityProviderApplicationUsers
-      parameters:
-        - name: idpId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/IdentityProviderApplicationUser'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.idps.read
-      tags:
-        - IdentityProvider
-  /api/v1/idps/{idpId}/users/{userId}:
-    get:
-      summary: Retrieve a User
-      description: Fetches a linked IdP user by ID
-      operationId: getIdentityProviderApplicationUser
-      parameters:
-        - name: idpId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/IdentityProviderApplicationUser'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.idps.read
-      tags:
-        - IdentityProvider
-    post:
-      summary: Link a User to a Social IdP
-      description: Links an Okta user to an existing Social Identity Provider. This does not support the SAML2 Identity Provider Type
-      operationId: linkUserToIdentityProvider
-      parameters:
-        - name: idpId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: userIdentityProviderLinkRequest
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/UserIdentityProviderLinkRequest'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/IdentityProviderApplicationUser'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - IdentityProvider
-    delete:
-      summary: Unlink a User from IdP
-      description: Removes the link between the Okta user and the IdP user.
-      operationId: unlinkUserFromIdentityProvider
-      parameters:
-        - name: idpId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.idps.manage
-      tags:
-        - IdentityProvider
-  /api/v1/idps/{idpId}/users/{userId}/credentials/tokens:
-    get:
-      summary: List all Tokens from a OIDC Identity Provider
-      description: Fetches the tokens minted by the Social Authentication Provider when the user authenticates with Okta via Social Auth.
-      operationId: listSocialAuthTokens
-      parameters:
-        - name: idpId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/SocialAuthToken'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.idps.read
-      tags:
-        - IdentityProvider
-  /api/v1/inlineHooks:
-    get:
-      summary: List all Inline Hooks
-      description: Success
-      operationId: listInlineHooks
-      parameters:
-        - name: type
-          in: query
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/InlineHook'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.inlineHooks.read
-      tags:
-        - InlineHook
-    post:
-      summary: Create an Inline Hook
-      description: Success
-      operationId: createInlineHook
-      x-codegen-request-body-name: inlineHook
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/InlineHook'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/InlineHook'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.inlineHooks.manage
-      tags:
-        - InlineHook
-  /api/v1/inlineHooks/{inlineHookId}:
-    get:
-      summary: Retrieve an Inline Hook
-      description: Gets an inline hook by ID
-      operationId: getInlineHook
-      parameters:
-        - name: inlineHookId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/InlineHook'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.inlineHooks.read
-      tags:
-        - InlineHook
-    put:
-      summary: Replace an Inline Hook
-      description: Updates an inline hook by ID
-      operationId: updateInlineHook
-      parameters:
-        - name: inlineHookId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: inlineHook
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/InlineHook'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/InlineHook'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.inlineHooks.manage
-      tags:
-        - InlineHook
-    delete:
-      summary: Delete an Inline Hook
-      description: Deletes the Inline Hook matching the provided id. Once deleted, the Inline Hook is unrecoverable. As a safety precaution, only Inline Hooks with a status of INACTIVE are eligible for deletion.
-      operationId: deleteInlineHook
-      parameters:
-        - name: inlineHookId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.inlineHooks.manage
-      tags:
-        - InlineHook
-  /api/v1/inlineHooks/{inlineHookId}/execute:
-    post:
-      summary: Execute an Inline Hook
-      description: Executes the Inline Hook matching the provided inlineHookId using the request body as the input. This will send the provided data through the Channel and return a response if it matches the correct data contract. This execution endpoint should only be used for testing purposes.
-      operationId: executeInlineHook
-      parameters:
-        - name: inlineHookId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: payloadData
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/InlineHookPayload'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/InlineHookResponse'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.inlineHooks.manage
-      tags:
-        - InlineHook
-  /api/v1/inlineHooks/{inlineHookId}/lifecycle/activate:
-    post:
-      summary: Activate an Inline Hook
-      description: Activates the Inline Hook matching the provided id
-      operationId: activateInlineHook
-      parameters:
-        - name: inlineHookId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/InlineHook'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.inlineHooks.manage
-      tags:
-        - InlineHook
-  /api/v1/inlineHooks/{inlineHookId}/lifecycle/deactivate:
-    post:
-      summary: Deactivate an Inline Hook
-      description: Deactivates the Inline Hook matching the provided id
-      operationId: deactivateInlineHook
-      parameters:
-        - name: inlineHookId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/InlineHook'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.inlineHooks.manage
-      tags:
-        - InlineHook
-  /api/v1/logs:
-    get:
-      summary: List all System Log Events
-      description: The Okta System Log API provides read access to your organization’s system log. This API provides more functionality than the Events API
-      operationId: getLogs
-      parameters:
-        - name: since
-          in: query
-          schema:
-            type: string
-            format: date-time
-        - name: until
-          in: query
-          schema:
-            type: string
-            format: date-time
-        - name: filter
-          in: query
-          schema:
-            type: string
-        - name: q
-          in: query
-          schema:
-            type: string
-        - name: limit
-          in: query
-          schema:
-            type: integer
-            default: 100
-        - name: sortOrder
-          in: query
-          schema:
-            type: string
-            default: ASCENDING
-        - name: after
-          in: query
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/LogEvent'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.logs.read
-      tags:
-        - SystemLog
-  /api/v1/mappings:
-    get:
-      summary: List all Profile Mappings
-      description: Enumerates Profile Mappings in your organization with pagination.
-      operationId: listProfileMappings
-      parameters:
-        - name: after
-          in: query
-          schema:
-            type: string
-        - name: limit
-          in: query
-          schema:
-            type: integer
-            format: int32
-            default: -1
-        - name: sourceId
-          in: query
-          schema:
-            type: string
-        - name: targetId
-          in: query
-          schema:
-            type: string
-            default: ''
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/ProfileMapping'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.profileMappings.read
-      tags:
-        - ProfileMapping
-  /api/v1/mappings/{mappingId}:
-    get:
-      summary: Retrieve a Profile Mapping
-      description: Fetches a single Profile Mapping referenced by its ID.
-      operationId: getProfileMapping
-      parameters:
-        - name: mappingId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ProfileMapping'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.profileMappings.read
-      tags:
-        - ProfileMapping
-    post:
-      summary: Update a Profile Mapping
-      description: Updates an existing Profile Mapping by adding, updating, or removing one or many Property Mappings.
-      operationId: updateProfileMapping
-      parameters:
-        - name: mappingId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: profileMapping
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/ProfileMapping'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ProfileMapping'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.profileMappings.manage
-      tags:
-        - ProfileMapping
-  /api/v1/meta/layouts/apps/{appName}:
-    get:
-      summary: Retrieve the UI Layout for an Application
-      description: Takes an Application name as an input parameter and retrieves the App Instance page Layout for that Application.
-      operationId: getApplicationLayout
-      parameters:
-        - name: appName
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: successful operation
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ApplicationLayout'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.schemas.read
-      tags:
-        - Schema
-  /api/v1/meta/schemas/apps/{appInstanceId}/default:
-    get:
-      summary: Retrieve the default Application User Schema for an Application
-      description: Fetches the Schema for an App User
-      operationId: getApplicationUserSchema
-      parameters:
-        - name: appInstanceId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: successful operation
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/UserSchema'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.schemas.read
-      tags:
-        - Schema
-    post:
-      summary: Update the default Application User Schema for an Application
-      description: Partial updates on the User Profile properties of the Application User Schema.
-      operationId: updateApplicationUserProfile
-      parameters:
-        - name: appInstanceId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: body
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/UserSchema'
-        required: false
-      responses:
-        '200':
-          description: successful operation
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/UserSchema'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.schemas.manage
-      tags:
-        - Schema
-  /api/v1/meta/schemas/group/default:
-    get:
-      summary: Retrieve the default Group Schema
-      description: Fetches the group schema
-      operationId: getGroupSchema
-      parameters: []
-      responses:
-        '200':
-          description: successful operation
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/GroupSchema'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.schemas.read
-      tags:
-        - Schema
-    post:
-      summary: Update the default Group Schema
-      description: Updates, adds or removes one or more custom Group Profile properties in the schema
-      operationId: updateGroupSchema
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/GroupSchema'
-      responses:
-        '200':
-          description: successful operation
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/GroupSchema'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.schemas.manage
-      tags:
-        - Schema
-  /api/v1/meta/schemas/user/linkedObjects:
-    get:
-      summary: List all Linked Object Definitions
-      description: Success
-      operationId: listLinkedObjectDefinitions
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/LinkedObject'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.linkedObjects.read
-      tags:
-        - LinkedObject
-    post:
-      summary: Create a Linked Object Definition
-      description: Success
-      operationId: addLinkedObjectDefinition
-      x-codegen-request-body-name: linkedObject
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/LinkedObject'
-        required: true
-      responses:
-        '201':
-          description: Created
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/LinkedObject'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.linkedObjects.manage
-      tags:
-        - LinkedObject
-  /api/v1/meta/schemas/user/linkedObjects/{linkedObjectName}:
-    get:
-      summary: Retrieve a Linked Object Definition
-      description: Success
-      operationId: getLinkedObjectDefinition
-      parameters:
-        - name: linkedObjectName
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/LinkedObject'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.linkedObjects.read
-      tags:
-        - LinkedObject
-    delete:
-      summary: Delete a Linked Object Definition
-      description: Success
-      operationId: deleteLinkedObjectDefinition
-      parameters:
-        - name: linkedObjectName
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.linkedObjects.manage
-      tags:
-        - LinkedObject
-  /api/v1/meta/schemas/user/{schemaId}:
-    get:
-      summary: Retrieve a User Schema
-      description: Fetches the schema for a Schema Id.
-      operationId: getUserSchema
-      parameters:
-        - name: schemaId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/UserSchema'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.schemas.read
-      tags:
-        - Schema
-    post:
-      summary: Update a User Schema
-      description: Partial updates on the User Profile properties of the user schema.
-      operationId: updateUserProfile
-      parameters:
-        - name: schemaId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: userSchema
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/UserSchema'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/UserSchema'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.schemas.manage
-      tags:
-        - Schema
-  /api/v1/meta/types/user:
-    get:
-      summary: List all User Types
-      description: Fetches all User Types in your org
-      operationId: listUserTypes
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/UserType'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.userTypes.read
-      tags:
-        - UserType
-    post:
-      summary: Create a User Type
-      description: Creates a new User Type. A default User Type is automatically created along with your org, and you may add another 9 User Types for a maximum of 10.
-      operationId: createUserType
-      x-codegen-request-body-name: userType
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/UserType'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/UserType'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.userTypes.manage
-      tags:
-        - UserType
-  /api/v1/meta/types/user/{typeId}:
-    get:
-      summary: Retrieve a User Type
-      description: Fetches a User Type by ID. The special identifier `default` may be used to fetch the default User Type.
-      operationId: getUserType
-      parameters:
-        - name: typeId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/UserType'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.userTypes.read
-      tags:
-        - UserType
-    post:
-      summary: Update a User Type
-      description: Updates an existing User Type
-      operationId: updateUserType
-      parameters:
-        - name: typeId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: userType
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/UserType'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/UserType'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.userTypes.manage
-      tags:
-        - UserType
-    put:
-      summary: Replace a User Type
-      description: Replace an existing User Type
-      operationId: replaceUserType
-      parameters:
-        - name: typeId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: userType
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/UserType'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/UserType'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.userTypes.manage
-      tags:
-        - UserType
-    delete:
-      summary: Delete a User Type
-      description: Deletes a User Type permanently. This operation is not permitted for the default type, nor for any User Type that has existing users
-      operationId: deleteUserType
-      parameters:
-        - name: typeId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.userTypes.manage
-      tags:
-        - UserType
-  /api/v1/org:
-    get:
-      summary: Retrieve the Org Settings
-      description: Get settings of your organization.
-      operationId: getOrgSettings
-      parameters: []
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OrgSetting'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.orgs.read
-      tags:
-        - OrgSetting
-    post:
-      summary: Update the Org Settings
-      description: Partial update settings of your organization.
-      operationId: partialUpdateOrgSetting
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/OrgSetting'
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OrgSetting'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.orgs.manage
-      tags:
-        - OrgSetting
-    put:
-      summary: Replace the Org Settings
-      description: Update settings of your organization.
-      operationId: updateOrgSetting
-      x-codegen-request-body-name: orgSetting
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/OrgSetting'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OrgSetting'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.orgs.manage
-      tags:
-        - OrgSetting
-  /api/v1/org/contacts:
-    get:
-      summary: Retrieve the Org Contact Types
-      description: Gets Contact Types of your organization.
-      operationId: getOrgContactTypes
-      parameters: []
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                items:
-                  $ref: '#/components/schemas/OrgContactTypeObj'
-                type: array
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.orgs.read
-      tags:
-        - OrgSetting
-  /api/v1/org/contacts/{contactType}:
-    get:
-      summary: Retrieve the User of the Contact Type
-      description: Retrieves the URL of the User associated with the specified Contact Type.
-      operationId: getOrgContactUser
-      parameters:
-        - in: path
-          name: contactType
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OrgContactUser'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.orgs.read
-      tags:
-        - OrgSetting
-    put:
-      summary: Replace the User of the Contact Type
-      description: Updates the User associated with the specified Contact Type.
-      operationId: updateOrgContactUser
-      parameters:
-        - in: path
-          name: contactType
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: orgContactUser
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/OrgContactUser'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OrgContactUser'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.orgs.manage
-      tags:
-        - OrgSetting
-  /api/v1/org/email/bounces/remove-list:
-    post:
-      summary: Remove Emails from Email Provider Bounce List
-      description: A list of email addresses to be removed from the set of email addresses that are bounced.
-      operationId: bulkRemoveEmailAddressBounces
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/BouncesRemoveListObj'
-            examples:
-              example-1:
-                value:
-                  emailAddresses:
-                    - name@company.com
-                    - unknown.email@okta.com
-                    - name@okta@com
-      responses:
-        '200':
-          description: Removes the provided list of emails from the set of email addresses that are bounced so that the provider resumes sending emails to those addresses.
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/BouncesRemoveListResult'
-              examples:
-                example-1:
-                  value:
-                    errors:
-                      - emailAddress: unknown.email@okta.com
-                        reason: This email address does not belong to any user in your organization.
-                      - emailAddress: name@okta@com
-                        reason: Invalid email address. The provided email address failed validation against RFC 3696.
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.orgs.manage
-      tags:
-        - OrgSetting
-  /api/v1/org/logo:
-    post:
-      summary: Upload the Org Logo
-      description: Updates the logo for your organization.
-      operationId: updateOrgLogo
-      requestBody:
-        content:
-          multipart/form-data:
-            schema:
-              description: The file must be in PNG, JPG, or GIF format and less than 100kB in size. For best results use landscape orientation, a transparent background, and a minimum size of 300px by 50px to prevent upscaling.
-              type: object
-              properties:
-                file:
-                  type: string
-                  format: binary
-              required:
-                - file
-        description: logo file
-      responses:
-        '201':
-          description: Created
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.apps.manage
-      tags:
-        - OrgSetting
-  /api/v1/org/preferences:
-    get:
-      summary: Retrieve the Org Preferences
-      description: Gets preferences of your organization.
-      operationId: getOrgPreferences
-      parameters: []
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OrgPreferences'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.orgs.read
-      tags:
-        - OrgSetting
-  /api/v1/org/preferences/hideEndUserFooter:
-    post:
-      summary: Update the Preference to Hide the Okta Dashboard Footer
-      description: Hide the Okta UI footer for all end users of your organization.
-      operationId: hideOktaUIFooter
-      parameters: []
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OrgPreferences'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.orgs.manage
-      tags:
-        - OrgSetting
-  /api/v1/org/preferences/showEndUserFooter:
-    post:
-      summary: Update the Preference to Show the Okta Dashboard Footer
-      description: Makes the Okta UI footer visible for all end users of your organization.
-      operationId: showOktaUIFooter
-      parameters: []
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OrgPreferences'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.orgs.manage
-      tags:
-        - OrgSetting
-  /api/v1/org/privacy/oktaCommunication:
-    get:
-      summary: Retreive the Okta Communication Settings
-      description: Gets Okta Communication Settings of your organization.
-      operationId: getOktaCommunicationSettings
-      parameters: []
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OrgOktaCommunicationSetting'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.orgs.read
-      tags:
-        - OrgSetting
-  /api/v1/org/privacy/oktaCommunication/optIn:
-    post:
-      summary: Opt in all Users to Okta Communication emails
-      description: Opts in all users of this org to Okta Communication emails.
-      operationId: optInUsersToOktaCommunicationEmails
-      parameters: []
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OrgOktaCommunicationSetting'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.orgs.manage
-      tags:
-        - OrgSetting
-  /api/v1/org/privacy/oktaCommunication/optOut:
-    post:
-      summary: Opt out all Users from Okta Communication emails
-      description: Opts out all users of this org from Okta Communication emails.
-      operationId: optOutUsersFromOktaCommunicationEmails
-      parameters: []
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OrgOktaCommunicationSetting'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.orgs.manage
-      tags:
-        - OrgSetting
-  /api/v1/org/privacy/oktaSupport:
-    get:
-      summary: Retrieve the Okta Support Settings
-      description: Gets Okta Support Settings of your organization.
-      operationId: getOrgOktaSupportSettings
-      parameters: []
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OrgOktaSupportSettingsObj'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.orgs.read
-      tags:
-        - OrgSetting
-  /api/v1/org/privacy/oktaSupport/extend:
-    post:
-      summary: Extend Okta Support Access
-      description: Extends the length of time that Okta Support can access your org by 24 hours. This means that 24 hours are added to the remaining access time.
-      operationId: extendOktaSupport
-      parameters: []
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OrgOktaSupportSettingsObj'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.orgs.manage
-      tags:
-        - OrgSetting
-  /api/v1/org/privacy/oktaSupport/grant:
-    post:
-      summary: Grant Okta Support Access to your Org
-      description: Enables you to temporarily allow Okta Support to access your org as an administrator for eight hours.
-      operationId: grantOktaSupport
-      parameters: []
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OrgOktaSupportSettingsObj'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.orgs.manage
-      tags:
-        - OrgSetting
-  /api/v1/org/privacy/oktaSupport/revoke:
-    post:
-      summary: Revoke Okta Support Access
-      description: Revokes Okta Support access to your organization.
-      operationId: revokeOktaSupport
-      parameters: []
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OrgOktaSupportSettingsObj'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.orgs.manage
-      tags:
-        - OrgSetting
-  /api/v1/policies:
-    get:
-      summary: List all Policies
-      description: Gets all policies with the specified type.
-      operationId: listPolicies
-      parameters:
-        - name: type
-          in: query
-          required: true
-          schema:
-            type: string
-        - name: status
-          in: query
-          schema:
-            type: string
-        - name: expand
-          in: query
-          schema:
-            type: string
-            default: ''
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/Policy'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.policies.read
-      tags:
-        - Policy
-    post:
-      summary: Create a Policy
-      description: Creates a policy.
-      operationId: createPolicy
-      parameters:
-        - name: activate
-          in: query
-          schema:
-            type: boolean
-            default: true
-      x-codegen-request-body-name: policy
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/Policy'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Policy'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.policies.manage
-      tags:
-        - Policy
-  /api/v1/policies/{policyId}:
-    get:
-      summary: Retrieve a Policy
-      description: Gets a policy.
-      operationId: getPolicy
-      parameters:
-        - name: policyId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: expand
-          in: query
-          schema:
-            type: string
-            default: ''
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Policy'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.policies.read
-      tags:
-        - Policy
-    put:
-      summary: Replace a Policy
-      description: Updates a policy.
-      operationId: updatePolicy
-      parameters:
-        - name: policyId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: policy
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/Policy'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Policy'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.policies.manage
-      tags:
-        - Policy
-    delete:
-      summary: Delete a Policy
-      description: Removes a policy.
-      operationId: deletePolicy
-      parameters:
-        - name: policyId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.policies.manage
-      tags:
-        - Policy
-  /api/v1/policies/{policyId}/clone:
-    post:
-      summary: Clone an existing policy
-      description: Clones an existing policy.
-      operationId: clonePolicy
-      parameters:
-        - name: policyId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Policy'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.policies.manage
-      tags:
-        - Policy
-  /api/v1/policies/{policyId}/lifecycle/activate:
-    post:
-      summary: Activate a Policy
-      description: Activates a policy.
-      operationId: activatePolicy
-      parameters:
-        - name: policyId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.policies.manage
-      tags:
-        - Policy
-  /api/v1/policies/{policyId}/lifecycle/deactivate:
-    post:
-      summary: Deactivate a Policy
-      description: Deactivates a policy.
-      operationId: deactivatePolicy
-      parameters:
-        - name: policyId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.policies.manage
-      tags:
-        - Policy
-  /api/v1/policies/{policyId}/rules:
-    get:
-      summary: List all Policy Rules
-      description: Enumerates all policy rules.
-      operationId: listPolicyRules
-      parameters:
-        - name: policyId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/PolicyRule'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.policies.read
-      tags:
-        - Policy
-    post:
-      summary: Create a Policy Rule
-      description: Creates a policy rule.
-      operationId: createPolicyRule
-      parameters:
-        - name: policyId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: policyRule
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/PolicyRule'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/PolicyRule'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.policies.manage
-      tags:
-        - Policy
-  /api/v1/policies/{policyId}/rules/{ruleId}:
-    get:
-      summary: Retrieve a Policy Rule
-      description: Gets a policy rule.
-      operationId: getPolicyRule
-      parameters:
-        - name: policyId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: ruleId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/PolicyRule'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.policies.read
-      tags:
-        - Policy
-    put:
-      summary: Replace a Policy Rule
-      description: Updates a policy rule.
-      operationId: updatePolicyRule
-      parameters:
-        - name: policyId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: ruleId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: policyRule
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/PolicyRule'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/PolicyRule'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.policies.manage
-      tags:
-        - Policy
-    delete:
-      summary: Delete a Policy Rule
-      description: Removes a policy rule.
-      operationId: deletePolicyRule
-      parameters:
-        - name: policyId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: ruleId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.policies.manage
-      tags:
-        - Policy
-  /api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate:
-    post:
-      summary: Activate a Policy Rule
-      description: Activates a policy rule.
-      operationId: activatePolicyRule
-      parameters:
-        - name: policyId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: ruleId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.policies.manage
-      tags:
-        - Policy
-  /api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate:
-    post:
-      summary: Deactivate a Policy Rule
-      description: Deactivates a policy rule.
-      operationId: deactivatePolicyRule
-      parameters:
-        - name: policyId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: ruleId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.policies.manage
-      tags:
-        - Policy
-  /api/v1/principal-rate-limits:
-    get:
-      summary: List all Principal Rate Limits
-      description: Lists all Principal Rate Limit entities considering the provided parameters.
-      operationId: listPrincipalRateLimitEntities
-      parameters:
-        - name: filter
-          in: query
-          schema:
-            type: string
-        - name: after
-          in: query
-          schema:
-            type: string
-        - name: limit
-          in: query
-          schema:
-            type: integer
-            format: int32
-            default: 20
-            maximum: 50
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/PrincipalRateLimitEntity'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.principalRateLimits.read
-      tags:
-        - PrincipalRateLimit
-    post:
-      summary: Create a Principal Rate Limit
-      description: Adds a new Principal Rate Limit entity to your organization. In the current release, we only allow one Principal Rate Limit entity per org and principal.
-      operationId: createPrincipalRateLimitEntity
-      x-codegen-request-body-name: entity
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/PrincipalRateLimitEntity'
-            examples:
-              SSWSToken:
-                $ref: '#/components/examples/PrincipalRateLimitEntityRequestSSWSToken'
-              EmptyPercentages:
-                $ref: '#/components/examples/PrincipalRateLimitEntityRequestEmptyPercentages'
-        required: true
-      responses:
-        '201':
-          description: Created
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/PrincipalRateLimitEntity'
-              examples:
-                SSWSToken:
-                  $ref: '#/components/examples/PrincipalRateLimitEntityResponseSSWSToken'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.principalRateLimits.manage
-      tags:
-        - PrincipalRateLimit
-  /api/v1/principal-rate-limits/{principalRateLimitId}:
-    parameters:
-      - $ref: '#/components/parameters/pathPrincipalRateLimitId'
-    get:
-      summary: Retrieve a Principal Rate Limit
-      description: Fetches a Principal Rate Limit entity by `principalRateLimitId`.
-      operationId: getPrincipalRateLimitEntity
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/PrincipalRateLimitEntity'
-              examples:
-                SSWSToken:
-                  $ref: '#/components/examples/PrincipalRateLimitEntityResponseSSWSToken'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.principalRateLimits.read
-      tags:
-        - PrincipalRateLimit
-    put:
-      summary: Replace a Principal Rate Limit
-      description: Update a  Principal Rate Limit entity by `principalRateLimitId`.
-      operationId: updatePrincipalRateLimitEntity
-      x-codegen-request-body-name: entity
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/PrincipalRateLimitEntity'
-            examples:
-              SSWSToken:
-                $ref: '#/components/examples/PrincipalRateLimitEntityRequestSSWSToken'
-              EmptyPercentages:
-                $ref: '#/components/examples/PrincipalRateLimitEntityRequestEmptyPercentages'
-        required: true
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/PrincipalRateLimitEntity'
-              examples:
-                SSWSToken:
-                  $ref: '#/components/examples/PrincipalRateLimitEntityResponseSSWSToken'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.principalRateLimits.manage
-      tags:
-        - PrincipalRateLimit
-  /api/v1/push-providers:
-    get:
-      summary: List all Push Providers
-      description: Enumerates push providers in your organization.
-      operationId: listPushProviders
-      parameters:
-        - name: type
-          in: query
-          description: Filters push providers by `providerType`
-          schema:
-            $ref: '#/components/schemas/ProviderType'
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/PushProvider'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.pushProviders.read
-      tags:
-        - PushProvider
-    post:
-      summary: Create a Push Provider
-      description: Adds a new push provider to your organization.
-      operationId: createPushProvider
-      x-codegen-request-body-name: pushProvider
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/PushProvider'
-            examples:
-              APNs:
-                $ref: '#/components/examples/PushProviderAPNsRequest'
-              FCM:
-                $ref: '#/components/examples/PushProviderFCMRequest'
-        required: true
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/PushProvider'
-              examples:
-                APNs:
-                  $ref: '#/components/examples/PushProviderAPNsResponse'
-                FCM:
-                  $ref: '#/components/examples/PushProviderFCMResponse'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.pushProviders.manage
-      tags:
-        - PushProvider
-  /api/v1/push-providers/{pushProviderId}:
-    get:
-      summary: Retrieve a Push Provider
-      description: Fetches a push provider by `pushProviderId`.
-      operationId: getPushProvider
-      parameters:
-        - $ref: '#/components/parameters/pathPushProviderId'
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/PushProvider'
-              examples:
-                APNs:
-                  $ref: '#/components/examples/PushProviderAPNsResponse'
-                FCM:
-                  $ref: '#/components/examples/PushProviderFCMResponse'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.pushProviders.read
-      tags:
-        - PushProvider
-    put:
-      summary: Replace a Push Provider
-      description: Updates a push provider by `pushProviderId`.
-      operationId: updatePushProvider
-      parameters:
-        - $ref: '#/components/parameters/pathPushProviderId'
-      x-codegen-request-body-name: pushProvider
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/PushProvider'
-            examples:
-              APNs:
-                $ref: '#/components/examples/PushProviderAPNsRequest'
-              FCM:
-                $ref: '#/components/examples/PushProviderFCMRequest'
-        required: true
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/PushProvider'
-              examples:
-                APNs:
-                  $ref: '#/components/examples/PushProviderAPNsResponse'
-                FCM:
-                  $ref: '#/components/examples/PushProviderFCMResponse'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.pushProviders.manage
-      tags:
-        - PushProvider
-    delete:
-      summary: Delete a Push Provider
-      description: Delete a push provider by `pushProviderId`. If the push provider is currently being used in the org by a custom authenticator, the delete will not be allowed.
-      operationId: deletePushProvider
-      parameters:
-        - $ref: '#/components/parameters/pathPushProviderId'
-      responses:
-        '204':
-          description: No Content
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '409':
-          description: Conflict
-          headers: {}
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-              examples:
-                Cannot remove push provider in use by a custom app authenticator:
-                  $ref: '#/components/examples/ErrorPushProviderUsedByCustomAppAuthenticator'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.pushProviders.manage
-      tags:
-        - PushProvider
-  /api/v1/roles/{roleTypeOrRoleId}/subscriptions:
-    get:
-      summary: List all Subscriptions of a Custom Role
-      description: When roleType List all subscriptions of a Role. Else when roleId List subscriptions of a Custom Role
-      operationId: listRoleSubscriptions
-      parameters:
-        - in: path
-          name: roleTypeOrRoleId
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                items:
-                  $ref: '#/components/schemas/Subscription'
-                type: array
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          description: Not Found
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.read
-      tags:
-        - Subscription
-  /api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}:
-    get:
-      summary: List all Subscriptions of a Custom Role with a specific notification type
-      description: When roleType Get subscriptions of a Role with a specific notification type. Else when roleId Get subscription of a Custom Role with a specific notification type.
-      operationId: getRoleSubscriptionByNotificationType
-      parameters:
-        - in: path
-          name: roleTypeOrRoleId
-          required: true
-          schema:
-            type: string
-        - in: path
-          name: notificationType
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Subscription'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          description: Not Found
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.read
-      tags:
-        - Subscription
-  /api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/subscribe:
-    post:
-      summary: Subscribe a Custom Role to a specific notification type
-      description: When roleType Subscribes a Role to a specific notification type. When you change the subscription status of a Role, it overrides the subscription of any individual user of that Role. Else when roleId Subscribes a Custom Role to a specific notification type. When you change the subscription status of a Custom Role, it overrides the subscription of any individual user of that Custom Role.
-      operationId: subscribeRoleSubscriptionByNotificationType
-      parameters:
-        - in: path
-          name: roleTypeOrRoleId
-          required: true
-          schema:
-            type: string
-        - in: path
-          name: notificationType
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          description: Not Found
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.manage
-      tags:
-        - Subscription
-  /api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/unsubscribe:
-    post:
-      summary: Unsubscribe a Custom Role from a specific notification type
-      description: When roleType Unsubscribes a Role from a specific notification type. When you change the subscription status of a Role, it overrides the subscription of any individual user of that Role. Else when roleId Unsubscribes a Custom Role from a specific notification type. When you change the subscription status of a Custom Role, it overrides the subscription of any individual user of that Custom Role.
-      operationId: unsubscribeRoleSubscriptionByNotificationType
-      parameters:
-        - in: path
-          name: roleTypeOrRoleId
-          required: true
-          schema:
-            type: string
-        - in: path
-          name: notificationType
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          description: Not Found
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.manage
-      tags:
-        - Subscription
-  /api/v1/sessions:
-    post:
-      summary: Create a Session with Session Token
-      description: Creates a new session for a user with a valid session token. Use this API if, for example, you want to set the session cookie yourself instead of allowing Okta to set it, or want to hold the session ID in order to delete a session via the API instead of visiting the logout URL.
-      operationId: createSession
-      x-codegen-request-body-name: createSessionRequest
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/CreateSessionRequest'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Session'
-        '400':
-          description: Bad Request
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-      tags:
-        - Session
-  /api/v1/sessions/{sessionId}:
-    get:
-      summary: Retrieve a Session
-      description: Get details about a session.
-      operationId: getSession
-      parameters:
-        - name: sessionId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Session'
-        '400':
-          description: Bad Request
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          description: Not Found
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.sessions.read
-      tags:
-        - Session
-    delete:
-      summary: Delete a Session
-      description: End a session.
-      operationId: endSession
-      parameters:
-        - name: sessionId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.sessions.manage
-      tags:
-        - Session
-  /api/v1/sessions/{sessionId}/lifecycle/refresh:
-    post:
-      summary: Refresh a Session
-      description: Refresh a session.
-      operationId: refreshSession
-      parameters:
-        - name: sessionId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Session'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          description: Not Found
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.sessions.manage
-      tags:
-        - Session
-  /api/v1/templates/sms:
-    get:
-      summary: List all SMS Templates
-      description: Enumerates custom SMS templates in your organization. A subset of templates can be returned that match a template type.
-      operationId: listSmsTemplates
-      parameters:
-        - name: templateType
-          in: query
-          schema:
-            $ref: '#/components/schemas/SmsTemplateType'
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/SmsTemplate'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.templates.read
-      tags:
-        - Template
-    post:
-      summary: Create an SMS Template
-      description: Adds a new custom SMS template to your organization.
-      operationId: createSmsTemplate
-      x-codegen-request-body-name: smsTemplate
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/SmsTemplate'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/SmsTemplate'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.templates.manage
-      tags:
-        - Template
-  /api/v1/templates/sms/{templateId}:
-    get:
-      summary: Retrieve an SMS Template
-      description: Fetches a specific template by `id`
-      operationId: getSmsTemplate
-      parameters:
-        - name: templateId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/SmsTemplate'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.templates.read
-      tags:
-        - Template
-    post:
-      summary: Update an SMS Template
-      description: 'Updates only some of the SMS template properties:'
-      operationId: partialUpdateSmsTemplate
-      parameters:
-        - name: templateId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: smsTemplate
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/SmsTemplate'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/SmsTemplate'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.templates.manage
-      tags:
-        - Template
-    put:
-      summary: Replace an SMS Template
-      description: Updates the SMS template.
-      operationId: updateSmsTemplate
-      parameters:
-        - name: templateId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: smsTemplate
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/SmsTemplate'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/SmsTemplate'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.templates.manage
-      tags:
-        - Template
-    delete:
-      summary: Delete an SMS Template
-      description: Removes an SMS template.
-      operationId: deleteSmsTemplate
-      parameters:
-        - name: templateId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.templates.manage
-      tags:
-        - Template
-  /api/v1/threats/configuration:
-    get:
-      summary: Retrieve the ThreatInsight Configuration
-      description: Gets current ThreatInsight configuration
-      operationId: getCurrentConfiguration
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ThreatInsightConfiguration'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.threatInsights.read
-      tags:
-        - ThreatInsight
-    post:
-      summary: Update the ThreatInsight Configuration
-      description: Updates ThreatInsight configuration
-      operationId: updateConfiguration
-      x-codegen-request-body-name: threatInsightConfiguration
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/ThreatInsightConfiguration'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ThreatInsightConfiguration'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.threatInsights.manage
-      tags:
-        - ThreatInsight
-  /api/v1/trustedOrigins:
-    get:
-      summary: List all Trusted Origins
-      description: Success
-      operationId: listOrigins
-      parameters:
-        - name: q
-          in: query
-          schema:
-            type: string
-        - name: filter
-          in: query
-          schema:
-            type: string
-        - name: after
-          in: query
-          schema:
-            type: string
-        - name: limit
-          in: query
-          schema:
-            type: integer
-            format: int32
-            default: -1
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/TrustedOrigin'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.trustedOrigins.read
-      tags:
-        - TrustedOrigin
-    post:
-      summary: Create a Trusted Origin
-      description: Success
-      operationId: createOrigin
-      x-codegen-request-body-name: trustedOrigin
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/TrustedOrigin'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/TrustedOrigin'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.trustedOrigins.manage
-      tags:
-        - TrustedOrigin
-  /api/v1/trustedOrigins/{trustedOriginId}:
-    get:
-      summary: Retrieve a Trusted Origin
-      description: Success
-      operationId: getOrigin
-      parameters:
-        - name: trustedOriginId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/TrustedOrigin'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.trustedOrigins.read
-      tags:
-        - TrustedOrigin
-    put:
-      summary: Replace a Trusted Origin
-      description: Success
-      operationId: updateOrigin
-      parameters:
-        - name: trustedOriginId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: trustedOrigin
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/TrustedOrigin'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/TrustedOrigin'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.trustedOrigins.manage
-      tags:
-        - TrustedOrigin
-    delete:
-      summary: Delete a Trusted Origin
-      description: Success
-      operationId: deleteOrigin
-      parameters:
-        - name: trustedOriginId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: Success
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.trustedOrigins.manage
-      tags:
-        - TrustedOrigin
-  /api/v1/trustedOrigins/{trustedOriginId}/lifecycle/activate:
-    post:
-      summary: Activate a Trusted Origin
-      description: Success
-      operationId: activateOrigin
-      parameters:
-        - name: trustedOriginId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/TrustedOrigin'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.trustedOrigins.manage
-      tags:
-        - TrustedOrigin
-  /api/v1/trustedOrigins/{trustedOriginId}/lifecycle/deactivate:
-    post:
-      summary: Deactivate a Trusted Origin
-      description: Success
-      operationId: deactivateOrigin
-      parameters:
-        - name: trustedOriginId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/TrustedOrigin'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.trustedOrigins.manage
-      tags:
-        - TrustedOrigin
-  /api/v1/users:
-    get:
-      summary: List all Users
-      description: Lists users in your organization with pagination in most cases.  A subset of users can be returned that match a supported filter expression or search criteria.
-      operationId: listUsers
-      parameters:
-        - $ref: '#/components/parameters/queryAfter'
-        - name: q
-          in: query
-          description: Finds a user that matches firstName, lastName, and email properties
-          schema:
-            type: string
-        - name: limit
-          in: query
-          description: Specifies the number of results returned. Defaults to 10 if `q` is provided.
-          schema:
-            type: integer
-            format: int32
-            default: 200
-        - name: filter
-          in: query
-          description: Filters users with a supported expression for a subset of properties
-          schema:
-            type: string
-        - name: search
-          in: query
-          description: Searches for users with a supported filtering  expression for most properties
-          schema:
-            type: string
-        - name: sortBy
-          in: query
-          schema:
-            type: string
-        - name: sortOrder
-          in: query
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/User'
-              examples:
-                User List:
-                  $ref: '#/components/examples/ListUsersResponse'
-        '403':
-          description: Forbidden
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.read
-      tags:
-        - User
-    post:
-      summary: Create a User
-      description: Creates a new user in your Okta organization with or without credentials.
-      operationId: createUser
-      parameters:
-        - name: activate
-          in: query
-          description: Executes activation lifecycle operation when creating the user
-          schema:
-            type: boolean
-            default: true
-        - name: provider
-          in: query
-          description: Indicates whether to create a user with a specified authentication provider
-          schema:
-            type: boolean
-            default: false
-        - name: nextLogin
-          in: query
-          description: With activate=true, set nextLogin to "changePassword" to have the password be EXPIRED, so user must change it the next time they log in.
-          schema:
-            $ref: '#/components/schemas/UserNextLogin'
-          x-okta-added-version: 0.14.0
-      x-codegen-request-body-name: body
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/CreateUserRequest'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/User'
-        '400':
-          description: Bad Request
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-              examples:
-                Create user with too many groups specified:
-                  $ref: '#/components/examples/ErrorCreateUserWithTooManyManyGroupsResponse'
-                Create user with expired password and activate set to `false`:
-                  $ref: '#/components/examples/ErrorCreateUserWithExpiredPasswordWithoutActivation'
-                Create user with expired password and `null` password:
-                  $ref: '#/components/examples/ErrorCreateUserWithExpiredPasswordWithNullPassword'
-        '403':
-          description: Forbidden
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-  /api/v1/users/{associatedUserId}/linkedObjects/{primaryRelationshipName}/{primaryUserId}:
-    put:
-      summary: Create a Linked Object for two User
-      description: Sets a linked object for two users.
-      operationId: setLinkedObjectForUser
-      parameters:
-        - name: associatedUserId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: primaryRelationshipName
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: primaryUserId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: Success
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-  /api/v1/users/{userId}:
-    get:
-      summary: Retrieve a User
-      description: Fetches a user from your Okta organization.
-      operationId: getUser
-      parameters:
-        - $ref: '#/components/parameters/pathUserId'
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/User'
-        '403':
-          description: Forbidden
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '404':
-          description: Not Found
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.read
-      tags:
-        - User
-    post:
-      summary: Update a User
-      description: Fetch a user by `id`, `login`, or `login shortname` if the short name is unambiguous.
-      operationId: partialUpdateUser
-      parameters:
-        - $ref: '#/components/parameters/pathUserId'
-        - name: strict
-          in: query
-          schema:
-            type: boolean
-      x-codegen-request-body-name: user
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/UpdateUserRequest'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/User'
-        '400':
-          description: Bad Request
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '403':
-          description: Forbidden
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '404':
-          description: Not Found
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-    put:
-      summary: Replace a User
-      description: Update a user's profile and/or credentials using strict-update semantics.
-      operationId: updateUser
-      parameters:
-        - $ref: '#/components/parameters/pathUserId'
-        - name: strict
-          in: query
-          schema:
-            type: boolean
-          x-okta-added-version: 1.10.0
-      x-codegen-request-body-name: user
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/UpdateUserRequest'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/User'
-        '400':
-          description: Bad Request
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '403':
-          description: Forbidden
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '404':
-          description: Not Found
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-    delete:
-      summary: Delete a User
-      description: Deletes a user permanently.  This operation can only be performed on users that have a `DEPROVISIONED` status.  **This action cannot be recovered!**
-      operationId: deactivateOrDeleteUser
-      parameters:
-        - $ref: '#/components/parameters/pathUserId'
-        - name: sendEmail
-          in: query
-          schema:
-            type: boolean
-            default: false
-          x-okta-added-version: 1.5.0
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '400':
-          description: Bad Request
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '403':
-          description: Forbidden
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '404':
-          description: Not Found
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/appLinks:
-    get:
-      summary: List all Assigned Application Links
-      description: Fetches appLinks for all direct or indirect (via group membership) assigned applications.
-      operationId: listAppLinks
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/AppLink'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.read
-      tags:
-        - User
-  /api/v1/users/{userId}/clients:
-    get:
-      summary: List all Clients
-      description: Lists all client resources for which the specified user has grants or tokens.
-      operationId: listUserClients
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/OAuth2Client'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.read
-      tags:
-        - User
-  /api/v1/users/{userId}/clients/{clientId}/grants:
-    get:
-      summary: List all Grants for a Client
-      description: Lists all grants for a specified user and client
-      operationId: listGrantsForUserAndClient
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: clientId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: expand
-          in: query
-          schema:
-            type: string
-        - name: after
-          in: query
-          schema:
-            type: string
-        - name: limit
-          in: query
-          schema:
-            type: integer
-            format: int32
-            default: 20
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.read
-      tags:
-        - User
-    delete:
-      summary: Revoke all Grants for a Client
-      description: Revokes all grants for the specified user and client
-      operationId: revokeGrantsForUserAndClient
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: clientId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/clients/{clientId}/tokens:
-    get:
-      summary: List all Refresh Tokens for a Client
-      description: Lists all refresh tokens issued for the specified User and Client.
-      operationId: listRefreshTokensForUserAndClient
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: clientId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: expand
-          in: query
-          schema:
-            type: string
-        - name: after
-          in: query
-          schema:
-            type: string
-        - name: limit
-          in: query
-          schema:
-            type: integer
-            format: int32
-            default: 20
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/OAuth2RefreshToken'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.read
-      tags:
-        - User
-    delete:
-      summary: Revoke all Refresh Tokens for a Client
-      description: Revokes all refresh tokens issued for the specified User and Client.
-      operationId: revokeTokensForUserAndClient
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: clientId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId}:
-    get:
-      summary: Retrieve a Refresh Token for a Client
-      description: Gets a refresh token issued for the specified User and Client.
-      operationId: getRefreshTokenForUserAndClient
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: clientId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: tokenId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: expand
-          in: query
-          schema:
-            type: string
-        - name: limit
-          in: query
-          schema:
-            type: integer
-            default: 20
-        - name: after
-          in: query
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OAuth2RefreshToken'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.read
-      tags:
-        - User
-    delete:
-      summary: Revoke a Token for a Client
-      description: Revokes the specified refresh token.
-      operationId: revokeTokenForUserAndClient
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: clientId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: tokenId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/credentials/change_password:
-    post:
-      summary: Change Password
-      description: Changes a user's password by validating the user's current password. This operation can only be performed on users in `STAGED`, `ACTIVE`, `PASSWORD_EXPIRED`, or `RECOVERY` status that have a valid password credential
-      operationId: changePassword
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: strict
-          in: query
-          schema:
-            type: boolean
-          x-okta-added-version: 1.10.0
-      x-codegen-request-body-name: changePasswordRequest
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/ChangePasswordRequest'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/UserCredentials'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/credentials/change_recovery_question:
-    post:
-      summary: Change Recovery Question
-      description: Changes a user's recovery question & answer credential by validating the user's current password.  This operation can only be performed on users in **STAGED**, **ACTIVE** or **RECOVERY** `status` that have a valid password credential
-      operationId: changeRecoveryQuestion
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: userCredentials
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/UserCredentials'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/UserCredentials'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/credentials/forgot_password:
-    post:
-      summary: Initiate Forgot Password
-      description: Initiate forgot password flow. Generates a one-time token (OTT) that can be used to reset a user's password.
-      operationId: forgotPassword
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: sendEmail
-          in: query
-          required: false
-          schema:
-            type: boolean
-            default: true
-      responses:
-        '200':
-          description: Reset url
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ForgotPasswordResponse'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/credentials/forgot_password_recovery_question:
-    post:
-      summary: Reset Password with Recovery Question
-      description: Resets the user's password to the specified password if the provided answer to the recovery question is correct.
-      operationId: forgotPasswordSetNewPassword
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: sendEmail
-          in: query
-          required: false
-          schema:
-            type: boolean
-            default: true
-      x-codegen-request-body-name: userCredentials
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/UserCredentials'
-        required: true
-      responses:
-        '200':
-          description: Credentials
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/UserCredentials'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/factors:
-    get:
-      summary: List all Factors
-      description: Enumerates all the enrolled factors for the specified user
-      operationId: listFactors
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/UserFactor'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.read
-      tags:
-        - UserFactor
-    post:
-      summary: Enroll a Factor
-      description: Enrolls a user with a supported factor.
-      operationId: enrollFactor
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: updatePhone
-          in: query
-          schema:
-            type: boolean
-            default: false
-        - name: templateId
-          in: query
-          description: id of SMS template (only for SMS factor)
-          schema:
-            type: string
-        - name: tokenLifetimeSeconds
-          in: query
-          schema:
-            type: integer
-            format: int32
-            default: 300
-          x-okta-added-version: 1.3.0
-        - name: activate
-          in: query
-          schema:
-            type: boolean
-            default: false
-          x-okta-added-version: 1.3.0
-      x-codegen-request-body-name: body
-      requestBody:
-        description: Factor
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/UserFactor'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/UserFactor'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - UserFactor
-  /api/v1/users/{userId}/factors/catalog:
-    get:
-      summary: List all Supported Factors
-      description: Enumerates all the supported factors that can be enrolled for the specified user
-      operationId: listSupportedFactors
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/UserFactor'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.read
-      tags:
-        - UserFactor
-  /api/v1/users/{userId}/factors/questions:
-    get:
-      summary: List all Supported Security Questions
-      description: Enumerates all available security questions for a user's `question` factor
-      operationId: listSupportedSecurityQuestions
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/SecurityQuestion'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-      tags:
-        - UserFactor
-  /api/v1/users/{userId}/factors/{factorId}:
-    get:
-      summary: Retrieve a Factor
-      description: Fetches a factor for the specified user
-      operationId: getFactor
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: factorId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/UserFactor'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.read
-      tags:
-        - UserFactor
-    delete:
-      summary: Delete a Factor
-      description: Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.
-      operationId: deleteFactor
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: factorId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: removeEnrollmentRecovery
-          in: query
-          schema:
-            type: boolean
-            default: false
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - UserFactor
-  /api/v1/users/{userId}/factors/{factorId}/lifecycle/activate:
-    post:
-      summary: Activate a Factor
-      description: The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.
-      operationId: activateFactor
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: factorId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: body
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/ActivateFactorRequest'
-        required: false
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/UserFactor'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - UserFactor
-  /api/v1/users/{userId}/factors/{factorId}/transactions/{transactionId}:
-    get:
-      summary: Retrieve a Factor Transaction Status
-      description: Polls factors verification transaction for status.
-      operationId: getFactorTransactionStatus
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: factorId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: transactionId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/VerifyUserFactorResponse'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.read
-      tags:
-        - UserFactor
-  /api/v1/users/{userId}/factors/{factorId}/verify:
-    post:
-      summary: Verify an MFA Factor
-      description: Verifies an OTP for a `token` or `token:hardware` factor
-      operationId: verifyFactor
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: factorId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: templateId
-          in: query
-          schema:
-            type: string
-        - name: tokenLifetimeSeconds
-          in: query
-          schema:
-            type: integer
-            format: int32
-            default: 300
-          x-okta-added-version: 1.3.0
-        - name: X-Forwarded-For
-          in: header
-          schema:
-            type: string
-          x-okta-added-version: 1.11.0
-        - name: User-Agent
-          in: header
-          schema:
-            type: string
-          x-okta-added-version: 1.11.0
-        - name: Accept-Language
-          in: header
-          schema:
-            type: string
-      x-codegen-request-body-name: body
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/VerifyFactorRequest'
-        required: false
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/VerifyUserFactorResponse'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - UserFactor
-  /api/v1/users/{userId}/grants:
-    get:
-      summary: List all User Grants
-      description: Lists all grants for the specified user
-      operationId: listUserGrants
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: scopeId
-          in: query
-          schema:
-            type: string
-        - name: expand
-          in: query
-          schema:
-            type: string
-        - name: after
-          in: query
-          schema:
-            type: string
-        - name: limit
-          in: query
-          schema:
-            type: integer
-            format: int32
-            default: 20
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.read
-      tags:
-        - User
-    delete:
-      summary: Revoke all User Grants
-      description: Revokes all grants for a specified user
-      operationId: revokeUserGrants
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/grants/{grantId}:
-    get:
-      summary: Retrieve a User Grant
-      description: Gets a grant for the specified user
-      operationId: getUserGrant
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: grantId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: expand
-          in: query
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.read
-      tags:
-        - User
-    delete:
-      summary: Revoke a User Grant
-      description: Revokes one grant for a specified user
-      operationId: revokeUserGrant
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: grantId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/groups:
-    get:
-      summary: List all Groups
-      description: Fetches the groups of which the user is a member.
-      operationId: listUserGroups
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/Group'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.read
-      tags:
-        - User
-  /api/v1/users/{userId}/idps:
-    get:
-      summary: List all Identity Providers
-      description: Lists the IdPs associated with the user.
-      operationId: listUserIdentityProviders
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/IdentityProvider'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.read
-      tags:
-        - User
-  /api/v1/users/{userId}/lifecycle/activate:
-    post:
-      summary: Activate a User
-      description: Activates a user.  This operation can only be performed on users with a `STAGED` status.  Activation of a user is an asynchronous operation. The user will have the `transitioningToStatus` property with a value of `ACTIVE` during activation to indicate that the user hasn't completed the asynchronous operation.  The user will have a status of `ACTIVE` when the activation process is complete.
-      operationId: activateUser
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: sendEmail
-          in: query
-          description: Sends an activation email to the user if true
-          required: true
-          schema:
-            type: boolean
-            default: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/UserActivationToken'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/lifecycle/deactivate:
-    post:
-      summary: Deactivate a User
-      description: 'Deactivates a user. This operation can only be performed on users that do not have a `DEPROVISIONED` status. While the asynchronous operation (triggered by HTTP header `Prefer: respond-async`) is proceeding the user''s `transitioningToStatus` property is `DEPROVISIONED`. The user''s status is `DEPROVISIONED` when the deactivation process is complete.'
-      operationId: deactivateUser
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: sendEmail
-          in: query
-          schema:
-            type: boolean
-            default: false
-          x-okta-added-version: 1.5.0
-      responses:
-        '200':
-          description: OK
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/lifecycle/expire_password:
-    post:
-      summary: Expire Password
-      description: This operation transitions the user to the status of `PASSWORD_EXPIRED` so that the user is required to change their password at their next login.
-      operationId: expirePassword
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/User'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/lifecycle/expire_password_with_temp_password:
-    post:
-      summary: Expire Password and Set Temporary Password
-      description: This operation transitions the user to the status of `PASSWORD_EXPIRED` so that the user is required to change their password at their next login, and also sets the user's password to a temporary password returned in the response.
-      operationId: expirePasswordAndGetTemporaryPassword
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/TempPassword'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/lifecycle/reactivate:
-    post:
-      summary: Reactivate a User
-      description: Reactivates a user.  This operation can only be performed on users with a `PROVISIONED` status.  This operation restarts the activation workflow if for some reason the user activation was not completed when using the activationToken from [Activate User](#activate-user).
-      operationId: reactivateUser
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: sendEmail
-          in: query
-          description: Sends an activation email to the user if true
-          schema:
-            type: boolean
-            default: false
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/UserActivationToken'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/lifecycle/reset_factors:
-    post:
-      summary: Reset all Factors
-      description: This operation resets all factors for the specified user. All MFA factor enrollments returned to the unenrolled state. The user's status remains ACTIVE. This link is present only if the user is currently enrolled in one or more MFA factors.
-      operationId: resetFactors
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: OK
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/lifecycle/reset_password:
-    post:
-      summary: Reset Password
-      description: Generates a one-time token (OTT) that can be used to reset a user's password.  The OTT link can be automatically emailed to the user or returned to the API caller and distributed using a custom flow.
-      operationId: resetPassword
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: sendEmail
-          in: query
-          required: true
-          schema:
-            type: boolean
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ResetPasswordToken'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/lifecycle/suspend:
-    post:
-      summary: Suspend a User
-      description: Suspends a user.  This operation can only be performed on users with an `ACTIVE` status.  The user will have a status of `SUSPENDED` when the process is complete.
-      operationId: suspendUser
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: OK
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/lifecycle/unlock:
-    post:
-      summary: Unlock a User
-      description: Unlocks a user with a `LOCKED_OUT` status and returns them to `ACTIVE` status.  Users will be able to login with their current password.
-      operationId: unlockUser
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/lifecycle/unsuspend:
-    post:
-      summary: Unsuspend a User
-      description: Unsuspends a user and returns them to the `ACTIVE` state.  This operation can only be performed on users that have a `SUSPENDED` status.
-      operationId: unsuspendUser
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/linkedObjects/{relationshipName}:
-    get:
-      summary: List all Linked Objects
-      description: Get linked objects for a user, relationshipName can be a primary or associated relationship name
-      operationId: getLinkedObjectsForUser
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: relationshipName
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: after
-          in: query
-          schema:
-            type: string
-        - name: limit
-          in: query
-          schema:
-            type: integer
-            format: int32
-            default: -1
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/ResponseLinks'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.read
-      tags:
-        - User
-    delete:
-      summary: Delete a Linked Object
-      description: Delete linked objects for a user, relationshipName can be ONLY a primary relationship name
-      operationId: removeLinkedObjectForUser
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: relationshipName
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/roles:
-    get:
-      summary: List all Assigned Roles
-      description: Lists all roles assigned to a user.
-      operationId: listAssignedRolesForUser
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: expand
-          in: query
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/Role'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.read
-      tags:
-        - User
-    post:
-      summary: Assign a Role
-      description: Assigns a role to a user.
-      operationId: assignRoleToUser
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: disableNotifications
-          in: query
-          schema:
-            type: boolean
-      x-codegen-request-body-name: assignRoleRequest
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/AssignRoleRequest'
-        required: true
-      responses:
-        '201':
-          description: Created
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Role'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/roles/{roleId}:
-    get:
-      summary: Retrieve a Role
-      description: Gets role that is assigned to user.
-      operationId: getUserRole
-      parameters:
-        - in: path
-          name: userId
-          required: true
-          schema:
-            type: string
-        - in: path
-          name: roleId
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Role'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.read
-      tags:
-        - User
-    delete:
-      summary: Delete a Role
-      description: Unassigns a role from a user.
-      operationId: removeRoleFromUser
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: roleId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps:
-    get:
-      summary: List all Application Targets for Application Administrator Role
-      description: Lists all App targets for an `APP_ADMIN` Role assigned to a User. This methods return list may include full Applications or Instances. The response for an instance will have an `ID` value, while Application will not have an ID.
-      operationId: listApplicationTargetsForApplicationAdministratorRoleForUser
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: roleId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: after
-          in: query
-          schema:
-            type: string
-        - name: limit
-          in: query
-          schema:
-            type: integer
-            format: int32
-            default: 20
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/CatalogApplication'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.read
-      tags:
-        - User
-    put:
-      summary: Assign all Apps as Target to Role
-      description: Assign all Apps as Target to Role
-      operationId: addAllAppsAsTargetToRole
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: roleId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}:
-    put:
-      summary: Assign an Application Target to Administrator Role
-      description: Success
-      operationId: addApplicationTargetToAdminRoleForUser
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: roleId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: appName
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.manage
-      tags:
-        - User
-    delete:
-      summary: Unassign an Application Target from Application Administrator Role
-      description: Success
-      operationId: removeApplicationTargetFromApplicationAdministratorRoleForUser
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: roleId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: appName
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}:
-    put:
-      summary: Assign an Application Instance Target to an Application Administrator Role
-      description: Add App Instance Target to App Administrator Role given to a User
-      operationId: addApplicationTargetToAppAdminRoleForUser
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: roleId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: appName
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: applicationId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.manage
-      tags:
-        - User
-    delete:
-      summary: Unassign an Application Instance Target to Application Administrator Role
-      description: Remove App Instance Target to App Administrator Role given to a User
-      operationId: removeApplicationTargetFromAdministratorRoleForUser
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: roleId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: appName
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: applicationId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/roles/{roleId}/targets/groups:
-    get:
-      summary: List all Group Targets for Role
-      description: Success
-      operationId: listGroupTargetsForRole
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: roleId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: after
-          in: query
-          schema:
-            type: string
-        - name: limit
-          in: query
-          schema:
-            type: integer
-            format: int32
-            default: 20
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/Group'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.read
-      tags:
-        - User
-  /api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}:
-    put:
-      summary: Assign a Group Target to Role
-      description: Assign a Group Target to Role
-      operationId: addGroupTargetToRole
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: roleId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.manage
-      tags:
-        - User
-    delete:
-      summary: Unassign a Group Target from Role
-      description: Unassign a Group Target from Role
-      operationId: removeGroupTargetFromRole
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: roleId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.roles.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/sessions:
-    delete:
-      summary: Delete all User Sessions
-      description: Removes all active identity provider sessions. This forces the user to authenticate on the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user.
-      operationId: clearUserSessions
-      parameters:
-        - name: userId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: oauthTokens
-          in: query
-          description: Revoke issued OpenID Connect and OAuth refresh and access tokens
-          schema:
-            type: boolean
-            default: false
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/subscriptions:
-    get:
-      summary: List all Subscriptions
-      description: List subscriptions of a User. Only lists subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users.
-      operationId: listUserSubscriptions
-      parameters:
-        - in: path
-          name: userId
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                items:
-                  $ref: '#/components/schemas/Subscription'
-                type: array
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          description: Not Found
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.read
-      tags:
-        - Subscription
-  /api/v1/users/{userId}/subscriptions/{notificationType}:
-    get:
-      summary: List all Subscriptions by type
-      description: Get the subscriptions of a User with a specific notification type. Only gets subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users.
-      operationId: getUserSubscriptionByNotificationType
-      parameters:
-        - in: path
-          name: userId
-          required: true
-          schema:
-            type: string
-        - in: path
-          name: notificationType
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Subscription'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          description: Not Found
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.read
-      tags:
-        - Subscription
-  /api/v1/users/{userId}/subscriptions/{notificationType}/subscribe:
-    post:
-      summary: Subscribe to a specific notification type
-      description: Subscribes a User to a specific notification type. Only the current User can subscribe to a specific notification type. An AccessDeniedException message is sent if requests are made from other users.
-      operationId: subscribeUserSubscriptionByNotificationType
-      parameters:
-        - in: path
-          name: userId
-          required: true
-          schema:
-            type: string
-        - in: path
-          name: notificationType
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          description: Not Found
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - Subscription
-  /api/v1/users/{userId}/subscriptions/{notificationType}/unsubscribe:
-    post:
-      summary: Unsubscribe from a specific notification type
-      description: Unsubscribes a User from a specific notification type. Only the current User can unsubscribe from a specific notification type. An AccessDeniedException message is sent if requests are made from other users.
-      operationId: unsubscribeUserSubscriptionByNotificationType
-      parameters:
-        - in: path
-          name: userId
-          required: true
-          schema:
-            type: string
-        - in: path
-          name: notificationType
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          description: Not Found
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.users.manage
-      tags:
-        - Subscription
-  /api/v1/zones:
-    get:
-      summary: List all Network Zones
-      description: Enumerates network zones added to your organization with pagination. A subset of zones can be returned that match a supported filter expression or query.
-      operationId: listNetworkZones
-      parameters:
-        - name: after
-          in: query
-          description: Specifies the pagination cursor for the next page of network zones
-          schema:
-            type: string
-        - name: limit
-          in: query
-          description: Specifies the number of results for a page
-          schema:
-            type: integer
-            format: int32
-            default: -1
-        - name: filter
-          in: query
-          description: Filters zones by usage or id expression
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/NetworkZone'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.networkZones.read
-      tags:
-        - NetworkZone
-    post:
-      summary: Create a Network Zone
-      description: Adds a new network zone to your Okta organization.
-      operationId: createNetworkZone
-      x-codegen-request-body-name: zone
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/NetworkZone'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/NetworkZone'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.networkZones.manage
-      tags:
-        - NetworkZone
-  /api/v1/zones/{zoneId}:
-    get:
-      summary: Retrieve a Network Zone
-      description: Fetches a network zone from your Okta organization by `id`.
-      operationId: getNetworkZone
-      parameters:
-        - name: zoneId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/NetworkZone'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.networkZones.read
-      tags:
-        - NetworkZone
-    put:
-      summary: Replace a Network Zone
-      description: Updates a network zone in your organization.
-      operationId: updateNetworkZone
-      parameters:
-        - name: zoneId
-          in: path
-          required: true
-          schema:
-            type: string
-      x-codegen-request-body-name: zone
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/NetworkZone'
-        required: true
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/NetworkZone'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.networkZones.manage
-      tags:
-        - NetworkZone
-    delete:
-      summary: Delete a Network Zone
-      description: Removes network zone.
-      operationId: deleteNetworkZone
-      parameters:
-        - name: zoneId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.networkZones.manage
-      tags:
-        - NetworkZone
-  /api/v1/zones/{zoneId}/lifecycle/activate:
-    post:
-      summary: Activate a Network Zone
-      description: Activate Network Zone
-      operationId: activateNetworkZone
-      parameters:
-        - name: zoneId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/NetworkZone'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.networkZones.manage
-      tags:
-        - NetworkZone
-  /api/v1/zones/{zoneId}/lifecycle/deactivate:
-    post:
-      summary: Deactivate a Network Zone
-      description: Deactivates a network zone.
-      operationId: deactivateNetworkZone
-      parameters:
-        - name: zoneId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/NetworkZone'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - API_Token: []
-        - OAuth_2.0:
-            - okta.networkZones.manage
-      tags:
-        - NetworkZone
-components:
-  securitySchemes:
-    API_Token:
-      description: 'Pass the API token as the Authorization header value prefixed with SSWS: `Authorization: SSWS {API Token}`'
-      name: Authorization
-      type: apiKey
-      in: header
-    OAuth_2.0:
-      type: oauth2
-      description: 'Pass the access_token as the value of the Authorization header: `Authorization: {access_token}`'
-      flows:
-        authorizationCode:
-          authorizationUrl: /oauth2/v1/authorize
-          tokenUrl: /oauth2/v1/token
-          scopes:
-            okta.agentPools.manage: Read or modify Agent Pools
-            okta.agentPools.read: Read Agent Pools
-            okta.apiToken.read: Read API Tokens.
-            okta.apiToken.manage: Read or modify API Tokens.
-            okta.apps.read: Read Apps.
-            okta.apps.manage: Read or modify Apps.
-            okta.authenticators.read: Read Authenticators.
-            okta.authenticators.manage: Read or modify Authenticators.
-            okta.authorizationServers.read: Read Authorization Servers.
-            okta.authorizationServers.manage: Read or modify Authorization Servers.
-            okta.behaviors.read: Read Behavior Detection Rules.
-            okta.behaviors.manage: Read or modify Behavior Detection Rules.
-            okta.brands.read: Read Brands.
-            okta.brands.manage: Read or modify Brands.
-            okta.captchas.manage: Read or modify CAPTCHA instances in your org.
-            okta.captchas.read: Read CAPTCHA instances in your org.
-            okta.domains.read: Read Domains.
-            okta.domains.manage: Read or modify Domains.
-            okta.eventHooks.read: Read Event Hooks.
-            okta.eventHooks.manage: Read or modify Event Hooks.
-            okta.groups.read: Read Groups.
-            okta.groups.manage: Read or modify Groups.
-            okta.roles.read: Read Roles.
-            okta.roles.manage: Read or modify Roles.
-            okta.idps.read: Read Identity Providers.
-            okta.idps.manage: Read or modify Identity Providers.
-            okta.users.read: Read Users.
-            okta.users.manage: Read or modify Users.
-            okta.inlineHooks.read: Read Inline Hooks.
-            okta.inlineHooks.manage: Read or modify Inline Hooks.
-            okta.logs.read: Read Logs.
-            okta.profileMappings.read: Read Profile Mappings.
-            okta.profileMappings.manage: Read or modify Profile Mappings.
-            okta.schemas.read: Read Schemas.
-            okta.schemas.manage: Read or modify Schemas.
-            okta.linkedObjects.read: Read Linked Objects.
-            okta.linkedObjects.manage: Read or modify Linked Objects.
-            okta.userTypes.read: Read Usertypes.
-            okta.userTypes.manage: Read or modify Usertypes.
-            okta.orgs.read: Read Org Settings.
-            okta.orgs.manage: Read or modify Org Settings.
-            okta.policies.read: Read Policies.
-            okta.policies.manage: Read or modify Policies.
-            okta.principalRateLimits.read: Read Principal Rate Limits.
-            okta.principalRateLimits.manage: Read or modify Principal Rate Limits.
-            okta.pushProviders.read: Read Push Providers such as APNs and FCM.
-            okta.pushProviders.manage: Read or modify Push Providers such as APNs and FCM.
-            okta.sessions.read: Read Sessions.
-            okta.sessions.manage: Read or modify Sessions.
-            okta.templates.read: Read Templates.
-            okta.templates.manage: Read or modify Templates.
-            okta.trustedOrigins.read: Read Trusted Origins.
-            okta.trustedOrigins.manage: Read or modify Trusted Origins.
-            okta.deviceAssurance.read: Read device assurance policies.
-            okta.deviceAssurance.manage: Read or modify device assurance policies.
-  examples:
-    ApiTokenListMetadataResponse:
-      value:
-        - name: My API Token
-          userId: 00uabcdefg1234567890
-          tokenWindow: P30D
-          id: 00Tabcdefg1234567890
-          clientName: Okta API
-          expiresAt: 2021-12-11T20:38:10.000Z
-          created: 2021-11-09T20:38:10.000Z
-          lastUpdated: 2021-11-11T20:38:10.000Z
-          _links:
-            self:
-              href: https://${yourOktaDomain}/api/v1/api-tokens/00Tabcdefg1234567890
-              hints:
-                allow:
-                  - GET
-                  - DELETE
-            user:
-              href: https://${yourOktaDomain}/api/v1/users/00uabcdefg1234567890
-              hints:
-                allow:
-                  - GET
-        - name: Another API Token
-          userId: 00uabcdefg1234567890
-          tokenWindow: PT5M
-          id: 00T1234567890abcdefg
-          clientName: Okta API
-          expiresAt: 2021-11-11T20:43:10.000Z
-          created: 2021-11-09T20:38:10.000Z
-          lastUpdated: 2021-11-11T20:38:10.000Z
-          _links:
-            self:
-              href: https://${yourOktaDomain}/api/v1/api-tokens/00T1234567890abcdefg
-              hints:
-                allow:
-                  - GET
-                  - DELETE
-            user:
-              href: https://${yourOktaDomain}/api/v1/users/00uabcdefg1234567890
-              hints:
-                allow:
-                  - GET
-    ApiTokenMetadataResponse:
-      value:
-        name: My API Token
-        userId: 00uXXXXXXXXXXXXXXXXX
-        tokenWindow: P30D
-        id: 00Tabcdefg1234567890
-        clientName: Okta API
-        expiresAt: 2021-12-11T20:38:10.000Z
-        created: 2021-11-09T20:38:10.000Z
-        lastUpdated: 2021-11-11T20:38:10.000Z
-        _links:
-          self:
-            href: https://${yourOktaDomain}/api/v1/api-tokens/00Tabcdefg1234567890
-            hints:
-              allow:
-                - GET
-                - DELETE
-          user:
-            href: https://${yourOktaDomain}/api/v1/users/00uXXXXXXXXXXXXXXXXX
-            hints:
-              allow:
-                - GET
-    BehaviorRuleRequest:
-      value:
-        name: My Behavior Rule
-        type: VELOCITY
-    BehaviorRuleResponse:
-      value:
-        id: abcd1234
-        name: My Behavior Rule
-        type: VELOCITY
-        settings:
-          velocityKph: 805
-        status: ACTIVE
-        created: 2021-11-09T20:38:10.000Z
-        lastUpdated: 2021-11-11T20:38:10.000Z
-        _link:
-          self:
-            href: https://your-subdomain.okta.com/api/v1/behaviors/abcd1234
-            hints:
-              allow:
-                - GET
-                - POST
-                - PUT
-                - DELETE
-    CAPTCHAInstanceRequestHCaptcha:
-      value:
-        name: myHCaptcha
-        secretKey: xxxxxxxxxxx
-        siteKey: xxxxxxxxxxx
-        type: HCAPTCHA
-    CAPTCHAInstanceRequestReCaptcha:
-      value:
-        name: myReCaptcha
-        secretKey: xxxxxxxxxxx
-        siteKey: yyyyyyyyyyyyyyy
-        type: RECAPTCHA_V2
-    CAPTCHAInstanceResponseHCaptcha:
-      value:
-        id: abcd1234
-        name: myHCaptcha
-        siteKey: xxxxxxxxxxx
-        type: HCAPTCHA
-        _link:
-          self:
-            href: https://your-subdomain.okta.com/api/v1/captchas/abcd1234
-            hints:
-              allow:
-                - GET
-                - POST
-                - PUT
-                - DELETE
-    CAPTCHAInstanceResponseReCaptcha:
-      value:
-        id: abcd4567
-        name: myReCaptcha
-        siteKey: yyyyyyyyyyyyyyy
-        type: RECAPTCHA_V2
-        _link:
-          self:
-            href: https://your-subdomain.okta.com/api/v1/captchas/abcd4567
-            hints:
-              allow:
-                - GET
-                - POST
-                - PUT
-                - DELETE
-    CreateUpdateEmailCustomizationRequest:
-      value:
-        language: fr
-        subject: Bienvenue dans ${org.name}!
-        body: <!DOCTYPE html><html><body><p>Bonjour ${user.profile.firstName}. <a href="${activationLink}">Activer le compte</a></p></body></html>
-        isDefault: false
-    CreateUpdateEmailCustomizationResponse:
-      value:
-        language: fr
-        subject: Bienvenue dans ${org.name}!
-        body: <!DOCTYPE html><html><body><p>Bonjour ${user.profile.firstName}. <a href="${activationLink}">Activer le compte</a></p></body></html>
-        isDefault: false
-        id: oel11u6DqUiMbQkpl0g4
-        created: 2021-11-09T20:38:10.000Z
-        lastUpdated: 2021-11-11T20:38:10.000Z
-        _links:
-          self:
-            href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4
-            hints:
-              allow:
-                - GET
-                - PUT
-                - DELETE
-          template:
-            href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation
-            hints:
-              allow:
-                - GET
-          preview:
-            href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4/preview
-            hints:
-              allow:
-                - GET
-          test:
-            href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation/test
-            hints:
-              allow:
-                - POST
-    DeviceAssuranceAndroidRequest:
-      value:
-        name: Device Assurance Android
-        osVersion:
-          minimum: 12.4.5
-        diskEncryptionType:
-          include:
-            - USER
-            - FULL
-        jailbreak: false
-        platform: ANDROID
-        screenLockType:
-          include:
-            - BIOMETRIC
-        secureHardwarePresent: true
-    DeviceAssuranceIosRequest:
-      value:
-        name: Device Assurance IOS
-        osVersion:
-          minimum: 12.4.5
-        jailbreak: false
-        platform: IOS
-        screenLockType:
-          include:
-            - BIOMETRIC
-    DeviceAssuranceMacOSRequest:
-      value:
-        name: Device Assurance macOS
-        osVersion:
-          minimum: 12.4.5
-        diskEncryptionType:
-          include:
-            - ALL_INTERNAL_VOLUMES
-        platform: MACOS
-        screenLockType:
-          include:
-            - PASSCODE
-            - BIOMETRIC
-        secureHardwarePresent: true
-    DeviceAssuranceResponse:
-      value:
-        id: dae3m8o4rWhwReDeM1c5
-        name: Device Assurance Example
-        lastUpdate: 2022-01-01T00:00:00.000Z
-        createdUpdate: 2022-01-01T00:00:00.000Z
-        lastUpdatedBy: 00u217pyf72CdUrBt1c5
-        createdBy: 00u217pyf72CdUrBt1c5
-        osVersion:
-          minimum: 12.4.5.9
-        diskEncryptionType:
-          include:
-            - ALL_INTERNAL_VOLUMES
-        platform: WINDOWS
-        screenLockType:
-          include:
-            - PASSCODE
-            - BIOMETRIC
-        secureHardwarePresent: true
-        _links:
-          self:
-            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
-            hints:
-              allow:
-                - DELETE
-                - GET
-                - PUT
-    DeviceAssuranceWindowsRequest:
-      value:
-        name: Device Assurance Windows
-        osVersion:
-          minimum: 12.4.5.9
-        diskEncryptionType:
-          include:
-            - ALL_INTERNAL_VOLUMES
-        platform: WINDOWS
-        screenLockType:
-          include:
-            - PASSCODE
-            - BIOMETRIC
-        secureHardwarePresent: true
-    EmailCustomizationResponse:
-      value:
-        language: en
-        isDefault: true
-        subject: Welcome to ${org.name}!
-        body: <!DOCTYPE html><html><body><p>Hello, ${user.profile.firstName}. Click <a href="${activationLink}">here</a> to activate your account.</body></html>
-        id: oel11u6DqUiMbQkpl0g4
-        created: 2021-11-09T20:38:10.000Z
-        lastUpdated: 2021-11-11T20:38:10.000Z
-        _links:
-          self:
-            href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4
-            hints:
-              allow:
-                - GET
-                - PUT
-                - DELETE
-          template:
-            href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation
-            hints:
-              allow:
-                - GET
-          preview:
-            href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4/preview
-            hints:
-              allow:
-                - GET
-          test:
-            href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation/test
-            hints:
-              allow:
-                - POST
-    EmailSettingsResponse:
-      value:
-        recipients: ALL_USERS
-        _links:
-          self:
-            href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation/settings
-            hints:
-              allow:
-                - GET
-                - PUT
-          template:
-            href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation
-            hints:
-              allow:
-                - GET
-    EmailTemplateDefaultContentResponse:
-      value:
-        subject: Welcome to ${org.name}!
-        body: <!DOCTYPE html><html><body><p>Hello, ${user.profile.firstName}. Click <a href="${activationLink}">here</a> to activate your account.</body></html>
-        _links:
-          self:
-            href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation/default-content
-            hints:
-              allow:
-                - GET
-          template:
-            href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation
-            hints:
-              allow:
-                - GET
-          preview:
-            href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation/default-content/preview
-            hints:
-              allow:
-                - GET
-    ErrorAccessDenied:
-      value:
-        errorCode: E0000006
-        errorSummary: You do not have permission to perform the requested action
-        errorLink: E0000006
-        errorId: sampleNUSD_8fdkFd8fs8SDBK
-        errorCauses: []
-    ErrorApiValidationFailed:
-      value:
-        errorCode: E0000001
-        errorSummary: 'Api validation failed: {0}'
-        errorLink: E0000001
-        errorId: sampleiCF-8D5rLW6myqiPItW
-        errorCauses: []
-    ErrorCAPTCHALimitOfOne:
-      value:
-        errorCode: E0000165
-        errorSummary: CAPTCHA count limit reached. At most one CAPTCHA instance is allowed per Org.
-        errorLink: E0000165
-        errorId: oaejrB1fWL1S7mc-2KcG-SOtw
-        errorCauses: []
-    ErrorCAPTCHAOrgWideSetting:
-      value:
-        errorCode: E0000149
-        errorSummary: Current CAPTCHA is associated with org-wide settings, cannot be removed.
-        errorLink: E0000149
-        errorId: samplezsusshPdiTWiITwqBt8
-        errorCauses: []
-    ErrorCreateUserWithExpiredPasswordWithNullPassword:
-      value:
-        errorCode: E0000124
-        errorSummary: Could not create user. To create a user and expire their password immediately, a password must be specified
-        errorLink: E0000124
-        errorId: oaeXxuZgXBySvqi1FvtkwoYCA
-        errorCauses:
-          - errorSummary: Could not create user. To create a user and expire their password immediately, a password must be specified
-    ErrorCreateUserWithExpiredPasswordWithoutActivation:
-      value:
-        errorCode: E0000125
-        errorSummary: Could not create user. To create a user and expire their password immediately, "activate" must be true
-        errorLink: E0000125
-        errorId: oaeDd77L9R-TJaD7j_rXsQ31w
-        errorCauses:
-          - errorSummary: Could not create user. To create a user and expire their password immediately, "activate" must be true
-    ErrorCreateUserWithTooManyManyGroupsResponse:
-      value:
-        errorCode: E0000093
-        errorSummary: Target count limit exceeded
-        errorLink: E0000093
-        errorId: oaePVSLIYnIQsC0B-ptBIllVA
-        errorCauses:
-          - errorSummary: The number of group targets is too large.
-    ErrorDeviceAssuranceInUse:
-      value:
-        errorSummary: Device assurance is in use and cannot be deleted.
-        errorId: oaenwA1ra80S9W-pvbh4m6haA
-        errorCauses: []
-    ErrorEmailCustomizationCannotClearDefault:
-      value:
-        errorCode: E0000185
-        errorSummary: The isDefault parameter of the default email template customization can't be set to false.
-        errorLink: E0000185
-        errorId: oaejrB1fWL1S7mc-2KcG-SOtw
-        errorCauses: []
-    ErrorEmailCustomizationCannotDeleteDefault:
-      value:
-        errorCode: E0000184
-        errorSummary: A default email template customization can't be deleted.
-        errorLink: E0000184
-        errorId: oaeAdRqprFuTyKokyYPbURJkA
-        errorCauses: []
-    ErrorEmailCustomizationDefaultAlreadyExists:
-      value:
-        errorCode: E0000182
-        errorSummary: A default email template customization already exists.
-        errorLink: E0000182
-        errorId: oaeXYwTiMvASsC3O4HCzjFaCA
-        errorCauses: []
-    ErrorEmailCustomizationLanguageAlreadyExists:
-      value:
-        errorCode: E0000183
-        errorSummary: An email template customization for that language already exists.
-        errorLink: E0000183
-        errorId: oaeUcGELffqRay0u1OPdnPypw
-        errorCauses: []
-    ErrorInvalidEmailTemplateRecipients:
-      value:
-        errorCode: E0000189
-        errorSummary: This template does not support the recipients value.
-        errorLink: E0000189
-        errorId: oae8L1-UkcNTeGi5xVQ28_lww
-        errorCauses: []
-    ErrorPushProviderUsedByCustomAppAuthenticator:
-      value:
-        errorCode: E0000187
-        errorSummary: Cannot delete push provider because it is being used by a custom app authenticator.
-        errorLink: E0000187
-        errorId: oaenwA1ra80S9W-pvbh4m6haA
-        errorCauses: []
-    ErrorResourceNotFound:
-      value:
-        errorCode: E0000007
-        errorSummary: 'Not found: {0}'
-        errorLink: E0000007
-        errorId: sampleMlLvGUj_YD5v16vkYWY
-        errorCauses: []
-    ErrorTooManyRequests:
-      value:
-        errorCode: E0000047
-        errorSummary: You exceeded the maximum number of requests. Try again in a while.
-        errorLink: E0000047
-        errorId: sampleQPivGUj_ND5v78vbYWW
-        errorCauses: []
-    GetEmailTemplateResponse:
-      value:
-        name: UserActivation
-        _links:
-          self:
-            href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation
-            hints:
-              allow:
-                - GET
-          settings:
-            href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation/settings
-            hints:
-              allow:
-                - GET
-                - PUT
-          defaultContent:
-            href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation/default-content
-            hints:
-              allow:
-                - GET
-          customizations:
-            href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation/customizations
-            hints:
-              allow:
-                - GET
-                - POST
-                - DELETE
-          test:
-            href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation/test
-            hints:
-              allow:
-                - POST
-    ListEmailCustomizationResponse:
-      value:
-        - language: en
-          isDefault: true
-          subject: Welcome to ${org.name}!
-          body: <!DOCTYPE html><html><body><p>Hello, ${user.profile.firstName}. Click <a href="${activationLink}">here</a> to activate your account.</body></html>
-          id: oel11u6DqUiMbQkpl0g4
-          created: 2021-11-09T20:38:10.000Z
-          lastUpdated: 2021-11-11T20:38:10.000Z
-          _links:
-            self:
-              href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4
-              hints:
-                allow:
-                  - GET
-                  - PUT
-                  - DELETE
-            template:
-              href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation
-              hints:
-                allow:
-                  - GET
-            preview:
-              href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4/preview
-              hints:
-                allow:
-                  - GET
-            test:
-              href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation/test
-              hints:
-                allow:
-                  - POST
-    ListEmailTemplateResponse:
-      value:
-        - name: UserActivation
-          _links:
-            self:
-              href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation
-              hints:
-                allow:
-                  - GET
-            settings:
-              href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation/settings
-              hints:
-                allow:
-                  - GET
-                  - PUT
-            defaultContent:
-              href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation/default-content
-              hints:
-                allow:
-                  - GET
-            customizations:
-              href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation/customizations
-              hints:
-                allow:
-                  - GET
-                  - POST
-                  - DELETE
-            test:
-              href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation/test
-              hints:
-                allow:
-                  - POST
-    ListUsersResponse:
-      value:
-        - id: 00u118oQYT4TBGuay0g4
-          status: ACTIVE
-          created: 2022-04-04T15:56:05.000Z
-          activated: null
-          statusChanged: null
-          lastLogin: 2022-05-04T19:50:52.000Z
-          lastUpdated: 2022-05-05T18:15:44.000Z
-          passwordChanged: 2022-04-04T16:00:22.000Z
-          type:
-            id: oty1162QAr8hJjTaq0g4
-          profile:
-            firstName: Alice
-            lastName: Smith
-            mobilePhone: null
-            secondEmail: null
-            login: alice.smith@example.com
-            email: alice.smith@example.com
-          credentials:
-            password: {}
-            provider:
-              type: OKTA
-              name: OKTA
-          _links:
-            self:
-              href: http://your-subdomain.okta.com/api/v1/users/00u118oQYT4TBGuay0g4
-    PreviewEmailCustomizationResponse:
-      value:
-        subject: Welcome to Okta!
-        body: <!DOCTYPE html><html><body><p>Hello, John. Click <a href="https://${yourOktaDomain}/...">here</a> to activate your account.</body></html>
-        _links:
-          self:
-            href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation/customizations/oel2kk1zYJBJbeaGo0g4/preview
-            hints:
-              allow:
-                - GET
-          template:
-            href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation
-            hints:
-              allow:
-                - GET
-          test:
-            href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation/test
-            hints:
-              allow:
-                - POST
-    PreviewEmailTemplateDefaultContentResponse:
-      value:
-        subject: Welcome to Okta!
-        body: <!DOCTYPE html><html><body><p>Hello, John. Click <a href="https://${yourOktaDomain}/...">here</a> to activate your account.</body></html>
-        _links:
-          self:
-            href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation/default-content/preview
-            hints:
-              allow:
-                - GET
-          template:
-            href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation
-            hints:
-              allow:
-                - GET
-          defaultContent:
-            href: https://${yourOktaDomain}/api/v1/brands/${brandId}/templates/email/UserActivation/test/default-content
-            hints:
-              allow:
-                - POST
-    PrincipalRateLimitEntityRequestEmptyPercentages:
-      value:
-        principalId: token1234
-        principalType: SSWS_TOKEN
-    PrincipalRateLimitEntityRequestSSWSToken:
-      value:
-        principalId: token1234
-        principalType: SSWS_TOKEN
-        defaultPercentage: 50
-        defaultConcurrencyPercentage: 75
-    PrincipalRateLimitEntityResponseSSWSToken:
-      value:
-        id: abcd1234
-        orgId: org1234
-        principalId: token1234
-        principalType: SSWS_TOKEN
-        defaultPercentage: 50
-        defaultConcurrencyPercentage: 75
-        createdDate: '2022-05-19T20:05:32.720Z'
-        createdBy: user1234
-        lastUpdate: '2022-05-20T21:13:07.410Z'
-        lastUpdatedBy: user4321
-    PushProviderAPNsRequest:
-      value:
-        name: APNs Example
-        providerType: APNS
-        configuration:
-          keyId: KEY_ID
-          teamId: TEAM_ID
-          tokenSigningKey: '-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n'
-          fileName: fileName.p8
-    PushProviderAPNsResponse:
-      value:
-        id: ppctekcmngGaqeiBxB0g4
-        name: APNs Example
-        providerType: APNS
-        lastUpdatedDate: 2022-01-01T00:00:00.000Z
-        configuration:
-          keyId: KEY_ID
-          teamId: TEAM_ID
-          fileName: fileName.p8
-        _links:
-          self:
-            href: https://your-subdomain.okta.com/api/v1/push-providers/ppctekcmngGaqeiBxB0g4
-            hints:
-              allow:
-                - DELETE
-                - GET
-                - PUT
-    PushProviderFCMRequest:
-      value:
-        name: FCM Example
-        providerType: FCM
-        configuration:
-          serviceAccountJson:
-            type: service_account
-            project_id: PROJECT_ID
-            private_key_id: KEY_ID
-            private_key: '-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n'
-            client_email: SERVICE_ACCOUNT_EMAIL
-            client_id: CLIENT_ID
-            auth_uri: https://accounts.google.com/o/oauth2/auth
-            token_uri: https://accounts.google.com/o/oauth2/token
-            auth_provider_x509_cert_url: https://www.googleapis.com/oauth2/v1/certs
-            client_x509_cert_url: https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL
-          fileName: fileName.json
-    PushProviderFCMResponse:
-      value:
-        id: ppctekcmngGaqeiBxB0g4
-        name: FCM Example
-        providerType: FCM
-        lastUpdatedDate: 2022-01-01T00:00:00.000Z
-        configuration:
-          projectId: PROJECT_ID
-          fileName: fileName.p8
-        _links:
-          self:
-            href: https://your-subdomain.okta.com/api/v1/push-providers/ppctekcmngGaqeiBxB0g4
-            hints:
-              allow:
-                - DELETE
-                - GET
-                - PUT
-  parameters:
-    pathApiTokenId:
-      name: apiTokenId
-      in: path
-      schema:
-        type: string
-        example: 00Tabcdefg1234567890
-      required: true
-      description: id of the API Token
-    pathBehaviorId:
-      name: behaviorId
-      in: path
-      schema:
-        type: string
-        example: abcd1234
-      required: true
-      description: id of the Behavior Detection Rule
-    pathBrandId:
-      name: brandId
-      in: path
-      required: true
-      schema:
-        type: string
-      description: The ID of the brand.
-    pathCaptchaId:
-      name: captchaId
-      in: path
-      schema:
-        type: string
-        example: abcd1234
-      required: true
-      description: id of the CAPTCHA
-    pathCustomizationId:
-      name: customizationId
-      in: path
-      required: true
-      schema:
-        type: string
-      description: The ID of the email customization.
-    pathDeviceAssuranceId:
-      in: path
-      name: deviceAssuranceId
-      required: true
-      description: Id of the Device Assurance Policy
-      schema:
-        type: string
-    pathEmailDomainId:
-      name: emailDomainId
-      in: path
-      required: true
-      schema:
-        type: string
-        description: The ID of the email domain.
-    pathPoolId:
-      name: poolId
-      in: path
-      description: Id of the agent pool for which the settings will apply
-      schema:
-        type: string
-      required: true
-    pathPrincipalRateLimitId:
-      name: principalRateLimitId
-      in: path
-      schema:
-        type: string
-        example: abcd1234
-      required: true
-      description: id of the Principal Rate Limit
-    pathPushProviderId:
-      in: path
-      name: pushProviderId
-      required: true
-      description: Id of the push provider
-      schema:
-        type: string
-    pathTemplateName:
-      name: templateName
-      in: path
-      required: true
-      schema:
-        type: string
-      description: The name of the email template.
-    pathUpdateId:
-      name: updateId
-      in: path
-      description: Id of the update
-      schema:
-        type: string
-      required: true
-    pathUserId:
-      name: userId
-      in: path
-      required: true
-      schema:
-        type: string
-    queryAfter:
-      name: after
-      in: query
-      schema:
-        type: string
-      description: The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](https://developer.okta.com/docs/reference/core-okta-api/#pagination) for more information.
-    queryExpandEmailTemplate:
-      name: expand
-      in: query
-      style: form
-      explode: false
-      required: false
-      schema:
-        type: array
-        items:
-          type: string
-          enum:
-            - settings
-            - customizationCount
-      description: Specifies additional metadata to be included in the response.
-    queryLanguage:
-      name: language
-      schema:
-        $ref: '#/components/schemas/Language'
-      in: query
-      description: The language to use for the email. Defaults to the current user's language if unspecified.
-    queryLimit:
-      name: limit
-      in: query
-      schema:
-        type: integer
-        minimum: 1
-        maximum: 200
-        default: 20
-      description: A limit on the number of objects to return.
-    queryLimitPerPoolType:
-      name: limitPerPoolType
-      in: query
-      schema:
-        type: integer
-        default: 5
-      required: false
-      description: Maximum number of AgentPools being returned
-    queryPoolType:
-      name: poolType
-      in: query
-      schema:
-        $ref: '#/components/schemas/AgentType'
-      required: false
-      description: Agent type to search for
-    queryScheduled:
-      name: scheduled
-      in: query
-      description: Scope the list only to scheduled or ad-hoc updates. If the parameter is not provided we will return the whole list of updates.
-      schema:
-        type: boolean
-      required: false
-  schemas:
-    APNSConfiguration:
-      properties:
-        fileName:
-          type: string
-          description: (Optional) File name for Admin Console display
-        keyId:
-          type: string
-          description: 10-character Key ID obtained from the Apple developer account
-        teamId:
-          type: string
-          description: 10-character Team ID used to develop the iOS app
-        tokenSigningKey:
-          type: string
-          description: APNs private authentication token signing key
-          writeOnly: true
-    APNSPushProvider:
-      allOf:
-        - $ref: '#/components/schemas/PushProvider'
-        - type: object
-          properties:
-            configuration:
-              $ref: '#/components/schemas/APNSConfiguration'
-    AccessPolicy:
-      allOf:
-        - $ref: '#/components/schemas/Policy'
-        - type: object
-          properties:
-            conditions:
-              $ref: '#/components/schemas/PolicyRuleConditions'
-    AccessPolicyConstraint:
-      type: object
-      properties:
-        methods:
-          items:
-            type: string
-          type: array
-        reauthenticateIn:
-          type: string
-        types:
-          items:
-            type: string
-          type: array
-    AccessPolicyConstraints:
-      type: object
-      properties:
-        knowledge:
-          $ref: '#/components/schemas/KnowledgeConstraint'
-        possession:
-          $ref: '#/components/schemas/PossessionConstraint'
-    AccessPolicyRule:
-      allOf:
-        - $ref: '#/components/schemas/PolicyRule'
-        - type: object
-          properties:
-            actions:
-              $ref: '#/components/schemas/AccessPolicyRuleActions'
-            conditions:
-              $ref: '#/components/schemas/AccessPolicyRuleConditions'
-    AccessPolicyRuleActions:
-      allOf:
-        - $ref: '#/components/schemas/PolicyRuleActions'
-        - type: object
-          properties:
-            appSignOn:
-              $ref: '#/components/schemas/AccessPolicyRuleApplicationSignOn'
-    AccessPolicyRuleApplicationSignOn:
-      type: object
-      properties:
-        access:
-          type: string
-        verificationMethod:
-          $ref: '#/components/schemas/VerificationMethod'
-    AccessPolicyRuleConditions:
-      allOf:
-        - $ref: '#/components/schemas/PolicyRuleConditions'
-        - type: object
-          properties:
-            device:
-              $ref: '#/components/schemas/DeviceAccessPolicyRuleCondition'
-            elCondition:
-              $ref: '#/components/schemas/AccessPolicyRuleCustomCondition'
-            userType:
-              $ref: '#/components/schemas/UserTypeCondition'
-    AccessPolicyRuleCustomCondition:
-      properties:
-        condition:
-          type: string
-    AcsEndpoint:
-      type: object
-      properties:
-        index:
-          type: integer
-        url:
-          type: string
-    ActivateFactorRequest:
-      type: object
-      properties:
-        attestation:
-          type: string
-        clientData:
-          type: string
-        passCode:
-          type: string
-        registrationData:
-          type: string
-        stateToken:
-          type: string
-    Agent:
-      description: Agent details
-      type: object
-      properties:
-        id:
-          type: string
-          readOnly: true
-        isHidden:
-          type: boolean
-        isLatestGAedVersion:
-          type: boolean
-        lastConnection:
-          type: string
-          format: date-time
-        name:
-          type: string
-        operationalStatus:
-          $ref: '#/components/schemas/OperationalStatus'
-        poolId:
-          type: string
-        type:
-          $ref: '#/components/schemas/AgentType'
-        updateMessage:
-          type: string
-        updateStatus:
-          $ref: '#/components/schemas/AgentUpdateInstanceStatus'
-        version:
-          type: string
-        _links:
-          $ref: '#/components/schemas/HrefObject'
-    AgentPool:
-      description: An AgentPool is a collection of agents that serve a common purpose. An AgentPool has a unique ID within an org, and contains a collection of agents disjoint to every other AgentPool (i.e. no two AgentPools share an Agent).
-      type: object
-      properties:
-        agents:
-          type: array
-          items:
-            $ref: '#/components/schemas/Agent'
-        id:
-          type: string
-          readOnly: true
-        name:
-          type: string
-        operationalStatus:
-          $ref: '#/components/schemas/OperationalStatus'
-        type:
-          $ref: '#/components/schemas/AgentType'
-    AgentPoolUpdate:
-      description: Various information about agent auto update configuration
-      type: object
-      properties:
-        agents:
-          type: array
-          items:
-            $ref: '#/components/schemas/Agent'
-        agentType:
-          $ref: '#/components/schemas/AgentType'
-        enabled:
-          type: boolean
-        id:
-          type: string
-          readOnly: true
-        name:
-          type: string
-        notifyAdmin:
-          type: boolean
-        reason:
-          type: string
-        schedule:
-          $ref: '#/components/schemas/AutoUpdateSchedule'
-        sortOrder:
-          type: integer
-        status:
-          $ref: '#/components/schemas/AgentUpdateJobStatus'
-        targetVersion:
-          type: string
-        _links:
-          $ref: '#/components/schemas/HrefObject'
-    AgentPoolUpdateSetting:
-      description: Setting for auto-update
-      type: object
-      properties:
-        agentType:
-          $ref: '#/components/schemas/AgentType'
-        continueOnError:
-          type: boolean
-        latestVersion:
-          type: string
-        minimalSupportedVersion:
-          type: string
-        poolId:
-          type: string
-          readOnly: true
-        poolName:
-          type: string
-        releaseChannel:
-          $ref: '#/components/schemas/ReleaseChannel'
-    AgentType:
-      description: Agent types that are being monitored
-      type: string
-      x-okta-known-values:
-        - AD
-        - IWA
-        - LDAP
-        - MFA
-        - OPP
-        - RUM
-        - Radius
-    AgentUpdateInstanceStatus:
-      description: Status for one agent regarding the status to auto-update that agent
-      type: string
-      x-okta-known-values:
-        - Cancelled
-        - Failed
-        - InProgress
-        - PendingCompletion
-        - Scheduled
-        - Success
-    AgentUpdateJobStatus:
-      description: Overall state for the auto-update job from admin perspective
-      type: string
-      x-okta-known-values:
-        - Cancelled
-        - Failed
-        - InProgress
-        - Paused
-        - Scheduled
-        - Success
-    AllowedForEnum:
-      type: string
-      x-okta-known-values:
-        - any
-        - none
-        - recovery
-        - sso
-    ApiToken:
-      title: API Token
-      description: An API token for an Okta User. This token is NOT scoped any further and can be used for any API the user has permissions to call.
-      type: object
-      properties:
-        clientName:
-          type: string
-          readOnly: true
-        created:
-          type: string
-          format: date-time
-          readOnly: true
-        expiresAt:
-          type: string
-          format: date-time
-          readOnly: true
-        id:
-          type: string
-          readOnly: true
-        lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        name:
-          type: string
-        tokenWindow:
-          $ref: '#/components/schemas/TimeDuration'
-        userId:
-          type: string
-        _link:
-          type: object
-          properties:
-            self:
-              $ref: '#/components/schemas/HrefObject'
-          readOnly: true
-      required:
-        - name
-    AppAndInstanceConditionEvaluatorAppOrInstance:
-      type: object
-      properties:
-        id:
-          type: string
-          readOnly: true
-        name:
-          type: string
-        type:
-          $ref: '#/components/schemas/AppAndInstanceType'
-    AppAndInstancePolicyRuleCondition:
-      type: object
-      properties:
-        exclude:
-          type: array
-          items:
-            $ref: '#/components/schemas/AppAndInstanceConditionEvaluatorAppOrInstance'
-        include:
-          type: array
-          items:
-            $ref: '#/components/schemas/AppAndInstanceConditionEvaluatorAppOrInstance'
-    AppAndInstanceType:
-      type: string
-      x-okta-known-values:
-        - APP
-        - APP_TYPE
-    AppInstancePolicyRuleCondition:
-      type: object
-      properties:
-        exclude:
-          type: array
-          items:
-            type: string
-        include:
-          type: array
-          items:
-            type: string
-    AppLink:
-      type: object
-      properties:
-        appAssignmentId:
-          type: string
-          readOnly: true
-        appInstanceId:
-          type: string
-          readOnly: true
-        appName:
-          type: string
-          readOnly: true
-        credentialsSetup:
-          type: boolean
-          readOnly: true
-        hidden:
-          type: boolean
-          readOnly: true
-        id:
-          type: string
-          readOnly: true
-        label:
-          type: string
-          readOnly: true
-        linkUrl:
-          type: string
-          readOnly: true
-        logoUrl:
-          type: string
-          readOnly: true
-        sortOrder:
-          type: integer
-          readOnly: true
-    AppUser:
-      type: object
-      properties:
-        created:
-          type: string
-          format: date-time
-          readOnly: true
-        credentials:
-          $ref: '#/components/schemas/AppUserCredentials'
-        externalId:
-          type: string
-          readOnly: true
-        id:
-          type: string
-          readOnly: false
-        lastSync:
-          type: string
-          format: date-time
-          readOnly: true
-        lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        passwordChanged:
-          type: string
-          format: date-time
-          readOnly: true
-        profile:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-        scope:
-          type: string
-        status:
-          type: string
-          readOnly: true
-        statusChanged:
-          type: string
-          format: date-time
-          readOnly: true
-        syncState:
-          type: string
-          readOnly: true
-        _embedded:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    AppUserCredentials:
-      type: object
-      properties:
-        password:
-          $ref: '#/components/schemas/AppUserPasswordCredential'
-        userName:
-          type: string
-    AppUserPasswordCredential:
-      type: object
-      properties:
-        value:
-          type: string
-          format: password
-    Application:
-      type: object
-      properties:
-        accessibility:
-          $ref: '#/components/schemas/ApplicationAccessibility'
-        created:
-          type: string
-          format: date-time
-          readOnly: true
-        features:
-          type: array
-          items:
-            type: string
-        id:
-          type: string
-          readOnly: true
-        label:
-          type: string
-        lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        licensing:
-          $ref: '#/components/schemas/ApplicationLicensing'
-        profile:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-        signOnMode:
-          $ref: '#/components/schemas/ApplicationSignOnMode'
-        status:
-          $ref: '#/components/schemas/ApplicationLifecycleStatus'
-        visibility:
-          $ref: '#/components/schemas/ApplicationVisibility'
-        _embedded:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-      discriminator:
-        propertyName: signOnMode
-        mapping:
-          AUTO_LOGIN: '#/components/schemas/AutoLoginApplication'
-          BASIC_AUTH: '#/components/schemas/BasicAuthApplication'
-          BOOKMARK: '#/components/schemas/BookmarkApplication'
-          BROWSER_PLUGIN: '#/components/schemas/BrowserPluginApplication'
-          OPENID_CONNECT: '#/components/schemas/OpenIdConnectApplication'
-          SAML_1_1: '#/components/schemas/SamlApplication'
-          SAML_2_0: '#/components/schemas/SamlApplication'
-          SECURE_PASSWORD_STORE: '#/components/schemas/SecurePasswordStoreApplication'
-          WS_FEDERATION: '#/components/schemas/WsFederationApplication'
-    ApplicationAccessibility:
-      type: object
-      properties:
-        errorRedirectUrl:
-          type: string
-        loginRedirectUrl:
-          type: string
-        selfService:
-          type: boolean
-    ApplicationCredentials:
-      type: object
-      properties:
-        signing:
-          $ref: '#/components/schemas/ApplicationCredentialsSigning'
-        userNameTemplate:
-          $ref: '#/components/schemas/ApplicationCredentialsUsernameTemplate'
-    ApplicationCredentialsOAuthClient:
-      type: object
-      properties:
-        autoKeyRotation:
-          type: boolean
-        client_id:
-          type: string
-        client_secret:
-          type: string
-        token_endpoint_auth_method:
-          $ref: '#/components/schemas/OAuthEndpointAuthenticationMethod'
-    ApplicationCredentialsScheme:
-      type: string
-      x-okta-known-values:
-        - ADMIN_SETS_CREDENTIALS
-        - EDIT_PASSWORD_ONLY
-        - EDIT_USERNAME_AND_PASSWORD
-        - EXTERNAL_PASSWORD_SYNC
-        - SHARED_USERNAME_AND_PASSWORD
-    ApplicationCredentialsSigning:
-      type: object
-      properties:
-        kid:
-          type: string
-        lastRotated:
-          type: string
-          format: date-time
-          readOnly: true
-        nextRotation:
-          type: string
-          format: date-time
-          readOnly: true
-        rotationMode:
-          type: string
-        use:
-          $ref: '#/components/schemas/ApplicationCredentialsSigningUse'
-    ApplicationCredentialsSigningUse:
-      type: string
-      x-okta-known-values:
-        - sig
-    ApplicationCredentialsUsernameTemplate:
-      type: object
-      properties:
-        pushStatus:
-          type: string
-        suffix:
-          type: string
-        template:
-          type: string
-        type:
-          type: string
-    ApplicationFeature:
-      type: object
-      properties:
-        capabilities:
-          $ref: '#/components/schemas/CapabilitiesObject'
-        description:
-          type: string
-        name:
-          type: string
-        status:
-          $ref: '#/components/schemas/EnabledStatus'
-        _links:
-          additionalProperties:
-            type: object
-          readOnly: true
-          type: object
-    ApplicationGroupAssignment:
-      type: object
-      properties:
-        id:
-          type: string
-          readOnly: true
-        lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        priority:
-          type: integer
-        profile:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-        _embedded:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    ApplicationLayout:
-      type: object
-      properties:
-        elements:
-          items:
-            $ref: '#/components/schemas/ApplicationLayout'
-          type: array
-        label:
-          type: string
-        options:
-          type: object
-          additionalProperties: true
-        rule:
-          type: object
-          properties:
-            effect:
-              type: string
-            condition:
-              $ref: '#/components/schemas/ApplicationLayoutRuleCondition'
-        scope:
-          type: string
-        type:
-          type: string
-    ApplicationLayoutRuleCondition:
-      type: object
-      properties:
-        schema:
-          type: object
-          additionalProperties: true
-        scope:
-          type: string
-    ApplicationLicensing:
-      type: object
-      properties:
-        seatCount:
-          type: integer
-    ApplicationLifecycleStatus:
-      type: string
-      readOnly: true
-      x-okta-known-values:
-        - ACTIVE
-        - DELETED
-        - INACTIVE
-    ApplicationSettings:
-      type: object
-      properties:
-        identityStoreId:
-          type: string
-        implicitAssignment:
-          type: boolean
-        inlineHookId:
-          type: string
-        notes:
-          $ref: '#/components/schemas/ApplicationSettingsNotes'
-        notifications:
-          $ref: '#/components/schemas/ApplicationSettingsNotifications'
-    ApplicationSettingsNotes:
-      type: object
-      properties:
-        admin:
-          type: string
-        enduser:
-          type: string
-    ApplicationSettingsNotifications:
-      type: object
-      properties:
-        vpn:
-          $ref: '#/components/schemas/ApplicationSettingsNotificationsVpn'
-    ApplicationSettingsNotificationsVpn:
-      type: object
-      properties:
-        helpUrl:
-          type: string
-        message:
-          type: string
-        network:
-          $ref: '#/components/schemas/ApplicationSettingsNotificationsVpnNetwork'
-    ApplicationSettingsNotificationsVpnNetwork:
-      type: object
-      properties:
-        connection:
-          type: string
-        exclude:
-          type: array
-          items:
-            type: string
-        include:
-          type: array
-          items:
-            type: string
-    ApplicationSignOnMode:
-      type: string
-      x-okta-known-values:
-        - AUTO_LOGIN
-        - BASIC_AUTH
-        - BOOKMARK
-        - BROWSER_PLUGIN
-        - OPENID_CONNECT
-        - SAML_1_1
-        - SAML_2_0
-        - SECURE_PASSWORD_STORE
-        - WS_FEDERATION
-    ApplicationVisibility:
-      type: object
-      properties:
-        appLinks:
-          type: object
-          additionalProperties:
-            type: boolean
-        autoLaunch:
-          type: boolean
-        autoSubmitToolbar:
-          type: boolean
-        hide:
-          $ref: '#/components/schemas/ApplicationVisibilityHide'
-    ApplicationVisibilityHide:
-      type: object
-      properties:
-        iOS:
-          type: boolean
-        web:
-          type: boolean
-    AssignRoleRequest:
-      type: object
-      properties:
-        type:
-          $ref: '#/components/schemas/RoleType'
-    AuthenticationProvider:
-      type: object
-      properties:
-        name:
-          type: string
-        type:
-          $ref: '#/components/schemas/AuthenticationProviderType'
-    AuthenticationProviderType:
-      type: string
-      x-okta-known-values:
-        - ACTIVE_DIRECTORY
-        - FEDERATION
-        - IMPORT
-        - LDAP
-        - OKTA
-        - SOCIAL
-    Authenticator:
-      type: object
-      properties:
-        created:
-          format: date-time
-          readOnly: true
-          type: string
-        id:
-          readOnly: true
-          type: string
-        key:
-          type: string
-        lastUpdated:
-          format: date-time
-          readOnly: true
-          type: string
-        name:
-          type: string
-        provider:
-          $ref: '#/components/schemas/AuthenticatorProvider'
-        settings:
-          $ref: '#/components/schemas/AuthenticatorSettings'
-        status:
-          $ref: '#/components/schemas/AuthenticatorStatus'
-        type:
-          $ref: '#/components/schemas/AuthenticatorType'
-        _links:
-          additionalProperties:
-            type: object
-          readOnly: true
-          type: object
-    AuthenticatorProvider:
-      properties:
-        configuration:
-          $ref: '#/components/schemas/AuthenticatorProviderConfiguration'
-        type:
-          type: string
-    AuthenticatorProviderConfiguration:
-      properties:
-        authPort:
-          type: integer
-        hostName:
-          type: string
-        instanceId:
-          type: string
-        sharedSecret:
-          type: string
-        userNameTemplate:
-          $ref: '#/components/schemas/AuthenticatorProviderConfigurationUserNameTemplate'
-    AuthenticatorProviderConfigurationUserNameTemplate:
-      properties:
-        template:
-          type: string
-    AuthenticatorSettings:
-      type: object
-      properties:
-        allowedFor:
-          $ref: '#/components/schemas/AllowedForEnum'
-        appInstanceId:
-          type: string
-        channelBinding:
-          $ref: '#/components/schemas/ChannelBinding'
-        compliance:
-          $ref: '#/components/schemas/Compliance'
-        tokenLifetimeInMinutes:
-          type: integer
-        userVerification:
-          $ref: '#/components/schemas/UserVerificationEnum'
-    AuthenticatorStatus:
-      type: string
-      x-okta-known-values:
-        - ACTIVE
-        - INACTIVE
-    AuthenticatorType:
-      type: string
-      x-okta-known-values:
-        - app
-        - email
-        - federated
-        - password
-        - phone
-        - security_key
-        - security_question
-    AuthorizationServer:
-      type: object
-      properties:
-        audiences:
-          type: array
-          items:
-            type: string
-        created:
-          type: string
-          format: date-time
-          readOnly: true
-        credentials:
-          $ref: '#/components/schemas/AuthorizationServerCredentials'
-        description:
-          type: string
-        id:
-          type: string
-          readOnly: true
-        issuer:
-          type: string
-        issuerMode:
-          $ref: '#/components/schemas/IssuerMode'
-        lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        name:
-          type: string
-        status:
-          $ref: '#/components/schemas/LifecycleStatus'
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    AuthorizationServerCredentials:
-      type: object
-      properties:
-        signing:
-          $ref: '#/components/schemas/AuthorizationServerCredentialsSigningConfig'
-    AuthorizationServerCredentialsRotationMode:
-      type: string
-      x-okta-known-values:
-        - AUTO
-        - MANUAL
-    AuthorizationServerCredentialsSigningConfig:
-      type: object
-      properties:
-        kid:
-          type: string
-        lastRotated:
-          type: string
-          format: date-time
-          readOnly: true
-        nextRotation:
-          type: string
-          format: date-time
-          readOnly: true
-        rotationMode:
-          $ref: '#/components/schemas/AuthorizationServerCredentialsRotationMode'
-        use:
-          $ref: '#/components/schemas/AuthorizationServerCredentialsUse'
-    AuthorizationServerCredentialsUse:
-      type: string
-      x-okta-known-values:
-        - sig
-    AuthorizationServerPolicy:
-      allOf:
-        - $ref: '#/components/schemas/Policy'
-        - type: object
-          properties:
-            conditions:
-              $ref: '#/components/schemas/PolicyRuleConditions'
-    AuthorizationServerPolicyRule:
-      allOf:
-        - $ref: '#/components/schemas/PolicyRule'
-        - type: object
-          properties:
-            actions:
-              $ref: '#/components/schemas/AuthorizationServerPolicyRuleActions'
-            conditions:
-              $ref: '#/components/schemas/AuthorizationServerPolicyRuleConditions'
-    AuthorizationServerPolicyRuleActions:
-      allOf:
-        - $ref: '#/components/schemas/PolicyRuleActions'
-        - type: object
-          properties:
-            token:
-              $ref: '#/components/schemas/TokenAuthorizationServerPolicyRuleAction'
-    AuthorizationServerPolicyRuleConditions:
-      allOf:
-        - $ref: '#/components/schemas/PolicyRuleConditions'
-        - type: object
-          properties:
-            clients:
-              $ref: '#/components/schemas/ClientPolicyCondition'
-            grantTypes:
-              $ref: '#/components/schemas/GrantTypePolicyRuleCondition'
-            people:
-              $ref: '#/components/schemas/PolicyPeopleCondition'
-            scopes:
-              $ref: '#/components/schemas/OAuth2ScopesMediationPolicyRuleCondition'
-    AutoLoginApplication:
-      allOf:
-        - $ref: '#/components/schemas/Application'
-        - type: object
-          properties:
-            credentials:
-              $ref: '#/components/schemas/SchemeApplicationCredentials'
-            name:
-              type: string
-            settings:
-              $ref: '#/components/schemas/AutoLoginApplicationSettings'
-    AutoLoginApplicationSettings:
-      allOf:
-        - $ref: '#/components/schemas/ApplicationSettings'
-        - type: object
-          properties:
-            signOn:
-              $ref: '#/components/schemas/AutoLoginApplicationSettingsSignOn'
-    AutoLoginApplicationSettingsSignOn:
-      type: object
-      properties:
-        loginUrl:
-          type: string
-        redirectUrl:
-          type: string
-    AutoUpdateSchedule:
-      description: The schedule of auto-update configured by admin.
-      type: object
-      properties:
-        cron:
-          type: string
-        delay:
-          description: delay in days
-          type: integer
-        duration:
-          description: duration in minutes
-          type: integer
-        lastUpdated:
-          description: last time when the updated finished (success or failed, exclude cancelled), null if job haven't finished once yet.
-          type: string
-          format: date-time
-        timezone:
-          type: string
-    BaseEmailDomain:
-      type: object
-      properties:
-        displayName:
-          type: string
-        userName:
-          type: string
-      required:
-        - displayName
-        - userName
-    BasicApplicationSettings:
-      allOf:
-        - $ref: '#/components/schemas/ApplicationSettings'
-        - type: object
-          properties:
-            app:
-              $ref: '#/components/schemas/BasicApplicationSettingsApplication'
-    BasicApplicationSettingsApplication:
-      type: object
-      properties:
-        authURL:
-          type: string
-        url:
-          type: string
-    BasicAuthApplication:
-      x-okta-defined-as:
-        name: template_basic_auth
-      allOf:
-        - $ref: '#/components/schemas/Application'
-        - type: object
-          properties:
-            credentials:
-              $ref: '#/components/schemas/SchemeApplicationCredentials'
-            name:
-              type: string
-              default: template_basic_auth
-            settings:
-              $ref: '#/components/schemas/BasicApplicationSettings'
-    BeforeScheduledActionPolicyRuleCondition:
-      type: object
-      properties:
-        duration:
-          $ref: '#/components/schemas/Duration'
-        lifecycleAction:
-          $ref: '#/components/schemas/ScheduledUserLifecycleAction'
-    BehaviorRule:
-      title: Behavior Detection Rule
-      type: object
-      properties:
-        created:
-          type: string
-          format: date-time
-          readOnly: true
-        id:
-          type: string
-          readOnly: true
-        lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        name:
-          type: string
-          maxLength: 128
-        status:
-          $ref: '#/components/schemas/LifecycleStatus'
-        type:
-          $ref: '#/components/schemas/BehaviorRuleType'
-        _link:
-          type: object
-          properties:
-            self:
-              $ref: '#/components/schemas/HrefObject'
-          readOnly: true
-      required:
-        - name
-        - type
-      discriminator:
-        propertyName: type
-        mapping:
-          ANOMALOUS_LOCATION: '#/components/schemas/BehaviorRuleAnomalousLocation'
-          ANOMALOUS_IP: '#/components/schemas/BehaviorRuleAnomalousIP'
-          ANOMALOUS_DEVICE: '#/components/schemas/BehaviorRuleAnomalousDevice'
-          VELOCITY: '#/components/schemas/BehaviorRuleVelocity'
-    BehaviorRuleAnomalousDevice:
-      allOf:
-        - $ref: '#/components/schemas/BehaviorRule'
-        - type: object
-          properties:
-            settings:
-              $ref: '#/components/schemas/BehaviorRuleSettingsAnomalousDevice'
-    BehaviorRuleAnomalousIP:
-      allOf:
-        - $ref: '#/components/schemas/BehaviorRule'
-        - type: object
-          properties:
-            settings:
-              $ref: '#/components/schemas/BehaviorRuleSettingsAnomalousIP'
-    BehaviorRuleAnomalousLocation:
-      allOf:
-        - $ref: '#/components/schemas/BehaviorRule'
-        - type: object
-          properties:
-            settings:
-              $ref: '#/components/schemas/BehaviorRuleSettingsAnomalousLocation'
-    BehaviorRuleSettings:
-      title: Behavior Detection Rule Settings
-      type: object
-    BehaviorRuleSettingsAnomalousDevice:
-      allOf:
-        - $ref: '#/components/schemas/BehaviorRuleSettingsHistoryBased'
-    BehaviorRuleSettingsAnomalousIP:
-      allOf:
-        - $ref: '#/components/schemas/BehaviorRuleSettingsHistoryBased'
-        - type: object
-          properties:
-            maxEventsUsedForEvaluation:
-              type: integer
-              minimum: 0
-              maximum: 100
-              default: 50
-    BehaviorRuleSettingsAnomalousLocation:
-      allOf:
-        - $ref: '#/components/schemas/BehaviorRuleSettingsHistoryBased'
-        - type: object
-          properties:
-            granularity:
-              $ref: '#/components/schemas/LocationGranularity'
-            radiusKilometers:
-              type: integer
-              description: Required when `granularity` is `LAT_LONG`. Radius from the provided coordinates in kilometers.
-          required:
-            - granularity
-    BehaviorRuleSettingsHistoryBased:
-      allOf:
-        - $ref: '#/components/schemas/BehaviorRuleSettings'
-        - title: Behavior Detection Rule Settings based on Event History
-          type: object
-          properties:
-            maxEventsUsedForEvaluation:
-              type: integer
-              minimum: 1
-              maximum: 100
-              default: 20
-            minEventsNeededForEvaluation:
-              type: integer
-              minimum: 0
-              maximum: 10
-              default: 0
-    BehaviorRuleSettingsVelocity:
-      allOf:
-        - $ref: '#/components/schemas/BehaviorRuleSettings'
-        - title: Behavior Detection Rule Settings based on device velocity in kilometers per hour.
-          type: object
-          properties:
-            velocityKph:
-              type: integer
-              minimum: 1
-              default: 805
-          required:
-            - velocityKph
-    BehaviorRuleType:
-      type: string
-      x-okta-known-values:
-        - ANOMALOUS_DEVICE
-        - ANOMALOUS_IP
-        - ANOMALOUS_LOCATION
-        - VELOCITY
-    BehaviorRuleVelocity:
-      allOf:
-        - $ref: '#/components/schemas/BehaviorRule'
-        - type: object
-          properties:
-            settings:
-              $ref: '#/components/schemas/BehaviorRuleSettingsVelocity'
-    BookmarkApplication:
-      x-okta-defined-as:
-        name: bookmark
-      allOf:
-        - $ref: '#/components/schemas/Application'
-        - type: object
-          properties:
-            credentials:
-              $ref: '#/components/schemas/ApplicationCredentials'
-            name:
-              type: string
-              default: bookmark
-            settings:
-              $ref: '#/components/schemas/BookmarkApplicationSettings'
-    BookmarkApplicationSettings:
-      allOf:
-        - $ref: '#/components/schemas/ApplicationSettings'
-        - type: object
-          properties:
-            app:
-              $ref: '#/components/schemas/BookmarkApplicationSettingsApplication'
-    BookmarkApplicationSettingsApplication:
-      type: object
-      properties:
-        requestIntegration:
-          type: boolean
-        url:
-          type: string
-    BouncesRemoveListError:
-      type: object
-      properties:
-        emailAddress:
-          type: string
-        reason:
-          type: string
-    BouncesRemoveListObj:
-      type: object
-      properties:
-        emailAddresses:
-          type: array
-          items:
-            type: string
-    BouncesRemoveListResult:
-      type: object
-      properties:
-        errors:
-          type: array
-          items:
-            $ref: '#/components/schemas/BouncesRemoveListError'
-    Brand:
-      type: object
-      properties:
-        agreeToCustomPrivacyPolicy:
-          type: boolean
-        customPrivacyPolicyUrl:
-          type: string
-        defaultApp:
-          type: object
-          properties:
-            appInstanceId:
-              type: string
-            appLinkName:
-              type: string
-        displayLanguage:
-          $ref: '#/components/schemas/Language'
-        id:
-          readOnly: true
-          type: string
-        optOutOfUserCommunications:
-          type: boolean
-        removePoweredByOkta:
-          type: boolean
-        _links:
-          additionalProperties:
-            type: object
-          readOnly: true
-          type: object
-    BrowserPluginApplication:
-      allOf:
-        - $ref: '#/components/schemas/Application'
-        - type: object
-          properties:
-            credentials:
-              $ref: '#/components/schemas/SchemeApplicationCredentials'
-            name:
-              type: string
-            settings:
-              $ref: '#/components/schemas/SwaApplicationSettings'
-    CAPTCHAInstance:
-      title: CAPTCHAInstance
-      description: ''
-      type: object
-      properties:
-        id:
-          type: string
-          readOnly: true
-        name:
-          type: string
-        secretKey:
-          type: string
-          writeOnly: true
-        siteKey:
-          type: string
-        type:
-          $ref: '#/components/schemas/CAPTCHAType'
-        _link:
-          type: object
-          properties:
-            self:
-              $ref: '#/components/schemas/HrefObject'
-          readOnly: true
-    CAPTCHAType:
-      type: string
-      x-okta-known-values:
-        - HCAPTCHA
-        - RECAPTCHA_V2
-    CallUserFactor:
-      allOf:
-        - $ref: '#/components/schemas/UserFactor'
-        - type: object
-          properties:
-            profile:
-              $ref: '#/components/schemas/CallUserFactorProfile'
-    CallUserFactorProfile:
-      type: object
-      properties:
-        phoneExtension:
-          type: string
-        phoneNumber:
-          type: string
-    CapabilitiesCreateObject:
-      type: object
-      properties:
-        lifecycleCreate:
-          $ref: '#/components/schemas/LifecycleCreateSettingObject'
-    CapabilitiesObject:
-      type: object
-      properties:
-        create:
-          $ref: '#/components/schemas/CapabilitiesCreateObject'
-        update:
-          $ref: '#/components/schemas/CapabilitiesUpdateObject'
-    CapabilitiesUpdateObject:
-      type: object
-      properties:
-        lifecycleDeactivate:
-          $ref: '#/components/schemas/LifecycleDeactivateSettingObject'
-        password:
-          $ref: '#/components/schemas/PasswordSettingObject'
-        profile:
-          $ref: '#/components/schemas/ProfileSettingObject'
-    CatalogApplication:
-      type: object
-      properties:
-        category:
-          type: string
-        description:
-          type: string
-        displayName:
-          type: string
-        features:
-          type: array
-          items:
-            type: string
-        id:
-          type: string
-          readOnly: true
-        lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        name:
-          type: string
-        signOnModes:
-          type: array
-          items:
-            type: string
-        status:
-          $ref: '#/components/schemas/CatalogApplicationStatus'
-        verificationStatus:
-          type: string
-        website:
-          type: string
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    CatalogApplicationStatus:
-      type: string
-      x-okta-known-values:
-        - ACTIVE
-        - INACTIVE
-    ChangeEnum:
-      type: string
-      x-okta-known-values:
-        - CHANGE
-        - KEEP_EXISTING
-    ChangePasswordRequest:
-      type: object
-      properties:
-        newPassword:
-          $ref: '#/components/schemas/PasswordCredential'
-        oldPassword:
-          $ref: '#/components/schemas/PasswordCredential'
-    ChannelBinding:
-      type: object
-      properties:
-        required:
-          $ref: '#/components/schemas/RequiredEnum'
-        style:
-          type: string
-    ClientPolicyCondition:
-      type: object
-      properties:
-        include:
-          type: array
-          items:
-            type: string
-    Compliance:
-      type: object
-      properties:
-        fips:
-          $ref: '#/components/schemas/FipsEnum'
-    ContextPolicyRuleCondition:
-      allOf:
-        - $ref: '#/components/schemas/DevicePolicyRuleCondition'
-        - type: object
-          properties:
-            expression:
-              type: string
-    CreateSessionRequest:
-      type: object
-      properties:
-        sessionToken:
-          type: string
-    CreateUserRequest:
-      type: object
-      properties:
-        credentials:
-          $ref: '#/components/schemas/UserCredentials'
-        groupIds:
-          type: array
-          items:
-            type: string
-        profile:
-          $ref: '#/components/schemas/UserProfile'
-        type:
-          $ref: '#/components/schemas/UserType'
-      required:
-        - profile
-    Csr:
-      type: object
-      properties:
-        created:
-          type: string
-          format: date-time
-          readOnly: true
-        csr:
-          type: string
-          readOnly: true
-        id:
-          type: string
-          readOnly: true
-        kty:
-          type: string
-          readOnly: true
-    CsrMetadata:
-      type: object
-      properties:
-        subject:
-          $ref: '#/components/schemas/CsrMetadataSubject'
-        subjectAltNames:
-          $ref: '#/components/schemas/CsrMetadataSubjectAltNames'
-    CsrMetadataSubject:
-      type: object
-      properties:
-        commonName:
-          type: string
-        countryName:
-          type: string
-        localityName:
-          type: string
-        organizationalUnitName:
-          type: string
-        organizationName:
-          type: string
-        stateOrProvinceName:
-          type: string
-    CsrMetadataSubjectAltNames:
-      type: object
-      properties:
-        dnsNames:
-          type: array
-          items:
-            type: string
-    CustomHotpUserFactor:
-      allOf:
-        - $ref: '#/components/schemas/UserFactor'
-        - type: object
-          properties:
-            factorProfileId:
-              type: string
-            profile:
-              $ref: '#/components/schemas/CustomHotpUserFactorProfile'
-    CustomHotpUserFactorProfile:
-      type: object
-      properties:
-        sharedSecret:
-          type: string
-    CustomizablePage:
-      type: object
-      properties:
-        pageContent:
-          type: string
-      required:
-        - pageContent
-    DNSRecord:
-      type: object
-      properties:
-        expiration:
-          type: string
-        fqdn:
-          type: string
-        recordType:
-          $ref: '#/components/schemas/DNSRecordType'
-        values:
-          type: array
-          items:
-            type: string
-    DNSRecordType:
-      type: string
-      x-okta-known-values:
-        - CNAME
-        - TXT
-    DeviceAccessPolicyRuleCondition:
-      allOf:
-        - $ref: '#/components/schemas/DevicePolicyRuleCondition'
-        - type: object
-          properties:
-            managed:
-              type: boolean
-            registered:
-              type: boolean
-    DeviceAssurance:
-      title: DeviceAssurance
-      type: object
-      properties:
-        createdBy:
-          type: string
-          readOnly: true
-        createdDate:
-          type: string
-          readOnly: true
-        diskEncryptionType:
-          type: object
-          properties:
-            include:
-              type: array
-              items:
-                $ref: '#/components/schemas/DiskEncryptionType'
-        id:
-          type: string
-          readOnly: true
-        jailbreak:
-          type: boolean
-        lastUpdatedBy:
-          type: string
-          readOnly: true
-        lastUpdatedDate:
-          type: string
-          readOnly: true
-        name:
-          type: string
-          description: Display name of the Device Assurance Policy
-        osVersion:
-          $ref: '#/components/schemas/VersionObject'
-        platform:
-          $ref: '#/components/schemas/Platform'
-        screenLockType:
-          type: object
-          properties:
-            include:
-              type: array
-              items:
-                $ref: '#/components/schemas/ScreenLockType'
-        secureHardwarePresent:
-          type: boolean
-        _links:
-          type: object
-          properties:
-            self:
-              $ref: '#/components/schemas/HrefObject'
-          readOnly: true
-    DevicePolicyMDMFramework:
-      type: string
-      x-okta-known-values:
-        - AFW
-        - NATIVE
-        - SAFE
-    DevicePolicyPlatformType:
-      type: string
-      x-okta-known-values:
-        - ANDROID
-        - IOS
-        - OSX
-        - WINDOWS
-    DevicePolicyRuleCondition:
-      type: object
-      properties:
-        migrated:
-          type: boolean
-        platform:
-          $ref: '#/components/schemas/DevicePolicyRuleConditionPlatform'
-        rooted:
-          type: boolean
-        trustLevel:
-          $ref: '#/components/schemas/DevicePolicyTrustLevel'
-    DevicePolicyRuleConditionPlatform:
-      type: object
-      properties:
-        supportedMDMFrameworks:
-          type: array
-          items:
-            $ref: '#/components/schemas/DevicePolicyMDMFramework'
-        types:
-          type: array
-          items:
-            $ref: '#/components/schemas/DevicePolicyPlatformType'
-    DevicePolicyTrustLevel:
-      type: string
-      x-okta-known-values:
-        - ANY
-        - TRUSTED
-    DiskEncryptionType:
-      type: string
-      x-okta-known-values:
-        - ALL_INTERNAL_VOLUMES
-        - FULL
-        - USER
-    Domain:
-      type: object
-      properties:
-        certificateSourceType:
-          $ref: '#/components/schemas/DomainCertificateSourceType'
-        dnsRecords:
-          type: array
-          items:
-            $ref: '#/components/schemas/DNSRecord'
-        domain:
-          type: string
-        id:
-          type: string
-        publicCertificate:
-          $ref: '#/components/schemas/DomainCertificateMetadata'
-        validationStatus:
-          $ref: '#/components/schemas/DomainValidationStatus'
-    DomainCertificate:
-      type: object
-      properties:
-        certificate:
-          type: string
-        certificateChain:
-          type: string
-        privateKey:
-          type: string
-        type:
-          $ref: '#/components/schemas/DomainCertificateType'
-    DomainCertificateMetadata:
-      type: object
-      properties:
-        expiration:
-          type: string
-        fingerprint:
-          type: string
-        subject:
-          type: string
-    DomainCertificateSourceType:
-      type: string
-      x-okta-known-values:
-        - MANUAL
-        - OKTA_MANAGED
-    DomainCertificateType:
-      type: string
-      x-okta-known-values:
-        - PEM
-    DomainLinks:
-      type: object
-      properties:
-        certificate:
-          type: object
-          properties: {}
-        self:
-          type: object
-          properties: {}
-        verify:
-          type: object
-          properties: {}
-    DomainListResponse:
-      type: object
-      properties:
-        domains:
-          type: array
-          items:
-            $ref: '#/components/schemas/DomainResponse'
-    DomainResponse:
-      type: object
-      properties:
-        certificateSourceType:
-          $ref: '#/components/schemas/DomainCertificateSourceType'
-        dnsRecords:
-          type: array
-          items:
-            $ref: '#/components/schemas/DNSRecord'
-        domain:
-          type: string
-        id:
-          type: string
-        publicCertificate:
-          $ref: '#/components/schemas/DomainCertificateMetadata'
-        validationStatus:
-          $ref: '#/components/schemas/DomainValidationStatus'
-        _links:
-          $ref: '#/components/schemas/DomainLinks'
-    DomainValidationStatus:
-      type: string
-      x-okta-known-values:
-        - COMPLETED
-        - IN_PROGRESS
-        - NOT_STARTED
-        - VERIFIED
-    Duration:
-      type: object
-      properties:
-        number:
-          type: integer
-        unit:
-          type: string
-    EmailContent:
-      type: object
-      properties:
-        body:
-          type: string
-          description: The email's HTML body. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
-        subject:
-          type: string
-          description: The email's subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
-      required:
-        - subject
-        - body
-    EmailCustomization:
-      allOf:
-        - $ref: '#/components/schemas/EmailContent'
-        - type: object
-          properties:
-            created:
-              type: string
-              format: date-time
-              readOnly: true
-              description: The UTC time at which this email customization was created.
-            id:
-              type: string
-              readOnly: true
-              description: A unique identifier for this email customization.
-            isDefault:
-              type: boolean
-              description: Whether this is the default customization for the email template. Each customized email template must have exactly one default customization. Defaults to `true` for the first customization and `false` thereafter.
-            language:
-              $ref: '#/components/schemas/Language'
-            lastUpdated:
-              type: string
-              format: date-time
-              readOnly: true
-              description: The UTC time at which this email customization was last updated.
-            _links:
-              type: object
-              properties:
-                self:
-                  $ref: '#/components/schemas/HrefObject'
-                template:
-                  $ref: '#/components/schemas/HrefObject'
-                preview:
-                  $ref: '#/components/schemas/HrefObject'
-                test:
-                  $ref: '#/components/schemas/HrefObject'
-              readOnly: true
-              description: Links to resources related to this email customization.
-          required:
-            - language
-    EmailDefaultContent:
-      allOf:
-        - $ref: '#/components/schemas/EmailContent'
-        - type: object
-          properties:
-            _links:
-              type: object
-              properties:
-                self:
-                  $ref: '#/components/schemas/HrefObject'
-                template:
-                  $ref: '#/components/schemas/HrefObject'
-                preview:
-                  $ref: '#/components/schemas/HrefObject'
-                test:
-                  $ref: '#/components/schemas/HrefObject'
-              readOnly: true
-              description: Links to resources related to this email template's default content.
-    EmailDomain:
-      allOf:
-        - $ref: '#/components/schemas/BaseEmailDomain'
-      type: object
-      properties:
-        domain:
-          type: string
-      required:
-        - domain
-    EmailDomainListResponse:
-      type: object
-      properties:
-        email-domains:
-          type: array
-          items:
-            $ref: '#/components/schemas/EmailDomainResponse'
-    EmailDomainResponse:
-      allOf:
-        - $ref: '#/components/schemas/BaseEmailDomain'
-      type: object
-      properties:
-        dnsValidationRecords:
-          type: array
-          items:
-            $ref: '#/components/schemas/DNSRecord'
-        domain:
-          type: string
-        id:
-          type: string
-        validationStatus:
-          $ref: '#/components/schemas/EmailDomainStatus'
-    EmailDomainStatus:
-      type: string
-      x-okta-known-values:
-        - DELETED
-        - ERROR
-        - NOT_STARTED
-        - POLLING
-        - VERIFIED
-    EmailPreview:
-      type: object
-      properties:
-        body:
-          type: string
-          readOnly: true
-          description: The email's HTML body.
-        subject:
-          type: string
-          readOnly: true
-          description: The email's subject.
-        _links:
-          type: object
-          properties:
-            self:
-              $ref: '#/components/schemas/HrefObject'
-            contentSource:
-              $ref: '#/components/schemas/HrefObject'
-            template:
-              $ref: '#/components/schemas/HrefObject'
-            test:
-              $ref: '#/components/schemas/HrefObject'
-            defaultContent:
-              $ref: '#/components/schemas/HrefObject'
-          readOnly: true
-          description: Links to resources related to this email preview.
-    EmailSettings:
-      type: object
-      properties:
-        recipients:
-          type: string
-          enum:
-            - ALL_USERS
-            - ADMINS_ONLY
-            - NO_USERS
-      required:
-        - recipients
-    EmailTemplate:
-      type: object
-      properties:
-        name:
-          type: string
-          readOnly: true
-          description: The name of this email template.
-        _embedded:
-          type: object
-          properties:
-            settings:
-              $ref: '#/components/schemas/EmailSettings'
-            customizationCount:
-              type: integer
-          readOnly: true
-        _links:
-          type: object
-          properties:
-            self:
-              $ref: '#/components/schemas/HrefObject'
-            settings:
-              $ref: '#/components/schemas/HrefObject'
-            defaultContent:
-              $ref: '#/components/schemas/HrefObject'
-            customizations:
-              $ref: '#/components/schemas/HrefObject'
-            test:
-              $ref: '#/components/schemas/HrefObject'
-          readOnly: true
-          description: Links to resources related to this email template.
-    EmailTemplateTouchPointVariant:
-      type: string
-      x-okta-known-values:
-        - FULL_THEME
-        - OKTA_DEFAULT
-    EmailUserFactor:
-      allOf:
-        - $ref: '#/components/schemas/UserFactor'
-        - type: object
-          properties:
-            profile:
-              $ref: '#/components/schemas/EmailUserFactorProfile'
-    EmailUserFactorProfile:
-      type: object
-      properties:
-        email:
-          type: string
-    EnabledStatus:
-      type: string
-      x-okta-known-values:
-        - DISABLED
-        - ENABLED
-    EndUserDashboardTouchPointVariant:
-      type: string
-      x-okta-known-values:
-        - FULL_THEME
-        - LOGO_ON_FULL_WHITE_BACKGROUND
-        - OKTA_DEFAULT
-        - WHITE_LOGO_BACKGROUND
-    Error:
-      title: Error
-      type: object
-      properties:
-        errorCauses:
-          type: array
-          items:
-            type: object
-            properties:
-              errorSummary:
-                type: string
-        errorCode:
-          type: string
-          description: An Okta code for this type of error
-        errorId:
-          type: string
-          description: A unique identifier for this error. This can be used by Okta Support to help with troubleshooting.
-        errorLink:
-          type: string
-          description: An Okta code for this type of error
-        errorSummary:
-          type: string
-          description: A short description of what caused this error. Sometimes this contains dynamically-generated information about your specific error.
-    ErrorPageTouchPointVariant:
-      type: string
-      x-okta-known-values:
-        - BACKGROUND_IMAGE
-        - BACKGROUND_SECONDARY_COLOR
-        - OKTA_DEFAULT
-    EventHook:
-      type: object
-      properties:
-        channel:
-          $ref: '#/components/schemas/EventHookChannel'
-        created:
-          type: string
-          format: date-time
-          readOnly: true
-        createdBy:
-          type: string
-        events:
-          $ref: '#/components/schemas/EventSubscriptions'
-        id:
-          type: string
-          readOnly: true
-        lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        name:
-          type: string
-        status:
-          $ref: '#/components/schemas/LifecycleStatus'
-        verificationStatus:
-          $ref: '#/components/schemas/EventHookVerificationStatus'
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    EventHookChannel:
-      type: object
-      properties:
-        config:
-          $ref: '#/components/schemas/EventHookChannelConfig'
-        type:
-          $ref: '#/components/schemas/EventHookChannelType'
-        version:
-          type: string
-    EventHookChannelConfig:
-      type: object
-      properties:
-        authScheme:
-          $ref: '#/components/schemas/EventHookChannelConfigAuthScheme'
-        headers:
-          type: array
-          items:
-            $ref: '#/components/schemas/EventHookChannelConfigHeader'
-        uri:
-          type: string
-    EventHookChannelConfigAuthScheme:
-      type: object
-      properties:
-        key:
-          type: string
-        type:
-          $ref: '#/components/schemas/EventHookChannelConfigAuthSchemeType'
-        value:
-          type: string
-    EventHookChannelConfigAuthSchemeType:
-      type: string
-      x-okta-known-values:
-        - HEADER
-    EventHookChannelConfigHeader:
-      type: object
-      properties:
-        key:
-          type: string
-        value:
-          type: string
-    EventHookChannelType:
-      type: string
-      x-okta-known-values:
-        - HTTP
-    EventHookVerificationStatus:
-      type: string
-      x-okta-known-values:
-        - UNVERIFIED
-        - VERIFIED
-    EventSubscriptionType:
-      type: string
-      x-okta-known-values:
-        - EVENT_TYPE
-        - FLOW_EVENT
-    EventSubscriptions:
-      type: object
-      properties:
-        items:
-          type: array
-          items:
-            type: string
-        type:
-          $ref: '#/components/schemas/EventSubscriptionType'
-      discriminator:
-        propertyName: type
-    FCMConfiguration:
-      properties:
-        fileName:
-          type: string
-          description: (Optional) File name for Admin Console display
-        projectId:
-          type: string
-          description: Project ID of FCM configuration
-          readOnly: true
-        serviceAccountJson:
-          type: object
-          description: JSON containing the private service account key and service account details. See [Creating and managing service account keys](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) for more information on creating service account keys in JSON.
-          writeOnly: true
-    FCMPushProvider:
-      allOf:
-        - $ref: '#/components/schemas/PushProvider'
-        - type: object
-          properties:
-            configuration:
-              $ref: '#/components/schemas/FCMConfiguration'
-    FactorProvider:
-      type: string
-      x-okta-known-values:
-        - CUSTOM
-        - DUO
-        - FIDO
-        - GOOGLE
-        - OKTA
-        - RSA
-        - SYMANTEC
-        - YUBICO
-    FactorResultType:
-      type: string
-      x-okta-known-values:
-        - CANCELLED
-        - CHALLENGE
-        - ERROR
-        - FAILED
-        - PASSCODE_REPLAYED
-        - REJECTED
-        - SUCCESS
-        - TIMEOUT
-        - TIME_WINDOW_EXCEEDED
-        - WAITING
-    FactorStatus:
-      type: string
-      x-okta-known-values:
-        - ACTIVE
-        - DISABLED
-        - ENROLLED
-        - EXPIRED
-        - INACTIVE
-        - NOT_SETUP
-        - PENDING_ACTIVATION
-    FactorType:
-      type: string
-      x-okta-known-values:
-        - call
-        - email
-        - hotp
-        - push
-        - question
-        - sms
-        - token
-        - token:hardware
-        - token:hotp
-        - token:software:totp
-        - u2f
-        - web
-        - webauthn
-    Feature:
-      type: object
-      properties:
-        description:
-          type: string
-        id:
-          type: string
-          readOnly: true
-        name:
-          type: string
-        stage:
-          $ref: '#/components/schemas/FeatureStage'
-        status:
-          $ref: '#/components/schemas/EnabledStatus'
-        type:
-          $ref: '#/components/schemas/FeatureType'
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    FeatureStage:
-      type: object
-      properties:
-        state:
-          $ref: '#/components/schemas/FeatureStageState'
-        value:
-          $ref: '#/components/schemas/FeatureStageValue'
-    FeatureStageState:
-      type: string
-      x-okta-known-values:
-        - CLOSED
-        - OPEN
-    FeatureStageValue:
-      type: string
-      x-okta-known-values:
-        - BETA
-        - EA
-    FeatureType:
-      type: string
-      x-okta-known-values:
-        - self-service
-    FipsEnum:
-      type: string
-      x-okta-known-values:
-        - OPTIONAL
-        - REQUIRED
-    ForgotPasswordResponse:
-      type: object
-      properties:
-        resetPasswordUrl:
-          type: string
-          readOnly: true
-    GrantOrTokenStatus:
-      type: string
-      x-okta-known-values:
-        - ACTIVE
-        - REVOKED
-    GrantTypePolicyRuleCondition:
-      type: object
-      properties:
-        include:
-          type: array
-          items:
-            type: string
-    Group:
-      type: object
-      properties:
-        created:
-          type: string
-          format: date-time
-          readOnly: true
-        id:
-          type: string
-          readOnly: true
-        lastMembershipUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        objectClass:
-          type: array
-          readOnly: true
-          items:
-            type: string
-        profile:
-          $ref: '#/components/schemas/GroupProfile'
-        type:
-          $ref: '#/components/schemas/GroupType'
-        _embedded:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    GroupCondition:
-      type: object
-      properties:
-        exclude:
-          type: array
-          items:
-            type: string
-        include:
-          type: array
-          items:
-            type: string
-    GroupPolicyRuleCondition:
-      type: object
-      properties:
-        exclude:
-          type: array
-          items:
-            type: string
-        include:
-          type: array
-          items:
-            type: string
-    GroupProfile:
-      type: object
-      properties:
-        description:
-          type: string
-        name:
-          type: string
-      x-okta-extensible: true
-    GroupRule:
-      type: object
-      properties:
-        actions:
-          $ref: '#/components/schemas/GroupRuleAction'
-        conditions:
-          $ref: '#/components/schemas/GroupRuleConditions'
-        created:
-          type: string
-          format: date-time
-          readOnly: true
-        id:
-          type: string
-          readOnly: true
-        lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        name:
-          type: string
-        status:
-          $ref: '#/components/schemas/GroupRuleStatus'
-        type:
-          type: string
-    GroupRuleAction:
-      type: object
-      properties:
-        assignUserToGroups:
-          $ref: '#/components/schemas/GroupRuleGroupAssignment'
-    GroupRuleConditions:
-      type: object
-      properties:
-        expression:
-          $ref: '#/components/schemas/GroupRuleExpression'
-        people:
-          $ref: '#/components/schemas/GroupRulePeopleCondition'
-    GroupRuleExpression:
-      type: object
-      properties:
-        type:
-          type: string
-        value:
-          type: string
-    GroupRuleGroupAssignment:
-      type: object
-      properties:
-        groupIds:
-          type: array
-          items:
-            type: string
-    GroupRuleGroupCondition:
-      type: object
-      properties:
-        exclude:
-          type: array
-          items:
-            type: string
-        include:
-          type: array
-          items:
-            type: string
-    GroupRulePeopleCondition:
-      type: object
-      properties:
-        groups:
-          $ref: '#/components/schemas/GroupRuleGroupCondition'
-        users:
-          $ref: '#/components/schemas/GroupRuleUserCondition'
-    GroupRuleStatus:
-      type: string
-      x-okta-known-values:
-        - ACTIVE
-        - INACTIVE
-        - INVALID
-    GroupRuleUserCondition:
-      type: object
-      properties:
-        exclude:
-          type: array
-          items:
-            type: string
-        include:
-          type: array
-          items:
-            type: string
-    GroupSchema:
-      type: object
-      properties:
-        $schema:
-          readOnly: true
-          type: string
-        created:
-          readOnly: true
-          type: string
-        definitions:
-          $ref: '#/components/schemas/GroupSchemaDefinitions'
-        description:
-          type: string
-        id:
-          readOnly: true
-          type: string
-        lastUpdated:
-          readOnly: true
-          type: string
-        name:
-          readOnly: true
-          type: string
-        properties:
-          $ref: '#/components/schemas/UserSchemaProperties'
-        title:
-          type: string
-        type:
-          readOnly: true
-          type: string
-        _links:
-          additionalProperties:
-            type: object
-          readOnly: true
-          type: object
-      x-okta-allow-null-property-value-for-updates: true
-    GroupSchemaAttribute:
-      type: object
-      properties:
-        description:
-          type: string
-        enum:
-          items:
-            type: string
-          type: array
-        externalName:
-          type: string
-        externalNamespace:
-          type: string
-        items:
-          $ref: '#/components/schemas/UserSchemaAttributeItems'
-        master:
-          $ref: '#/components/schemas/UserSchemaAttributeMaster'
-        maxLength:
-          type: integer
-        minLength:
-          type: integer
-        mutability:
-          type: string
-        oneOf:
-          items:
-            $ref: '#/components/schemas/UserSchemaAttributeEnum'
-          type: array
-        permissions:
-          items:
-            $ref: '#/components/schemas/UserSchemaAttributePermission'
-          type: array
-        required:
-          type: boolean
-        scope:
-          $ref: '#/components/schemas/UserSchemaAttributeScope'
-        title:
-          type: string
-        type:
-          $ref: '#/components/schemas/UserSchemaAttributeType'
-        union:
-          $ref: '#/components/schemas/UserSchemaAttributeUnion'
-        unique:
-          type: string
-    GroupSchemaBase:
-      type: object
-      properties:
-        id:
-          readOnly: true
-          type: string
-        properties:
-          $ref: '#/components/schemas/GroupSchemaBaseProperties'
-        required:
-          items:
-            type: string
-          type: array
-        type:
-          type: string
-    GroupSchemaBaseProperties:
-      type: object
-      properties:
-        description:
-          $ref: '#/components/schemas/GroupSchemaAttribute'
-        name:
-          $ref: '#/components/schemas/GroupSchemaAttribute'
-    GroupSchemaCustom:
-      type: object
-      properties:
-        id:
-          readOnly: true
-          type: string
-        properties:
-          additionalProperties:
-            $ref: '#/components/schemas/GroupSchemaAttribute'
-          type: object
-        required:
-          items:
-            type: string
-          type: array
-        type:
-          type: string
-    GroupSchemaDefinitions:
-      type: object
-      properties:
-        base:
-          $ref: '#/components/schemas/GroupSchemaBase'
-        custom:
-          $ref: '#/components/schemas/GroupSchemaCustom'
-    GroupType:
-      type: string
-      x-okta-known-values:
-        - APP_GROUP
-        - BUILT_IN
-        - OKTA_GROUP
-    HardwareUserFactor:
-      allOf:
-        - $ref: '#/components/schemas/UserFactor'
-        - type: object
-          properties:
-            profile:
-              $ref: '#/components/schemas/HardwareUserFactorProfile'
-    HardwareUserFactorProfile:
-      type: object
-      properties:
-        credentialId:
-          type: string
-    HostedPage:
-      type: object
-      properties:
-        type:
-          $ref: '#/components/schemas/HostedPageType'
-        url:
-          type: string
-      required:
-        - type
-    HostedPageType:
-      type: string
-      x-okta-known-values:
-        - EXTERNALLY_HOSTED
-        - OKTA_DEFAULT
-    HrefObject:
-      title: hrefObject
-      description: Used for links
-      type: object
-      properties:
-        hints:
-          type: object
-          properties:
-            allow:
-              type: array
-              items:
-                $ref: '#/components/schemas/HttpMethod'
-        href:
-          type: string
-    HttpMethod:
-      type: string
-      x-okta-known-values:
-        - DELETE
-        - GET
-        - POST
-        - PUT
-    IdentityProvider:
-      type: object
-      properties:
-        created:
-          type: string
-          format: date-time
-          readOnly: true
-          nullable: true
-        id:
-          type: string
-          readOnly: true
-        issuerMode:
-          $ref: '#/components/schemas/IssuerMode'
-        lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        name:
-          type: string
-        policy:
-          $ref: '#/components/schemas/IdentityProviderPolicy'
-        protocol:
-          $ref: '#/components/schemas/Protocol'
-        status:
-          $ref: '#/components/schemas/LifecycleStatus'
-        type:
-          $ref: '#/components/schemas/IdentityProviderType'
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    IdentityProviderApplicationUser:
-      type: object
-      properties:
-        created:
-          type: string
-        externalId:
-          type: string
-        id:
-          type: string
-          readOnly: true
-        lastUpdated:
-          type: string
-        profile:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-        _embedded:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    IdentityProviderCredentials:
-      type: object
-      properties:
-        client:
-          $ref: '#/components/schemas/IdentityProviderCredentialsClient'
-        signing:
-          $ref: '#/components/schemas/IdentityProviderCredentialsSigning'
-        trust:
-          $ref: '#/components/schemas/IdentityProviderCredentialsTrust'
-    IdentityProviderCredentialsClient:
-      type: object
-      properties:
-        client_id:
-          type: string
-        client_secret:
-          type: string
-    IdentityProviderCredentialsSigning:
-      type: object
-      properties:
-        kid:
-          type: string
-    IdentityProviderCredentialsTrust:
-      type: object
-      properties:
-        audience:
-          type: string
-        issuer:
-          type: string
-        kid:
-          type: string
-        revocation:
-          $ref: '#/components/schemas/IdentityProviderCredentialsTrustRevocation'
-        revocationCacheLifetime:
-          type: integer
-    IdentityProviderCredentialsTrustRevocation:
-      type: string
-      x-okta-known-values:
-        - CRL
-        - DELTA_CRL
-        - OCSP
-    IdentityProviderPolicy:
-      allOf:
-        - $ref: '#/components/schemas/Policy'
-        - type: object
-          properties:
-            accountLink:
-              $ref: '#/components/schemas/PolicyAccountLink'
-            conditions:
-              $ref: '#/components/schemas/PolicyRuleConditions'
-            maxClockSkew:
-              type: integer
-            provisioning:
-              $ref: '#/components/schemas/Provisioning'
-            subject:
-              $ref: '#/components/schemas/PolicySubject'
-    IdentityProviderPolicyProvider:
-      type: string
-      x-okta-known-values:
-        - ANY
-        - OKTA
-        - SPECIFIC_IDP
-    IdentityProviderPolicyRuleCondition:
-      type: object
-      properties:
-        idpIds:
-          type: array
-          items:
-            type: string
-        provider:
-          $ref: '#/components/schemas/IdentityProviderPolicyProvider'
-    IdentityProviderType:
-      type: string
-      x-okta-known-values:
-        - AgentlessDSSO
-        - FACEBOOK
-        - GOOGLE
-        - IWA
-        - LINKEDIN
-        - MICROSOFT
-        - OIDC
-        - OKTA
-        - SAML2
-        - X509
-    IdpPolicyRuleAction:
-      type: object
-      properties:
-        providers:
-          items:
-            $ref: '#/components/schemas/IdpPolicyRuleActionProvider'
-          type: array
-    IdpPolicyRuleActionProvider:
-      type: object
-      properties:
-        id:
-          readOnly: true
-          type: string
-        type:
-          type: string
-    IframeEmbedScopeAllowedApps:
-      type: string
-      x-okta-known-values:
-        - OKTA_ENDUSER
-    ImageUploadResponse:
-      type: object
-      properties:
-        url:
-          readOnly: true
-          type: string
-    InactivityPolicyRuleCondition:
-      type: object
-      properties:
-        number:
-          type: integer
-        unit:
-          type: string
-    InlineHook:
-      type: object
-      properties:
-        channel:
-          $ref: '#/components/schemas/InlineHookChannel'
-        created:
-          type: string
-          format: date-time
-          readOnly: true
-        id:
-          type: string
-          readOnly: true
-        lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        name:
-          type: string
-        status:
-          $ref: '#/components/schemas/InlineHookStatus'
-        type:
-          $ref: '#/components/schemas/InlineHookType'
-        version:
-          type: string
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    InlineHookChannel:
-      type: object
-      properties:
-        config:
-          $ref: '#/components/schemas/InlineHookChannelConfig'
-        type:
-          $ref: '#/components/schemas/InlineHookChannelType'
-        version:
-          type: string
-    InlineHookChannelConfig:
-      type: object
-      properties:
-        authScheme:
-          $ref: '#/components/schemas/InlineHookChannelConfigAuthScheme'
-        headers:
-          type: array
-          items:
-            $ref: '#/components/schemas/InlineHookChannelConfigHeaders'
-        method:
-          type: string
-        uri:
-          type: string
-    InlineHookChannelConfigAuthScheme:
-      type: object
-      properties:
-        key:
-          type: string
-        type:
-          type: string
-        value:
-          type: string
-    InlineHookChannelConfigHeaders:
-      type: object
-      properties:
-        key:
-          type: string
-        value:
-          type: string
-    InlineHookChannelType:
-      type: string
-      x-okta-known-values:
-        - HTTP
-    InlineHookPayload:
-      type: object
-      x-okta-extensible: true
-    InlineHookResponse:
-      type: object
-      properties:
-        commands:
-          type: array
-          items:
-            $ref: '#/components/schemas/InlineHookResponseCommands'
-    InlineHookResponseCommandValue:
-      type: object
-      properties:
-        op:
-          type: string
-        path:
-          type: string
-        value:
-          type: string
-    InlineHookResponseCommands:
-      type: object
-      properties:
-        type:
-          type: string
-        value:
-          type: array
-          items:
-            $ref: '#/components/schemas/InlineHookResponseCommandValue'
-    InlineHookStatus:
-      type: string
-      x-okta-known-values:
-        - ACTIVE
-        - INACTIVE
-    InlineHookType:
-      type: string
-      x-okta-known-values:
-        - com.okta.import.transform
-        - com.okta.oauth2.tokens.transform
-        - com.okta.saml.tokens.transform
-        - com.okta.user.credential.password.import
-        - com.okta.user.pre-registration
-    IssuerMode:
-      type: string
-      x-okta-known-values:
-        - CUSTOM_URL
-        - DYNAMIC
-        - ORG_URL
-    JsonWebKey:
-      type: object
-      properties:
-        alg:
-          type: string
-        created:
-          type: string
-          format: date-time
-        e:
-          type: string
-        expiresAt:
-          type: string
-          format: date-time
-        key_ops:
-          type: array
-          items:
-            type: string
-        kid:
-          type: string
-        kty:
-          type: string
-        lastUpdated:
-          type: string
-          format: date-time
-        'n':
-          type: string
-        status:
-          type: string
-        use:
-          type: string
-        x5c:
-          type: array
-          items:
-            type: string
-        x5t:
-          type: string
-        x5t#S256:
-          type: string
-        x5u:
-          type: string
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    JwkUse:
-      type: object
-      properties:
-        use:
-          $ref: '#/components/schemas/JwkUseType'
-    JwkUseType:
-      type: string
-      x-okta-known-values:
-        - sig
-    KnowledgeConstraint:
-      allOf:
-        - $ref: '#/components/schemas/AccessPolicyConstraint'
-    Language:
-      description: The language specified as an [IETF BCP 47 language tag](https://datatracker.ietf.org/doc/html/rfc5646).
-      type: string
-    LifecycleCreateSettingObject:
-      type: object
-      properties:
-        status:
-          $ref: '#/components/schemas/EnabledStatus'
-    LifecycleDeactivateSettingObject:
-      type: object
-      properties:
-        status:
-          $ref: '#/components/schemas/EnabledStatus'
-    LifecycleExpirationPolicyRuleCondition:
-      type: object
-      properties:
-        lifecycleStatus:
-          type: string
-        number:
-          type: integer
-        unit:
-          type: string
-    LifecycleStatus:
-      type: string
-      x-okta-known-values:
-        - ACTIVE
-        - INACTIVE
-    LinkedObject:
-      type: object
-      properties:
-        associated:
-          $ref: '#/components/schemas/LinkedObjectDetails'
-        primary:
-          $ref: '#/components/schemas/LinkedObjectDetails'
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    LinkedObjectDetails:
-      type: object
-      properties:
-        description:
-          type: string
-        name:
-          type: string
-        title:
-          type: string
-        type:
-          $ref: '#/components/schemas/LinkedObjectDetailsType'
-    LinkedObjectDetailsType:
-      type: string
-      x-okta-known-values:
-        - USER
-    LocationGranularity:
-      type: string
-      x-okta-known-values:
-        - CITY
-        - COUNTRY
-        - LAT_LONG
-        - SUBDIVISION
-    LogActor:
-      type: object
-      properties:
-        alternateId:
-          type: string
-          readOnly: true
-        detail:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-        displayName:
-          type: string
-          readOnly: true
-        id:
-          type: string
-          readOnly: true
-        type:
-          type: string
-          readOnly: true
-    LogAuthenticationContext:
-      type: object
-      properties:
-        authenticationProvider:
-          $ref: '#/components/schemas/LogAuthenticationProvider'
-        authenticationStep:
-          type: integer
-          readOnly: true
-        credentialProvider:
-          $ref: '#/components/schemas/LogCredentialProvider'
-        credentialType:
-          $ref: '#/components/schemas/LogCredentialType'
-        externalSessionId:
-          type: string
-          readOnly: true
-        interface:
-          type: string
-          readOnly: true
-        issuer:
-          $ref: '#/components/schemas/LogIssuer'
-    LogAuthenticationProvider:
-      type: string
-      x-okta-known-values:
-        - ACTIVE_DIRECTORY
-        - FACTOR_PROVIDER
-        - FEDERATION
-        - LDAP
-        - OKTA_AUTHENTICATION_PROVIDER
-        - SOCIAL
-    LogClient:
-      type: object
-      properties:
-        device:
-          type: string
-          readOnly: true
-        geographicalContext:
-          $ref: '#/components/schemas/LogGeographicalContext'
-        id:
-          type: string
-          readOnly: true
-        ipAddress:
-          type: string
-          readOnly: true
-        userAgent:
-          $ref: '#/components/schemas/LogUserAgent'
-        zone:
-          type: string
-          readOnly: true
-    LogCredentialProvider:
-      type: string
-      x-okta-known-values:
-        - DUO
-        - GOOGLE
-        - OKTA_AUTHENTICATION_PROVIDER
-        - OKTA_CREDENTIAL_PROVIDER
-        - RSA
-        - SYMANTEC
-        - YUBIKEY
-    LogCredentialType:
-      type: string
-      x-okta-known-values:
-        - ASSERTION
-        - EMAIL
-        - IWA
-        - JWT
-        - OAuth 2.0
-        - OTP
-        - PASSWORD
-        - SMS
-    LogDebugContext:
-      type: object
-      properties:
-        debugData:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    LogEvent:
-      type: object
-      properties:
-        actor:
-          $ref: '#/components/schemas/LogActor'
-        authenticationContext:
-          $ref: '#/components/schemas/LogAuthenticationContext'
-        client:
-          $ref: '#/components/schemas/LogClient'
-        debugContext:
-          $ref: '#/components/schemas/LogDebugContext'
-        displayMessage:
-          type: string
-          readOnly: true
-        eventType:
-          type: string
-          readOnly: true
-        legacyEventType:
-          type: string
-          readOnly: true
-        outcome:
-          $ref: '#/components/schemas/LogOutcome'
-        published:
-          type: string
-          format: date-time
-          readOnly: true
-        request:
-          $ref: '#/components/schemas/LogRequest'
-        securityContext:
-          $ref: '#/components/schemas/LogSecurityContext'
-        severity:
-          $ref: '#/components/schemas/LogSeverity'
-        target:
-          type: array
-          readOnly: true
-          items:
-            $ref: '#/components/schemas/LogTarget'
-        transaction:
-          $ref: '#/components/schemas/LogTransaction'
-        uuid:
-          type: string
-          readOnly: true
-        version:
-          type: string
-          readOnly: true
-    LogGeographicalContext:
-      type: object
-      properties:
-        city:
-          type: string
-          readOnly: true
-        country:
-          type: string
-          readOnly: true
-        geolocation:
-          $ref: '#/components/schemas/LogGeolocation'
-        postalCode:
-          type: string
-          readOnly: true
-        state:
-          type: string
-          readOnly: true
-    LogGeolocation:
-      type: object
-      properties:
-        lat:
-          type: number
-          format: double
-          readOnly: true
-        lon:
-          type: number
-          format: double
-          readOnly: true
-    LogIpAddress:
-      type: object
-      properties:
-        geographicalContext:
-          $ref: '#/components/schemas/LogGeographicalContext'
-        ip:
-          type: string
-          readOnly: true
-        source:
-          type: string
-          readOnly: true
-        version:
-          type: string
-          readOnly: true
-    LogIssuer:
-      type: object
-      properties:
-        id:
-          type: string
-          readOnly: true
-        type:
-          type: string
-          readOnly: true
-    LogOutcome:
-      type: object
-      properties:
-        reason:
-          type: string
-          readOnly: true
-        result:
-          type: string
-          readOnly: true
-    LogRequest:
-      type: object
-      properties:
-        ipChain:
-          type: array
-          readOnly: true
-          items:
-            $ref: '#/components/schemas/LogIpAddress'
-    LogSecurityContext:
-      type: object
-      properties:
-        asNumber:
-          type: integer
-          readOnly: true
-        asOrg:
-          type: string
-          readOnly: true
-        domain:
-          type: string
-          readOnly: true
-        isp:
-          type: string
-          readOnly: true
-        isProxy:
-          type: boolean
-          readOnly: true
-    LogSeverity:
-      type: string
-      x-okta-known-values:
-        - DEBUG
-        - ERROR
-        - INFO
-        - WARN
-    LogTarget:
-      type: object
-      properties:
-        alternateId:
-          type: string
-          readOnly: true
-        detailEntry:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-        displayName:
-          type: string
-          readOnly: true
-        id:
-          type: string
-          readOnly: true
-        type:
-          type: string
-          readOnly: true
-    LogTransaction:
-      type: object
-      properties:
-        detail:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-        id:
-          type: string
-          readOnly: true
-        type:
-          type: string
-          readOnly: true
-    LogUserAgent:
-      type: object
-      properties:
-        browser:
-          type: string
-          readOnly: true
-        os:
-          type: string
-          readOnly: true
-        rawUserAgent:
-          type: string
-          readOnly: true
-    MDMEnrollmentPolicyEnrollment:
-      type: string
-      x-okta-known-values:
-        - ANY_OR_NONE
-        - OMM
-    MDMEnrollmentPolicyRuleCondition:
-      type: object
-      properties:
-        blockNonSafeAndroid:
-          type: boolean
-        enrollment:
-          $ref: '#/components/schemas/MDMEnrollmentPolicyEnrollment'
-    MultifactorEnrollmentPolicy:
-      allOf:
-        - $ref: '#/components/schemas/Policy'
-        - type: object
-          properties:
-            conditions:
-              $ref: '#/components/schemas/PolicyRuleConditions'
-            settings:
-              $ref: '#/components/schemas/MultifactorEnrollmentPolicySettings'
-    MultifactorEnrollmentPolicyAuthenticatorSettings:
-      type: object
-      properties:
-        enroll:
-          type: object
-          properties:
-            self:
-              $ref: '#/components/schemas/MultifactorEnrollmentPolicyAuthenticatorStatus'
-        key:
-          $ref: '#/components/schemas/MultifactorEnrollmentPolicyAuthenticatorType'
-    MultifactorEnrollmentPolicyAuthenticatorStatus:
-      type: string
-      x-okta-known-values:
-        - NOT_ALLOWED
-        - OPTIONAL
-        - REQUIRED
-    MultifactorEnrollmentPolicyAuthenticatorType:
-      type: string
-      x-okta-known-values:
-        - custom_app
-        - custom_otp
-        - duo
-        - external_idp
-        - google_otp
-        - okta_email
-        - okta_password
-        - okta_verify
-        - onprem_mfa
-        - phone_number
-        - rsa_token
-        - security_question
-        - symantec_vip
-        - webauthn
-        - yubikey_token
-    MultifactorEnrollmentPolicySettings:
-      type: object
-      properties:
-        authenticators:
-          items:
-            $ref: '#/components/schemas/MultifactorEnrollmentPolicyAuthenticatorSettings'
-          type: array
-        type:
-          $ref: '#/components/schemas/MultifactorEnrollmentPolicySettingsType'
-    MultifactorEnrollmentPolicySettingsType:
-      type: string
-      x-okta-known-values:
-        - AUTHENTICATORS
-    NetworkZone:
-      type: object
-      properties:
-        asns:
-          type: array
-          items:
-            type: string
-        created:
-          type: string
-          format: date-time
-          readOnly: true
-        gateways:
-          type: array
-          items:
-            $ref: '#/components/schemas/NetworkZoneAddress'
-        id:
-          type: string
-          readOnly: true
-        lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        locations:
-          type: array
-          items:
-            $ref: '#/components/schemas/NetworkZoneLocation'
-        name:
-          type: string
-        proxies:
-          type: array
-          items:
-            $ref: '#/components/schemas/NetworkZoneAddress'
-        proxyType:
-          type: string
-        status:
-          $ref: '#/components/schemas/NetworkZoneStatus'
-        system:
-          type: boolean
-        type:
-          $ref: '#/components/schemas/NetworkZoneType'
-        usage:
-          $ref: '#/components/schemas/NetworkZoneUsage'
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    NetworkZoneAddress:
-      type: object
-      properties:
-        type:
-          $ref: '#/components/schemas/NetworkZoneAddressType'
-        value:
-          type: string
-    NetworkZoneAddressType:
-      type: string
-      x-okta-known-values:
-        - CIDR
-        - RANGE
-    NetworkZoneLocation:
-      type: object
-      properties:
-        country:
-          type: string
-        region:
-          type: string
-    NetworkZoneStatus:
-      type: string
-      x-okta-known-values:
-        - ACTIVE
-        - INACTIVE
-    NetworkZoneType:
-      type: string
-      x-okta-known-values:
-        - DYNAMIC
-        - IP
-    NetworkZoneUsage:
-      type: string
-      x-okta-known-values:
-        - BLOCKLIST
-        - POLICY
-    NotificationType:
-      type: string
-      x-okta-known-values:
-        - AD_AGENT
-        - APP_IMPORT
-        - CONNECTOR_AGENT
-        - IWA_AGENT
-        - LDAP_AGENT
-        - OKTA_ANNOUNCEMENT
-        - OKTA_ISSUE
-        - OKTA_UPDATE
-        - RATELIMIT_NOTIFICATION
-        - REPORT_SUSPICIOUS_ACTIVITY
-        - USER_DEPROVISION
-        - USER_LOCKED_OUT
-    OAuth2Actor:
-      type: object
-      properties:
-        id:
-          type: string
-          readOnly: true
-        type:
-          type: string
-    OAuth2Claim:
-      type: object
-      properties:
-        alwaysIncludeInToken:
-          type: boolean
-        claimType:
-          $ref: '#/components/schemas/OAuth2ClaimType'
-        conditions:
-          $ref: '#/components/schemas/OAuth2ClaimConditions'
-        group_filter_type:
-          $ref: '#/components/schemas/OAuth2ClaimGroupFilterType'
-        id:
-          type: string
-          readOnly: true
-        name:
-          type: string
-        status:
-          $ref: '#/components/schemas/LifecycleStatus'
-        system:
-          type: boolean
-        value:
-          type: string
-        valueType:
-          $ref: '#/components/schemas/OAuth2ClaimValueType'
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    OAuth2ClaimConditions:
-      type: object
-      properties:
-        scopes:
-          type: array
-          items:
-            type: string
-    OAuth2ClaimGroupFilterType:
-      type: string
-      x-okta-known-values:
-        - CONTAINS
-        - EQUALS
-        - REGEX
-        - STARTS_WITH
-    OAuth2ClaimType:
-      type: string
-      x-okta-known-values:
-        - IDENTITY
-        - RESOURCE
-    OAuth2ClaimValueType:
-      type: string
-      x-okta-known-values:
-        - EXPRESSION
-        - GROUPS
-        - SYSTEM
-    OAuth2Client:
-      type: object
-      properties:
-        client_id:
-          type: string
-          readOnly: true
-        client_name:
-          type: string
-          readOnly: true
-        client_uri:
-          type: string
-          readOnly: true
-        logo_uri:
-          type: string
-          readOnly: true
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    OAuth2RefreshToken:
-      type: object
-      properties:
-        clientId:
-          type: string
-        created:
-          type: string
-          format: date-time
-          readOnly: true
-        createdBy:
-          $ref: '#/components/schemas/OAuth2Actor'
-        expiresAt:
-          type: string
-          format: date-time
-          readOnly: true
-        id:
-          type: string
-          readOnly: true
-        issuer:
-          type: string
-        lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        scopes:
-          type: array
-          items:
-            type: string
-        status:
-          $ref: '#/components/schemas/GrantOrTokenStatus'
-        userId:
-          type: string
-        _embedded:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    OAuth2Scope:
-      type: object
-      properties:
-        consent:
-          $ref: '#/components/schemas/OAuth2ScopeConsentType'
-        default:
-          type: boolean
-        description:
-          type: string
-        displayName:
-          type: string
-        id:
-          type: string
-          readOnly: true
-        metadataPublish:
-          $ref: '#/components/schemas/OAuth2ScopeMetadataPublish'
-        name:
-          type: string
-        system:
-          type: boolean
-    OAuth2ScopeConsentGrant:
-      type: object
-      properties:
-        clientId:
-          type: string
-        created:
-          type: string
-          format: date-time
-          readOnly: true
-        createdBy:
-          $ref: '#/components/schemas/OAuth2Actor'
-        id:
-          type: string
-          readOnly: true
-        issuer:
-          type: string
-        lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        scopeId:
-          type: string
-        source:
-          $ref: '#/components/schemas/OAuth2ScopeConsentGrantSource'
-        status:
-          $ref: '#/components/schemas/GrantOrTokenStatus'
-        userId:
-          type: string
-        _embedded:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    OAuth2ScopeConsentGrantSource:
-      type: string
-      x-okta-known-values:
-        - ADMIN
-        - END_USER
-    OAuth2ScopeConsentType:
-      type: string
-      x-okta-known-values:
-        - ADMIN
-        - IMPLICIT
-        - REQUIRED
-    OAuth2ScopeMetadataPublish:
-      type: string
-      x-okta-known-values:
-        - ALL_CLIENTS
-        - NO_CLIENTS
-    OAuth2ScopesMediationPolicyRuleCondition:
-      type: object
-      properties:
-        include:
-          type: array
-          items:
-            type: string
-    OAuth2Token:
-      type: object
-      properties:
-        clientId:
-          type: string
-        created:
-          type: string
-          format: date-time
-          readOnly: true
-        expiresAt:
-          type: string
-          format: date-time
-          readOnly: true
-        id:
-          type: string
-          readOnly: true
-        issuer:
-          type: string
-        lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        scopes:
-          type: array
-          items:
-            type: string
-        status:
-          $ref: '#/components/schemas/GrantOrTokenStatus'
-        userId:
-          type: string
-        _embedded:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    OAuthApplicationCredentials:
-      allOf:
-        - $ref: '#/components/schemas/ApplicationCredentials'
-        - type: object
-          properties:
-            oauthClient:
-              $ref: '#/components/schemas/ApplicationCredentialsOAuthClient'
-    OAuthEndpointAuthenticationMethod:
-      type: string
-      x-okta-known-values:
-        - client_secret_basic
-        - client_secret_jwt
-        - client_secret_post
-        - none
-        - private_key_jwt
-    OAuthGrantType:
-      type: string
-      x-okta-known-values:
-        - authorization_code
-        - client_credentials
-        - implicit
-        - interaction_code
-        - password
-        - refresh_token
-    OAuthResponseType:
-      type: string
-      x-okta-known-values:
-        - code
-        - id_token
-        - token
-    OktaSignOnPolicy:
-      allOf:
-        - $ref: '#/components/schemas/Policy'
-        - type: object
-          properties:
-            conditions:
-              $ref: '#/components/schemas/OktaSignOnPolicyConditions'
-    OktaSignOnPolicyConditions:
-      allOf:
-        - $ref: '#/components/schemas/PolicyRuleConditions'
-        - type: object
-          properties:
-            people:
-              $ref: '#/components/schemas/PolicyPeopleCondition'
-    OktaSignOnPolicyFactorPromptMode:
-      type: string
-      x-okta-known-values:
-        - ALWAYS
-        - DEVICE
-        - SESSION
-    OktaSignOnPolicyRule:
-      allOf:
-        - $ref: '#/components/schemas/PolicyRule'
-        - type: object
-          properties:
-            actions:
-              $ref: '#/components/schemas/OktaSignOnPolicyRuleActions'
-            conditions:
-              $ref: '#/components/schemas/OktaSignOnPolicyRuleConditions'
-    OktaSignOnPolicyRuleActions:
-      allOf:
-        - $ref: '#/components/schemas/PolicyRuleActions'
-        - type: object
-          properties:
-            signon:
-              $ref: '#/components/schemas/OktaSignOnPolicyRuleSignonActions'
-    OktaSignOnPolicyRuleConditions:
-      allOf:
-        - $ref: '#/components/schemas/PolicyRuleConditions'
-        - type: object
-          properties:
-            authContext:
-              $ref: '#/components/schemas/PolicyRuleAuthContextCondition'
-            network:
-              $ref: '#/components/schemas/PolicyNetworkCondition'
-            people:
-              $ref: '#/components/schemas/PolicyPeopleCondition'
-    OktaSignOnPolicyRuleSignonActions:
-      type: object
-      properties:
-        access:
-          $ref: '#/components/schemas/PolicyAccess'
-        factorLifetime:
-          type: integer
-        factorPromptMode:
-          $ref: '#/components/schemas/OktaSignOnPolicyFactorPromptMode'
-        rememberDeviceByDefault:
-          type: boolean
-          default: false
-        requireFactor:
-          type: boolean
-          default: false
-        session:
-          $ref: '#/components/schemas/OktaSignOnPolicyRuleSignonSessionActions'
-    OktaSignOnPolicyRuleSignonSessionActions:
-      type: object
-      properties:
-        maxSessionIdleMinutes:
-          type: integer
-        maxSessionLifetimeMinutes:
-          type: integer
-        usePersistentCookie:
-          type: boolean
-          default: false
-    OpenIdConnectApplication:
-      x-okta-defined-as:
-        name: oidc_client
-      allOf:
-        - $ref: '#/components/schemas/Application'
-        - type: object
-          properties:
-            credentials:
-              $ref: '#/components/schemas/OAuthApplicationCredentials'
-            name:
-              type: string
-              default: oidc_client
-            settings:
-              $ref: '#/components/schemas/OpenIdConnectApplicationSettings'
-    OpenIdConnectApplicationConsentMethod:
-      type: string
-      x-okta-known-values:
-        - REQUIRED
-        - TRUSTED
-    OpenIdConnectApplicationIdpInitiatedLogin:
-      type: object
-      properties:
-        default_scope:
-          type: array
-          items:
-            type: string
-        mode:
-          type: string
-    OpenIdConnectApplicationIssuerMode:
-      type: string
-      x-okta-known-values:
-        - CUSTOM_URL
-        - DYNAMIC
-        - ORG_URL
-    OpenIdConnectApplicationSettings:
-      allOf:
-        - $ref: '#/components/schemas/ApplicationSettings'
-        - type: object
-          properties:
-            oauthClient:
-              $ref: '#/components/schemas/OpenIdConnectApplicationSettingsClient'
-    OpenIdConnectApplicationSettingsClient:
-      type: object
-      properties:
-        application_type:
-          $ref: '#/components/schemas/OpenIdConnectApplicationType'
-        client_uri:
-          type: string
-        consent_method:
-          $ref: '#/components/schemas/OpenIdConnectApplicationConsentMethod'
-        grant_types:
-          type: array
-          items:
-            $ref: '#/components/schemas/OAuthGrantType'
-        idp_initiated_login:
-          $ref: '#/components/schemas/OpenIdConnectApplicationIdpInitiatedLogin'
-        initiate_login_uri:
-          type: string
-        issuer_mode:
-          $ref: '#/components/schemas/OpenIdConnectApplicationIssuerMode'
-        jwks:
-          $ref: '#/components/schemas/OpenIdConnectApplicationSettingsClientKeys'
-        logo_uri:
-          type: string
-        policy_uri:
-          type: string
-        post_logout_redirect_uris:
-          type: array
-          items:
-            type: string
-        redirect_uris:
-          type: array
-          items:
-            type: string
-        refresh_token:
-          $ref: '#/components/schemas/OpenIdConnectApplicationSettingsRefreshToken'
-        response_types:
-          type: array
-          items:
-            $ref: '#/components/schemas/OAuthResponseType'
-        tos_uri:
-          type: string
-        wildcard_redirect:
-          type: string
-    OpenIdConnectApplicationSettingsClientKeys:
-      type: object
-      properties:
-        keys:
-          type: array
-          items:
-            $ref: '#/components/schemas/JsonWebKey'
-    OpenIdConnectApplicationSettingsRefreshToken:
-      type: object
-      properties:
-        leeway:
-          type: integer
-        rotation_type:
-          $ref: '#/components/schemas/OpenIdConnectRefreshTokenRotationType'
-    OpenIdConnectApplicationType:
-      type: string
-      x-okta-known-values:
-        - browser
-        - native
-        - service
-        - web
-    OpenIdConnectRefreshTokenRotationType:
-      type: string
-      x-okta-known-values:
-        - ROTATE
-        - STATIC
-    OperationalStatus:
-      description: Operational status of a given agent
-      type: string
-      x-okta-known-values:
-        - DEGRADED
-        - DISRUPTED
-        - INACTIVE
-        - OPERATIONAL
-    OrgContactType:
-      type: string
-      x-okta-known-values:
-        - BILLING
-        - TECHNICAL
-    OrgContactTypeObj:
-      type: object
-      properties:
-        contactType:
-          $ref: '#/components/schemas/OrgContactType'
-        _links:
-          additionalProperties:
-            type: object
-    OrgContactUser:
-      type: object
-      properties:
-        userId:
-          type: string
-        _links:
-          additionalProperties:
-            type: object
-          readOnly: true
-          type: object
-    OrgOktaCommunicationSetting:
-      type: object
-      properties:
-        optOutEmailUsers:
-          type: boolean
-          readOnly: true
-        _links:
-          additionalProperties:
-            type: object
-    OrgOktaSupportSetting:
-      type: string
-      x-okta-known-values:
-        - DISABLED
-        - ENABLED
-    OrgOktaSupportSettingsObj:
-      type: object
-      properties:
-        expiration:
-          format: date-time
-          type: string
-          readOnly: true
-        support:
-          $ref: '#/components/schemas/OrgOktaSupportSetting'
-        _links:
-          additionalProperties:
-            type: object
-    OrgPreferences:
-      type: object
-      properties:
-        showEndUserFooter:
-          type: boolean
-          readOnly: true
-        _links:
-          additionalProperties:
-            type: object
-    OrgSetting:
-      type: object
-      properties:
-        address1:
-          type: string
-        address2:
-          type: string
-        city:
-          type: string
-        companyName:
-          type: string
-        country:
-          type: string
-        created:
-          format: date-time
-          readOnly: true
-          type: string
-        endUserSupportHelpURL:
-          type: string
-        expiresAt:
-          format: date-time
-          readOnly: true
-          type: string
-        id:
-          readOnly: true
-          type: string
-        lastUpdated:
-          format: date-time
-          readOnly: true
-          type: string
-        phoneNumber:
-          type: string
-        postalCode:
-          type: string
-        state:
-          type: string
-        status:
-          readOnly: true
-          type: string
-        subdomain:
-          readOnly: true
-          type: string
-        supportPhoneNumber:
-          type: string
-        website:
-          type: string
-        _links:
-          additionalProperties:
-            type: object
-    PasswordCredential:
-      type: object
-      properties:
-        hash:
-          $ref: '#/components/schemas/PasswordCredentialHash'
-        hook:
-          $ref: '#/components/schemas/PasswordCredentialHook'
-        value:
-          type: string
-          format: password
-    PasswordCredentialHash:
-      type: object
-      properties:
-        algorithm:
-          $ref: '#/components/schemas/PasswordCredentialHashAlgorithm'
-        salt:
-          type: string
-        saltOrder:
-          type: string
-        value:
-          type: string
-        workFactor:
-          type: integer
-    PasswordCredentialHashAlgorithm:
-      type: string
-      x-okta-known-values:
-        - BCRYPT
-        - MD5
-        - SHA-1
-        - SHA-256
-        - SHA-512
-    PasswordCredentialHook:
-      type: object
-      properties:
-        type:
-          type: string
-    PasswordDictionary:
-      type: object
-      properties:
-        common:
-          $ref: '#/components/schemas/PasswordDictionaryCommon'
-    PasswordDictionaryCommon:
-      type: object
-      properties:
-        exclude:
-          type: boolean
-          default: false
-    PasswordExpirationPolicyRuleCondition:
-      type: object
-      properties:
-        number:
-          type: integer
-        unit:
-          type: string
-    PasswordPolicy:
-      allOf:
-        - $ref: '#/components/schemas/Policy'
-        - type: object
-          properties:
-            conditions:
-              $ref: '#/components/schemas/PasswordPolicyConditions'
-            settings:
-              $ref: '#/components/schemas/PasswordPolicySettings'
-    PasswordPolicyAuthenticationProviderCondition:
-      type: object
-      properties:
-        include:
-          type: array
-          items:
-            type: string
-        provider:
-          $ref: '#/components/schemas/PasswordPolicyAuthenticationProviderType'
-    PasswordPolicyAuthenticationProviderType:
-      type: string
-      x-okta-known-values:
-        - ACTIVE_DIRECTORY
-        - ANY
-        - LDAP
-        - OKTA
-    PasswordPolicyConditions:
-      allOf:
-        - $ref: '#/components/schemas/PolicyRuleConditions'
-        - type: object
-          properties:
-            authProvider:
-              $ref: '#/components/schemas/PasswordPolicyAuthenticationProviderCondition'
-            people:
-              $ref: '#/components/schemas/PolicyPeopleCondition'
-    PasswordPolicyDelegationSettings:
-      type: object
-      properties:
-        options:
-          $ref: '#/components/schemas/PasswordPolicyDelegationSettingsOptions'
-    PasswordPolicyDelegationSettingsOptions:
-      type: object
-      properties:
-        skipUnlock:
-          type: boolean
-    PasswordPolicyPasswordSettings:
-      type: object
-      properties:
-        age:
-          $ref: '#/components/schemas/PasswordPolicyPasswordSettingsAge'
-        complexity:
-          $ref: '#/components/schemas/PasswordPolicyPasswordSettingsComplexity'
-        lockout:
-          $ref: '#/components/schemas/PasswordPolicyPasswordSettingsLockout'
-    PasswordPolicyPasswordSettingsAge:
-      type: object
-      properties:
-        expireWarnDays:
-          type: integer
-        historyCount:
-          type: integer
-        maxAgeDays:
-          type: integer
-        minAgeMinutes:
-          type: integer
-    PasswordPolicyPasswordSettingsComplexity:
-      type: object
-      properties:
-        dictionary:
-          $ref: '#/components/schemas/PasswordDictionary'
-        excludeAttributes:
-          type: array
-          items:
-            type: string
-        excludeUsername:
-          type: boolean
-          default: true
-        minLength:
-          type: integer
-        minLowerCase:
-          type: integer
-        minNumber:
-          type: integer
-        minSymbol:
-          type: integer
-        minUpperCase:
-          type: integer
-    PasswordPolicyPasswordSettingsLockout:
-      type: object
-      properties:
-        autoUnlockMinutes:
-          type: integer
-        maxAttempts:
-          type: integer
-        showLockoutFailures:
-          type: boolean
-        userLockoutNotificationChannels:
-          type: array
-          items:
-            type: string
-    PasswordPolicyRecoveryEmail:
-      type: object
-      properties:
-        properties:
-          $ref: '#/components/schemas/PasswordPolicyRecoveryEmailProperties'
-        status:
-          $ref: '#/components/schemas/LifecycleStatus'
-    PasswordPolicyRecoveryEmailProperties:
-      type: object
-      properties:
-        recoveryToken:
-          $ref: '#/components/schemas/PasswordPolicyRecoveryEmailRecoveryToken'
-    PasswordPolicyRecoveryEmailRecoveryToken:
-      type: object
-      properties:
-        tokenLifetimeMinutes:
-          type: integer
-    PasswordPolicyRecoveryFactorSettings:
-      type: object
-      properties:
-        status:
-          $ref: '#/components/schemas/LifecycleStatus'
-    PasswordPolicyRecoveryFactors:
-      type: object
-      properties:
-        okta_call:
-          $ref: '#/components/schemas/PasswordPolicyRecoveryFactorSettings'
-        okta_email:
-          $ref: '#/components/schemas/PasswordPolicyRecoveryEmail'
-        okta_sms:
-          $ref: '#/components/schemas/PasswordPolicyRecoveryFactorSettings'
-        recovery_question:
-          $ref: '#/components/schemas/PasswordPolicyRecoveryQuestion'
-    PasswordPolicyRecoveryQuestion:
-      type: object
-      properties:
-        properties:
-          $ref: '#/components/schemas/PasswordPolicyRecoveryQuestionProperties'
-        status:
-          $ref: '#/components/schemas/LifecycleStatus'
-    PasswordPolicyRecoveryQuestionComplexity:
-      type: object
-      properties:
-        minLength:
-          type: integer
-          readOnly: true
-    PasswordPolicyRecoveryQuestionProperties:
-      type: object
-      properties:
-        complexity:
-          $ref: '#/components/schemas/PasswordPolicyRecoveryQuestionComplexity'
-    PasswordPolicyRecoverySettings:
-      type: object
-      properties:
-        factors:
-          $ref: '#/components/schemas/PasswordPolicyRecoveryFactors'
-    PasswordPolicyRule:
-      allOf:
-        - $ref: '#/components/schemas/PolicyRule'
-        - type: object
-          properties:
-            actions:
-              $ref: '#/components/schemas/PasswordPolicyRuleActions'
-            conditions:
-              $ref: '#/components/schemas/PasswordPolicyRuleConditions'
-    PasswordPolicyRuleAction:
-      type: object
-      properties:
-        access:
-          $ref: '#/components/schemas/PolicyAccess'
-    PasswordPolicyRuleActions:
-      allOf:
-        - $ref: '#/components/schemas/PolicyRuleActions'
-        - type: object
-          properties:
-            passwordChange:
-              $ref: '#/components/schemas/PasswordPolicyRuleAction'
-            selfServicePasswordReset:
-              $ref: '#/components/schemas/PasswordPolicyRuleAction'
-            selfServiceUnlock:
-              $ref: '#/components/schemas/PasswordPolicyRuleAction'
-    PasswordPolicyRuleConditions:
-      allOf:
-        - $ref: '#/components/schemas/PolicyRuleConditions'
-        - type: object
-          properties:
-            network:
-              $ref: '#/components/schemas/PolicyNetworkCondition'
-            people:
-              $ref: '#/components/schemas/PolicyPeopleCondition'
-    PasswordPolicySettings:
-      type: object
-      properties:
-        delegation:
-          $ref: '#/components/schemas/PasswordPolicyDelegationSettings'
-        password:
-          $ref: '#/components/schemas/PasswordPolicyPasswordSettings'
-        recovery:
-          $ref: '#/components/schemas/PasswordPolicyRecoverySettings'
-    PasswordSettingObject:
-      type: object
-      properties:
-        change:
-          $ref: '#/components/schemas/ChangeEnum'
-        seed:
-          $ref: '#/components/schemas/SeedEnum'
-        status:
-          $ref: '#/components/schemas/EnabledStatus'
-    Platform:
-      type: string
-      x-okta-known-values:
-        - ANDROID
-        - IOS
-        - MACOS
-        - WINDOWS
-    PlatformConditionEvaluatorPlatform:
-      type: object
-      properties:
-        os:
-          $ref: '#/components/schemas/PlatformConditionEvaluatorPlatformOperatingSystem'
-        type:
-          $ref: '#/components/schemas/PolicyPlatformType'
-    PlatformConditionEvaluatorPlatformOperatingSystem:
-      type: object
-      properties:
-        expression:
-          type: string
-        type:
-          $ref: '#/components/schemas/PolicyPlatformOperatingSystemType'
-        version:
-          $ref: '#/components/schemas/PlatformConditionEvaluatorPlatformOperatingSystemVersion'
-    PlatformConditionEvaluatorPlatformOperatingSystemVersion:
-      type: object
-      properties:
-        matchType:
-          $ref: '#/components/schemas/PlatformConditionOperatingSystemVersionMatchType'
-        value:
-          type: string
-    PlatformConditionOperatingSystemVersionMatchType:
-      type: string
-      x-okta-known-values:
-        - EXPRESSION
-        - SEMVER
-    PlatformPolicyRuleCondition:
-      type: object
-      properties:
-        exclude:
-          type: array
-          items:
-            $ref: '#/components/schemas/PlatformConditionEvaluatorPlatform'
-        include:
-          type: array
-          items:
-            $ref: '#/components/schemas/PlatformConditionEvaluatorPlatform'
-    Policy:
-      type: object
-      properties:
-        created:
-          type: string
-          format: date-time
-          readOnly: true
-        description:
-          type: string
-        id:
-          type: string
-          readOnly: true
-        lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        name:
-          type: string
-        priority:
-          type: integer
-        status:
-          $ref: '#/components/schemas/LifecycleStatus'
-        system:
-          type: boolean
-        type:
-          $ref: '#/components/schemas/PolicyType'
-        _embedded:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-      discriminator:
-        propertyName: type
-        mapping:
-          ACCESS_POLICY: '#/components/schemas/AccessPolicy'
-          IDP_DISCOVERY: '#/components/schemas/IdentityProviderPolicy'
-          MFA_ENROLL: '#/components/schemas/MultifactorEnrollmentPolicy'
-          OAUTH_AUTHORIZATION_POLICY: '#/components/schemas/AuthorizationServerPolicy'
-          OKTA_SIGN_ON: '#/components/schemas/OktaSignOnPolicy'
-          PASSWORD: '#/components/schemas/PasswordPolicy'
-          PROFILE_ENROLLMENT: '#/components/schemas/ProfileEnrollmentPolicy'
-    PolicyAccess:
-      type: string
-      x-okta-known-values:
-        - ALLOW
-        - DENY
-    PolicyAccountLink:
-      type: object
-      properties:
-        action:
-          $ref: '#/components/schemas/PolicyAccountLinkAction'
-        filter:
-          $ref: '#/components/schemas/PolicyAccountLinkFilter'
-    PolicyAccountLinkAction:
-      type: string
-      x-okta-known-values:
-        - AUTO
-        - DISABLED
-    PolicyAccountLinkFilter:
-      type: object
-      properties:
-        groups:
-          $ref: '#/components/schemas/PolicyAccountLinkFilterGroups'
-    PolicyAccountLinkFilterGroups:
-      type: object
-      properties:
-        include:
-          type: array
-          items:
-            type: string
-    PolicyNetworkCondition:
-      type: object
-      properties:
-        connection:
-          $ref: '#/components/schemas/PolicyNetworkConnection'
-        exclude:
-          type: array
-          items:
-            type: string
-        include:
-          type: array
-          items:
-            type: string
-    PolicyNetworkConnection:
-      type: string
-      x-okta-known-values:
-        - ANYWHERE
-        - ZONE
-    PolicyPeopleCondition:
-      type: object
-      properties:
-        groups:
-          $ref: '#/components/schemas/GroupCondition'
-        users:
-          $ref: '#/components/schemas/UserCondition'
-    PolicyPlatformOperatingSystemType:
-      type: string
-      x-okta-known-values:
-        - ANDROID
-        - ANY
-        - IOS
-        - OSX
-        - OTHER
-        - WINDOWS
-    PolicyPlatformType:
-      type: string
-      x-okta-known-values:
-        - ANY
-        - DESKTOP
-        - MOBILE
-        - OTHER
-    PolicyRule:
-      type: object
-      properties:
-        created:
-          type: string
-          format: date-time
-          readOnly: true
-        id:
-          type: string
-        lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        name:
-          type: string
-        priority:
-          type: integer
-        status:
-          $ref: '#/components/schemas/LifecycleStatus'
-        system:
-          type: boolean
-          default: false
-        type:
-          $ref: '#/components/schemas/PolicyRuleType'
-      discriminator:
-        propertyName: type
-        mapping:
-          ACCESS_POLICY: '#/components/schemas/AccessPolicyRule'
-          PASSWORD: '#/components/schemas/PasswordPolicyRule'
-          PROFILE_ENROLLMENT: '#/components/schemas/ProfileEnrollmentPolicyRule'
-          RESOURCE_ACCESS: '#/components/schemas/AuthorizationServerPolicyRule'
-          SIGN_ON: '#/components/schemas/OktaSignOnPolicyRule'
-    PolicyRuleActions:
-      type: object
-      properties:
-        enroll:
-          $ref: '#/components/schemas/PolicyRuleActionsEnroll'
-        idp:
-          $ref: '#/components/schemas/IdpPolicyRuleAction'
-        passwordChange:
-          $ref: '#/components/schemas/PasswordPolicyRuleAction'
-        selfServicePasswordReset:
-          $ref: '#/components/schemas/PasswordPolicyRuleAction'
-        selfServiceUnlock:
-          $ref: '#/components/schemas/PasswordPolicyRuleAction'
-        signon:
-          $ref: '#/components/schemas/OktaSignOnPolicyRuleSignonActions'
-    PolicyRuleActionsEnroll:
-      type: object
-      properties:
-        self:
-          $ref: '#/components/schemas/PolicyRuleActionsEnrollSelf'
-    PolicyRuleActionsEnrollSelf:
-      type: string
-      x-okta-known-values:
-        - CHALLENGE
-        - LOGIN
-        - NEVER
-    PolicyRuleAuthContextCondition:
-      type: object
-      properties:
-        authType:
-          $ref: '#/components/schemas/PolicyRuleAuthContextType'
-    PolicyRuleAuthContextType:
-      type: string
-      x-okta-known-values:
-        - ANY
-        - RADIUS
-    PolicyRuleConditions:
-      type: object
-      properties:
-        app:
-          $ref: '#/components/schemas/AppAndInstancePolicyRuleCondition'
-        apps:
-          $ref: '#/components/schemas/AppInstancePolicyRuleCondition'
-        authContext:
-          $ref: '#/components/schemas/PolicyRuleAuthContextCondition'
-        authProvider:
-          $ref: '#/components/schemas/PasswordPolicyAuthenticationProviderCondition'
-        beforeScheduledAction:
-          $ref: '#/components/schemas/BeforeScheduledActionPolicyRuleCondition'
-        clients:
-          $ref: '#/components/schemas/ClientPolicyCondition'
-        context:
-          $ref: '#/components/schemas/ContextPolicyRuleCondition'
-        device:
-          $ref: '#/components/schemas/DevicePolicyRuleCondition'
-        grantTypes:
-          $ref: '#/components/schemas/GrantTypePolicyRuleCondition'
-        groups:
-          $ref: '#/components/schemas/GroupPolicyRuleCondition'
-        identityProvider:
-          $ref: '#/components/schemas/IdentityProviderPolicyRuleCondition'
-        mdmEnrollment:
-          $ref: '#/components/schemas/MDMEnrollmentPolicyRuleCondition'
-        network:
-          $ref: '#/components/schemas/PolicyNetworkCondition'
-        people:
-          $ref: '#/components/schemas/PolicyPeopleCondition'
-        platform:
-          $ref: '#/components/schemas/PlatformPolicyRuleCondition'
-        risk:
-          $ref: '#/components/schemas/RiskPolicyRuleCondition'
-        riskScore:
-          $ref: '#/components/schemas/RiskScorePolicyRuleCondition'
-        scopes:
-          $ref: '#/components/schemas/OAuth2ScopesMediationPolicyRuleCondition'
-        userIdentifier:
-          $ref: '#/components/schemas/UserIdentifierPolicyRuleCondition'
-        users:
-          $ref: '#/components/schemas/UserPolicyRuleCondition'
-        userStatus:
-          $ref: '#/components/schemas/UserStatusPolicyRuleCondition'
-    PolicyRuleType:
-      type: string
-      x-okta-known-values:
-        - ACCESS_POLICY
-        - IDP_DISCOVERY
-        - MFA_ENROLL
-        - PASSWORD
-        - PROFILE_ENROLLMENT
-        - RESOURCE_ACCESS
-        - SIGN_ON
-    PolicySubject:
-      type: object
-      properties:
-        filter:
-          type: string
-        format:
-          type: array
-          items:
-            type: string
-        matchAttribute:
-          type: string
-        matchType:
-          $ref: '#/components/schemas/PolicySubjectMatchType'
-        userNameTemplate:
-          $ref: '#/components/schemas/PolicyUserNameTemplate'
-    PolicySubjectMatchType:
-      type: string
-      x-okta-known-values:
-        - CUSTOM_ATTRIBUTE
-        - EMAIL
-        - USERNAME
-        - USERNAME_OR_EMAIL
-    PolicyType:
-      type: string
-      x-okta-known-values:
-        - ACCESS_POLICY
-        - IDP_DISCOVERY
-        - MFA_ENROLL
-        - OAUTH_AUTHORIZATION_POLICY
-        - OKTA_SIGN_ON
-        - PASSWORD
-        - PROFILE_ENROLLMENT
-    PolicyUserNameTemplate:
-      type: object
-      properties:
-        template:
-          type: string
-    PolicyUserStatus:
-      type: string
-      x-okta-known-values:
-        - ACTIVATING
-        - ACTIVE
-        - DELETED
-        - DELETING
-        - EXPIRED_PASSWORD
-        - INACTIVE
-        - PENDING
-        - SUSPENDED
-    PossessionConstraint:
-      allOf:
-        - $ref: '#/components/schemas/AccessPolicyConstraint'
-        - type: object
-          properties:
-            deviceBound:
-              type: string
-            hardwareProtection:
-              type: string
-            phishingResistant:
-              type: string
-            userPresence:
-              type: string
-    PreRegistrationInlineHook:
-      type: object
-      properties:
-        inlineHookId:
-          type: string
-    PrincipalRateLimitEntity:
-      title: PrincipalRateLimitEntity
-      description: ''
-      type: object
-      properties:
-        createdBy:
-          type: string
-          readOnly: true
-        createdDate:
-          type: string
-          format: date-time
-          readOnly: true
-        defaultConcurrencyPercentage:
-          type: integer
-          readOnly: true
-        defaultPercentage:
-          type: integer
-          readOnly: true
-        id:
-          type: string
-          readOnly: true
-        lastUpdate:
-          type: string
-          format: date-time
-          readOnly: true
-        lastUpdatedBy:
-          type: string
-          readOnly: true
-        orgId:
-          type: string
-          readOnly: true
-        principalId:
-          type: string
-        principalType:
-          $ref: '#/components/schemas/PrincipalType'
-      required:
-        - principalId
-        - principalType
-    PrincipalType:
-      type: string
-      x-okta-known-values:
-        - SSWS_TOKEN
-    ProfileEnrollmentPolicy:
-      allOf:
-        - $ref: '#/components/schemas/Policy'
-        - type: object
-          properties:
-            conditions:
-              $ref: '#/components/schemas/PolicyRuleConditions'
-    ProfileEnrollmentPolicyRule:
-      allOf:
-        - $ref: '#/components/schemas/PolicyRule'
-        - type: object
-          properties:
-            actions:
-              $ref: '#/components/schemas/ProfileEnrollmentPolicyRuleActions'
-            conditions:
-              $ref: '#/components/schemas/PolicyRuleConditions'
-    ProfileEnrollmentPolicyRuleAction:
-      type: object
-      properties:
-        access:
-          type: string
-        activationRequirements:
-          $ref: '#/components/schemas/ProfileEnrollmentPolicyRuleActivationRequirement'
-        preRegistrationInlineHooks:
-          items:
-            $ref: '#/components/schemas/PreRegistrationInlineHook'
-          type: array
-        profileAttributes:
-          items:
-            $ref: '#/components/schemas/ProfileEnrollmentPolicyRuleProfileAttribute'
-          type: array
-        targetGroupIds:
-          items:
-            type: string
-          type: array
-        unknownUserAction:
-          type: string
-    ProfileEnrollmentPolicyRuleActions:
-      allOf:
-        - $ref: '#/components/schemas/PolicyRuleActions'
-        - type: object
-          properties:
-            profileEnrollment:
-              $ref: '#/components/schemas/ProfileEnrollmentPolicyRuleAction'
-    ProfileEnrollmentPolicyRuleActivationRequirement:
-      type: object
-      properties:
-        emailVerification:
-          type: boolean
-    ProfileEnrollmentPolicyRuleProfileAttribute:
-      type: object
-      properties:
-        label:
-          type: string
-        name:
-          type: string
-        required:
-          type: boolean
-    ProfileMapping:
-      type: object
-      properties:
-        id:
-          type: string
-          readOnly: true
-        properties:
-          type: object
-          additionalProperties:
-            $ref: '#/components/schemas/ProfileMappingProperty'
-          readOnly: true
-        source:
-          $ref: '#/components/schemas/ProfileMappingSource'
-        target:
-          $ref: '#/components/schemas/ProfileMappingSource'
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    ProfileMappingProperty:
-      type: object
-      properties:
-        expression:
-          type: string
-        pushStatus:
-          $ref: '#/components/schemas/ProfileMappingPropertyPushStatus'
-    ProfileMappingPropertyPushStatus:
-      type: string
-      x-okta-known-values:
-        - DONT_PUSH
-        - PUSH
-    ProfileMappingSource:
-      type: object
-      properties:
-        id:
-          type: string
-          readOnly: true
-        name:
-          type: string
-          readOnly: true
-        type:
-          type: string
-          readOnly: true
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    ProfileSettingObject:
-      type: object
-      properties:
-        status:
-          $ref: '#/components/schemas/EnabledStatus'
-    Protocol:
-      type: object
-      properties:
-        algorithms:
-          $ref: '#/components/schemas/ProtocolAlgorithms'
-        credentials:
-          $ref: '#/components/schemas/IdentityProviderCredentials'
-        endpoints:
-          $ref: '#/components/schemas/ProtocolEndpoints'
-        issuer:
-          $ref: '#/components/schemas/ProtocolEndpoint'
-        relayState:
-          $ref: '#/components/schemas/ProtocolRelayState'
-        scopes:
-          type: array
-          items:
-            type: string
-        settings:
-          $ref: '#/components/schemas/ProtocolSettings'
-        type:
-          $ref: '#/components/schemas/ProtocolType'
-    ProtocolAlgorithmType:
-      type: object
-      properties:
-        signature:
-          $ref: '#/components/schemas/ProtocolAlgorithmTypeSignature'
-    ProtocolAlgorithmTypeSignature:
-      type: object
-      properties:
-        algorithm:
-          type: string
-        scope:
-          $ref: '#/components/schemas/ProtocolAlgorithmTypeSignatureScope'
-    ProtocolAlgorithmTypeSignatureScope:
-      type: string
-      x-okta-known-values:
-        - ANY
-        - NONE
-        - REQUEST
-        - RESPONSE
-        - TOKEN
-    ProtocolAlgorithms:
-      type: object
-      properties:
-        request:
-          $ref: '#/components/schemas/ProtocolAlgorithmType'
-        response:
-          $ref: '#/components/schemas/ProtocolAlgorithmType'
-    ProtocolEndpoint:
-      type: object
-      properties:
-        binding:
-          $ref: '#/components/schemas/ProtocolEndpointBinding'
-        destination:
-          type: string
-        type:
-          $ref: '#/components/schemas/ProtocolEndpointType'
-        url:
-          type: string
-    ProtocolEndpointBinding:
-      type: string
-      x-okta-known-values:
-        - HTTP-POST
-        - HTTP-REDIRECT
-    ProtocolEndpointType:
-      type: string
-      x-okta-known-values:
-        - INSTANCE
-        - ORG
-    ProtocolEndpoints:
-      type: object
-      properties:
-        acs:
-          $ref: '#/components/schemas/ProtocolEndpoint'
-        authorization:
-          $ref: '#/components/schemas/ProtocolEndpoint'
-        jwks:
-          $ref: '#/components/schemas/ProtocolEndpoint'
-        metadata:
-          $ref: '#/components/schemas/ProtocolEndpoint'
-        slo:
-          $ref: '#/components/schemas/ProtocolEndpoint'
-        sso:
-          $ref: '#/components/schemas/ProtocolEndpoint'
-        token:
-          $ref: '#/components/schemas/ProtocolEndpoint'
-        userInfo:
-          $ref: '#/components/schemas/ProtocolEndpoint'
-    ProtocolRelayState:
-      type: object
-      properties:
-        format:
-          $ref: '#/components/schemas/ProtocolRelayStateFormat'
-    ProtocolRelayStateFormat:
-      type: string
-      x-okta-known-values:
-        - FROM_URL
-        - OPAQUE
-    ProtocolSettings:
-      type: object
-      properties:
-        nameFormat:
-          type: string
-    ProtocolType:
-      type: string
-      x-okta-known-values:
-        - MTLS
-        - OAUTH2
-        - OIDC
-        - SAML2
-    ProviderType:
-      type: string
-      x-okta-known-values:
-        - APNS
-        - FCM
-    Provisioning:
-      type: object
-      properties:
-        action:
-          $ref: '#/components/schemas/ProvisioningAction'
-        conditions:
-          $ref: '#/components/schemas/ProvisioningConditions'
-        groups:
-          $ref: '#/components/schemas/ProvisioningGroups'
-        profileMaster:
-          type: boolean
-    ProvisioningAction:
-      type: string
-      x-okta-known-values:
-        - AUTO
-        - CALLOUT
-        - DISABLED
-    ProvisioningConditions:
-      type: object
-      properties:
-        deprovisioned:
-          $ref: '#/components/schemas/ProvisioningDeprovisionedCondition'
-        suspended:
-          $ref: '#/components/schemas/ProvisioningSuspendedCondition'
-    ProvisioningConnection:
-      type: object
-      properties:
-        authScheme:
-          $ref: '#/components/schemas/ProvisioningConnectionAuthScheme'
-        status:
-          $ref: '#/components/schemas/ProvisioningConnectionStatus'
-        _links:
-          additionalProperties:
-            type: object
-          readOnly: true
-          type: object
-    ProvisioningConnectionAuthScheme:
-      type: string
-      x-okta-known-values:
-        - TOKEN
-        - UNKNOWN
-    ProvisioningConnectionProfile:
-      type: object
-      properties:
-        authScheme:
-          $ref: '#/components/schemas/ProvisioningConnectionAuthScheme'
-        token:
-          type: string
-    ProvisioningConnectionRequest:
-      type: object
-      properties:
-        profile:
-          $ref: '#/components/schemas/ProvisioningConnectionProfile'
-    ProvisioningConnectionStatus:
-      type: string
-      x-okta-known-values:
-        - DISABLED
-        - ENABLED
-        - UNKNOWN
-    ProvisioningDeprovisionedAction:
-      type: string
-      x-okta-known-values:
-        - NONE
-        - REACTIVATE
-    ProvisioningDeprovisionedCondition:
-      type: object
-      properties:
-        action:
-          $ref: '#/components/schemas/ProvisioningDeprovisionedAction'
-    ProvisioningGroups:
-      type: object
-      properties:
-        action:
-          $ref: '#/components/schemas/ProvisioningGroupsAction'
-        assignments:
-          type: array
-          items:
-            type: string
-        filter:
-          type: array
-          items:
-            type: string
-        sourceAttributeName:
-          type: string
-    ProvisioningGroupsAction:
-      type: string
-      x-okta-known-values:
-        - APPEND
-        - ASSIGN
-        - NONE
-        - SYNC
-    ProvisioningSuspendedAction:
-      type: string
-      x-okta-known-values:
-        - NONE
-        - UNSUSPEND
-    ProvisioningSuspendedCondition:
-      type: object
-      properties:
-        action:
-          $ref: '#/components/schemas/ProvisioningSuspendedAction'
-    PushProvider:
-      title: PushProvider
-      type: object
-      properties:
-        id:
-          type: string
-          readOnly: true
-        lastUpdatedDate:
-          type: string
-          readOnly: true
-        name:
-          type: string
-          description: Display name of the push provider
-        providerType:
-          $ref: '#/components/schemas/ProviderType'
-        _links:
-          type: object
-          properties:
-            self:
-              $ref: '#/components/schemas/HrefObject'
-          readOnly: true
-      discriminator:
-        propertyName: providerType
-        mapping:
-          APNS: '#/components/schemas/APNSPushProvider'
-          FCM: '#/components/schemas/FCMPushProvider'
-    PushUserFactor:
-      allOf:
-        - $ref: '#/components/schemas/UserFactor'
-        - type: object
-          properties:
-            expiresAt:
-              type: string
-              format: date-time
-            factorResult:
-              $ref: '#/components/schemas/FactorResultType'
-            profile:
-              $ref: '#/components/schemas/PushUserFactorProfile'
-    PushUserFactorProfile:
-      type: object
-      properties:
-        credentialId:
-          type: string
-        deviceToken:
-          type: string
-        deviceType:
-          type: string
-        name:
-          type: string
-        platform:
-          type: string
-        version:
-          type: string
-    RecoveryQuestionCredential:
-      type: object
-      properties:
-        answer:
-          type: string
-        question:
-          type: string
-    ReleaseChannel:
-      description: Release channel for auto-update
-      type: string
-      x-okta-known-values:
-        - BETA
-        - EA
-        - GA
-        - TEST
-    RequiredEnum:
-      type: string
-      x-okta-known-values:
-        - ALWAYS
-        - HIGH_RISK_ONLY
-        - NEVER
-    ResetPasswordToken:
-      type: object
-      properties:
-        resetPasswordUrl:
-          type: string
-          readOnly: true
-    ResponseLinks:
-      type: object
-    RiskPolicyRuleCondition:
-      type: object
-      properties:
-        behaviors:
-          uniqueItems: true
-          type: array
-          items:
-            type: string
-    RiskScorePolicyRuleCondition:
-      type: object
-      properties:
-        level:
-          type: string
-    Role:
-      type: object
-      properties:
-        assignmentType:
-          $ref: '#/components/schemas/RoleAssignmentType'
-        created:
-          type: string
-          format: date-time
-          readOnly: true
-        description:
-          type: string
-        id:
-          type: string
-          readOnly: true
-        label:
-          type: string
-          readOnly: true
-        lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        status:
-          $ref: '#/components/schemas/LifecycleStatus'
-        type:
-          $ref: '#/components/schemas/RoleType'
-        _embedded:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    RoleAssignmentType:
-      type: string
-      x-okta-known-values:
-        - GROUP
-        - USER
-    RoleType:
-      type: string
-      x-okta-known-values:
-        - API_ACCESS_MANAGEMENT_ADMIN
-        - APP_ADMIN
-        - GROUP_MEMBERSHIP_ADMIN
-        - HELP_DESK_ADMIN
-        - MOBILE_ADMIN
-        - ORG_ADMIN
-        - READ_ONLY_ADMIN
-        - REPORT_ADMIN
-        - SUPER_ADMIN
-        - USER_ADMIN
-    SamlApplication:
-      allOf:
-        - $ref: '#/components/schemas/Application'
-        - type: object
-          properties:
-            credentials:
-              $ref: '#/components/schemas/ApplicationCredentials'
-            name:
-              type: string
-            settings:
-              $ref: '#/components/schemas/SamlApplicationSettings'
-    SamlApplicationSettings:
-      allOf:
-        - $ref: '#/components/schemas/ApplicationSettings'
-        - type: object
-          properties:
-            app:
-              $ref: '#/components/schemas/SamlApplicationSettingsApplication'
-            signOn:
-              $ref: '#/components/schemas/SamlApplicationSettingsSignOn'
-    SamlApplicationSettingsApplication:
-      type: object
-      properties:
-        acsUrl:
-          type: string
-        audRestriction:
-          type: string
-        baseUrl:
-          type: string
-    SamlApplicationSettingsSignOn:
-      type: object
-      properties:
-        acsEndpoints:
-          type: array
-          items:
-            $ref: '#/components/schemas/AcsEndpoint'
-        allowMultipleAcsEndpoints:
-          type: boolean
-        assertionSigned:
-          type: boolean
-        attributeStatements:
-          type: array
-          items:
-            $ref: '#/components/schemas/SamlAttributeStatement'
-        audience:
-          type: string
-        audienceOverride:
-          type: string
-        authnContextClassRef:
-          type: string
-        defaultRelayState:
-          type: string
-        destination:
-          type: string
-        destinationOverride:
-          type: string
-        digestAlgorithm:
-          type: string
-        honorForceAuthn:
-          type: boolean
-        idpIssuer:
-          type: string
-        inlineHooks:
-          items:
-            $ref: '#/components/schemas/SignOnInlineHook'
-          type: array
-        recipient:
-          type: string
-        recipientOverride:
-          type: string
-        requestCompressed:
-          type: boolean
-        responseSigned:
-          type: boolean
-        signatureAlgorithm:
-          type: string
-        slo:
-          $ref: '#/components/schemas/SingleLogout'
-        spCertificate:
-          $ref: '#/components/schemas/SpCertificate'
-        spIssuer:
-          type: string
-        ssoAcsUrl:
-          type: string
-        ssoAcsUrlOverride:
-          type: string
-        subjectNameIdFormat:
-          type: string
-        subjectNameIdTemplate:
-          type: string
-    SamlAttributeStatement:
-      type: object
-      properties:
-        filterType:
-          type: string
-        filterValue:
-          type: string
-        name:
-          type: string
-        namespace:
-          type: string
-        type:
-          type: string
-        values:
-          type: array
-          items:
-            type: string
-    ScheduledUserLifecycleAction:
-      type: object
-      properties:
-        status:
-          $ref: '#/components/schemas/PolicyUserStatus'
-    SchemeApplicationCredentials:
-      allOf:
-        - $ref: '#/components/schemas/ApplicationCredentials'
-        - type: object
-          properties:
-            password:
-              $ref: '#/components/schemas/PasswordCredential'
-            revealPassword:
-              type: boolean
-            scheme:
-              $ref: '#/components/schemas/ApplicationCredentialsScheme'
-            signing:
-              $ref: '#/components/schemas/ApplicationCredentialsSigning'
-            userName:
-              type: string
-    ScreenLockType:
-      type: string
-      x-okta-known-values:
-        - BIOMETRIC
-        - PASSCODE
-    SecurePasswordStoreApplication:
-      x-okta-defined-as:
-        name: template_sps
-      allOf:
-        - $ref: '#/components/schemas/Application'
-        - type: object
-          properties:
-            credentials:
-              $ref: '#/components/schemas/SchemeApplicationCredentials'
-            name:
-              type: string
-              default: template_sps
-            settings:
-              $ref: '#/components/schemas/SecurePasswordStoreApplicationSettings'
-    SecurePasswordStoreApplicationSettings:
-      allOf:
-        - $ref: '#/components/schemas/ApplicationSettings'
-        - type: object
-          properties:
-            app:
-              $ref: '#/components/schemas/SecurePasswordStoreApplicationSettingsApplication'
-    SecurePasswordStoreApplicationSettingsApplication:
-      type: object
-      properties:
-        optionalField1:
-          type: string
-        optionalField1Value:
-          type: string
-        optionalField2:
-          type: string
-        optionalField2Value:
-          type: string
-        optionalField3:
-          type: string
-        optionalField3Value:
-          type: string
-        passwordField:
-          type: string
-        url:
-          type: string
-        usernameField:
-          type: string
-    SecurityQuestion:
-      type: object
-      properties:
-        answer:
-          type: string
-        question:
-          type: string
-        questionText:
-          type: string
-    SecurityQuestionUserFactor:
-      allOf:
-        - $ref: '#/components/schemas/UserFactor'
-        - type: object
-          properties:
-            profile:
-              $ref: '#/components/schemas/SecurityQuestionUserFactorProfile'
-    SecurityQuestionUserFactorProfile:
-      type: object
-      properties:
-        answer:
-          type: string
-        question:
-          type: string
-        questionText:
-          type: string
-    SeedEnum:
-      type: string
-      x-okta-known-values:
-        - OKTA
-        - RANDOM
-    Session:
-      type: object
-      properties:
-        amr:
-          type: array
-          readOnly: true
-          items:
-            $ref: '#/components/schemas/SessionAuthenticationMethod'
-        createdAt:
-          type: string
-          format: date-time
-          readOnly: true
-        expiresAt:
-          type: string
-          format: date-time
-          readOnly: true
-        id:
-          type: string
-          readOnly: true
-        idp:
-          $ref: '#/components/schemas/SessionIdentityProvider'
-        lastFactorVerification:
-          type: string
-          format: date-time
-          readOnly: true
-        lastPasswordVerification:
-          type: string
-          format: date-time
-          readOnly: true
-        login:
-          type: string
-          readOnly: true
-        status:
-          $ref: '#/components/schemas/SessionStatus'
-        userId:
-          type: string
-          readOnly: true
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    SessionAuthenticationMethod:
-      type: string
-      x-okta-known-values:
-        - fpt
-        - geo
-        - hwk
-        - kba
-        - mca
-        - mfa
-        - otp
-        - pwd
-        - sc
-        - sms
-        - swk
-        - tel
-    SessionIdentityProvider:
-      type: object
-      properties:
-        id:
-          type: string
-          readOnly: true
-        type:
-          $ref: '#/components/schemas/SessionIdentityProviderType'
-    SessionIdentityProviderType:
-      type: string
-      x-okta-known-values:
-        - ACTIVE_DIRECTORY
-        - FEDERATION
-        - LDAP
-        - OKTA
-        - SOCIAL
-    SessionStatus:
-      type: string
-      x-okta-known-values:
-        - ACTIVE
-        - MFA_ENROLL
-        - MFA_REQUIRED
-    SignInPage:
-      allOf:
-        - $ref: '#/components/schemas/CustomizablePage'
-        - type: object
-          properties:
-            type:
-              $ref: '#/components/schemas/HostedPageType'
-            url:
-              type: string
-            widgetCustomizations:
-              type: object
-              properties:
-                signInLabel:
-                  type: string
-                usernameLabel:
-                  type: string
-                usernameInfoTip:
-                  type: string
-                passwordLabel:
-                  type: string
-                passwordInfoTip:
-                  type: string
-                showPasswordVisibilityToggle:
-                  type: boolean
-                showUserIdentifier:
-                  type: boolean
-                forgotPasswordLabel:
-                  type: string
-                forgotPasswordUrl:
-                  type: string
-                unlockAccountLabel:
-                  type: string
-                unlockAccountUrl:
-                  type: string
-                helpLabel:
-                  type: string
-                helpUrl:
-                  type: string
-                customLink1Label:
-                  type: string
-                customLink1Url:
-                  type: string
-                customLink2Label:
-                  type: string
-                customLink2Url:
-                  type: string
-                authenticatorPageCustomLinkLabel:
-                  type: string
-                authenticatorPageCustomLinkUrl:
-                  type: string
-                classicRecoveryFlowEmailOrUsernameLabel:
-                  type: string
-            widgetVersion:
-              $ref: '#/components/schemas/Version'
-          required:
-            - type
-    SignInPageTouchPointVariant:
-      type: string
-      x-okta-known-values:
-        - BACKGROUND_IMAGE
-        - BACKGROUND_SECONDARY_COLOR
-        - OKTA_DEFAULT
-    SignOnInlineHook:
-      properties:
-        id:
-          type: string
-          readOnly: false
-    SingleLogout:
-      type: object
-      properties:
-        enabled:
-          type: boolean
-        issuer:
-          type: string
-        logoutUrl:
-          type: string
-    SmsTemplate:
-      type: object
-      properties:
-        created:
-          type: string
-          format: date-time
-          readOnly: true
-        id:
-          type: string
-          readOnly: true
-        lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        name:
-          type: string
-        template:
-          type: string
-        translations:
-          $ref: '#/components/schemas/SmsTemplateTranslations'
-        type:
-          $ref: '#/components/schemas/SmsTemplateType'
-    SmsTemplateTranslations:
-      type: object
-      x-okta-extensible: true
-    SmsTemplateType:
-      type: string
-      x-okta-known-values:
-        - SMS_VERIFY_CODE
-    SmsUserFactor:
-      allOf:
-        - $ref: '#/components/schemas/UserFactor'
-        - type: object
-          properties:
-            profile:
-              $ref: '#/components/schemas/SmsUserFactorProfile'
-    SmsUserFactorProfile:
-      type: object
-      properties:
-        phoneNumber:
-          type: string
-    SocialAuthToken:
-      type: object
-      properties:
-        expiresAt:
-          type: string
-          format: date-time
-          readOnly: true
-        id:
-          type: string
-          readOnly: true
-        scopes:
-          type: array
-          items:
-            type: string
-        token:
-          type: string
-        tokenAuthScheme:
-          type: string
-        tokenType:
-          type: string
-    SpCertificate:
-      type: object
-      properties:
-        x5c:
-          type: array
-          items:
-            type: string
-    Subscription:
-      type: object
-      properties:
-        channels:
-          items:
-            type: string
-          type: array
-        notificationType:
-          $ref: '#/components/schemas/NotificationType'
-        status:
-          $ref: '#/components/schemas/SubscriptionStatus'
-        _links:
-          additionalProperties:
-            type: object
-          readOnly: true
-          type: object
-    SubscriptionStatus:
-      type: string
-      x-okta-known-values:
-        - subscribed
-        - unsubscribed
-    SwaApplicationSettings:
-      allOf:
-        - $ref: '#/components/schemas/ApplicationSettings'
-        - type: object
-          properties:
-            app:
-              $ref: '#/components/schemas/SwaApplicationSettingsApplication'
-    SwaApplicationSettingsApplication:
-      type: object
-      properties:
-        buttonField:
-          type: string
-        buttonSelector:
-          type: string
-        checkbox:
-          type: string
-        extraFieldSelector:
-          type: string
-        extraFieldValue:
-          type: string
-        loginUrlRegex:
-          type: string
-        passwordField:
-          type: string
-        passwordSelector:
-          type: string
-        redirectUrl:
-          type: string
-        targetURL:
-          type: string
-        url:
-          type: string
-        usernameField:
-          type: string
-        userNameSelector:
-          type: string
-    TempPassword:
-      type: object
-      properties:
-        tempPassword:
-          type: string
-          readOnly: true
-    Theme:
-      type: object
-      properties:
-        backgroundImage:
-          readOnly: true
-          type: string
-        emailTemplateTouchPointVariant:
-          $ref: '#/components/schemas/EmailTemplateTouchPointVariant'
-        endUserDashboardTouchPointVariant:
-          $ref: '#/components/schemas/EndUserDashboardTouchPointVariant'
-        errorPageTouchPointVariant:
-          $ref: '#/components/schemas/ErrorPageTouchPointVariant'
-        primaryColorContrastHex:
-          type: string
-        primaryColorHex:
-          type: string
-        secondaryColorContrastHex:
-          type: string
-        secondaryColorHex:
-          type: string
-        signInPageTouchPointVariant:
-          $ref: '#/components/schemas/SignInPageTouchPointVariant'
-        _links:
-          additionalProperties:
-            type: object
-          readOnly: true
-          type: object
-    ThemeResponse:
-      type: object
-      properties:
-        backgroundImage:
-          readOnly: true
-          type: string
-        emailTemplateTouchPointVariant:
-          $ref: '#/components/schemas/EmailTemplateTouchPointVariant'
-        endUserDashboardTouchPointVariant:
-          $ref: '#/components/schemas/EndUserDashboardTouchPointVariant'
-        errorPageTouchPointVariant:
-          $ref: '#/components/schemas/ErrorPageTouchPointVariant'
-        favicon:
-          readOnly: true
-          type: string
-        id:
-          readOnly: true
-          type: string
-        logo:
-          readOnly: true
-          type: string
-        primaryColorContrastHex:
-          type: string
-        primaryColorHex:
-          type: string
-        secondaryColorContrastHex:
-          type: string
-        secondaryColorHex:
-          type: string
-        signInPageTouchPointVariant:
-          $ref: '#/components/schemas/SignInPageTouchPointVariant'
-        _links:
-          additionalProperties:
-            type: object
-          readOnly: true
-          type: object
-    ThreatInsightConfiguration:
-      type: object
-      properties:
-        action:
-          type: string
-        created:
-          type: string
-          format: date-time
-          readOnly: true
-        excludeZones:
-          type: array
-          items:
-            type: string
-        lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    TimeDuration:
-      description: A time duration specified as an [ISO-8601 duration](https://en.wikipedia.org/wiki/ISO_8601#Durations).
-      type: string
-      pattern: ^P(?!$)(\d+Y)?(\d+M)?(\d+W)?(\d+D)?(T(?=\d)(\d+H)?(\d+M)?(\d+S)?)?$
-    TokenAuthorizationServerPolicyRuleAction:
-      type: object
-      properties:
-        accessTokenLifetimeMinutes:
-          type: integer
-        inlineHook:
-          $ref: '#/components/schemas/TokenAuthorizationServerPolicyRuleActionInlineHook'
-        refreshTokenLifetimeMinutes:
-          type: integer
-        refreshTokenWindowMinutes:
-          type: integer
-    TokenAuthorizationServerPolicyRuleActionInlineHook:
-      type: object
-      properties:
-        id:
-          type: string
-          readOnly: false
-    TokenUserFactor:
-      allOf:
-        - $ref: '#/components/schemas/UserFactor'
-        - type: object
-          properties:
-            profile:
-              $ref: '#/components/schemas/TokenUserFactorProfile'
-    TokenUserFactorProfile:
-      type: object
-      properties:
-        credentialId:
-          type: string
-    TotpUserFactor:
-      allOf:
-        - $ref: '#/components/schemas/UserFactor'
-        - type: object
-          properties:
-            profile:
-              $ref: '#/components/schemas/TotpUserFactorProfile'
-    TotpUserFactorProfile:
-      type: object
-      properties:
-        credentialId:
-          type: string
-    TrustedOrigin:
-      type: object
-      properties:
-        created:
-          type: string
-          format: date-time
-          readOnly: true
-        createdBy:
-          type: string
-        id:
-          type: string
-          readOnly: true
-        lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        lastUpdatedBy:
-          type: string
-        name:
-          type: string
-        origin:
-          type: string
-        scopes:
-          type: array
-          items:
-            $ref: '#/components/schemas/TrustedOriginScope'
-        status:
-          type: string
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    TrustedOriginScope:
-      type: object
-      properties:
-        allowedOktaApps:
-          type: array
-          items:
-            $ref: '#/components/schemas/IframeEmbedScopeAllowedApps'
-        type:
-          $ref: '#/components/schemas/TrustedOriginScopeType'
-    TrustedOriginScopeType:
-      type: string
-      x-okta-known-values:
-        - CORS
-        - IFRAME_EMBED
-        - REDIRECT
-    U2fUserFactor:
-      allOf:
-        - $ref: '#/components/schemas/UserFactor'
-        - type: object
-          properties:
-            profile:
-              $ref: '#/components/schemas/U2fUserFactorProfile'
-    U2fUserFactorProfile:
-      type: object
-      properties:
-        credentialId:
-          type: string
-    UpdateEmailDomain:
-      allOf:
-        - $ref: '#/components/schemas/BaseEmailDomain'
-    UpdateUserRequest:
-      type: object
-      properties:
-        credentials:
-          $ref: '#/components/schemas/UserCredentials'
-        profile:
-          $ref: '#/components/schemas/UserProfile'
-    User:
-      type: object
-      properties:
-        activated:
-          type: string
-          format: date-time
-          readOnly: true
-          nullable: true
-        created:
-          type: string
-          format: date-time
-          readOnly: true
-        credentials:
-          $ref: '#/components/schemas/UserCredentials'
-        id:
-          type: string
-          readOnly: true
-        lastLogin:
-          type: string
-          format: date-time
-          readOnly: true
-          nullable: true
-        lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        passwordChanged:
-          type: string
-          format: date-time
-          readOnly: true
-          nullable: true
-        profile:
-          $ref: '#/components/schemas/UserProfile'
-        status:
-          $ref: '#/components/schemas/UserStatus'
-        statusChanged:
-          type: string
-          format: date-time
-          readOnly: true
-          nullable: true
-        transitioningToStatus:
-          $ref: '#/components/schemas/UserStatus'
-        type:
-          $ref: '#/components/schemas/UserType'
-        _embedded:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    UserActivationToken:
-      type: object
-      properties:
-        activationToken:
-          type: string
-          readOnly: true
-        activationUrl:
-          type: string
-          readOnly: true
-    UserCondition:
-      type: object
-      properties:
-        exclude:
-          type: array
-          items:
-            type: string
-        include:
-          type: array
-          items:
-            type: string
-    UserCredentials:
-      type: object
-      properties:
-        password:
-          $ref: '#/components/schemas/PasswordCredential'
-        provider:
-          $ref: '#/components/schemas/AuthenticationProvider'
-        recovery_question:
-          $ref: '#/components/schemas/RecoveryQuestionCredential'
-    UserFactor:
-      type: object
-      properties:
-        created:
-          type: string
-          format: date-time
-          readOnly: true
-        factorType:
-          $ref: '#/components/schemas/FactorType'
-        id:
-          type: string
-          readOnly: true
-        lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        provider:
-          $ref: '#/components/schemas/FactorProvider'
-        status:
-          $ref: '#/components/schemas/FactorStatus'
-        verify:
-          $ref: '#/components/schemas/VerifyFactorRequest'
-        _embedded:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-      discriminator:
-        propertyName: factorType
-        mapping:
-          call: '#/components/schemas/CallUserFactor'
-          email: '#/components/schemas/EmailUserFactor'
-          push: '#/components/schemas/PushUserFactor'
-          question: '#/components/schemas/SecurityQuestionUserFactor'
-          sms: '#/components/schemas/SmsUserFactor'
-          token: '#/components/schemas/TokenUserFactor'
-          token:hardware: '#/components/schemas/HardwareUserFactor'
-          token:hotp: '#/components/schemas/CustomHotpUserFactor'
-          token:software:totp: '#/components/schemas/TotpUserFactor'
-          u2f: '#/components/schemas/U2fUserFactor'
-          web: '#/components/schemas/WebUserFactor'
-          webauthn: '#/components/schemas/WebAuthnUserFactor'
-          hotp: '#/components/schemas/CustomHotpUserFactor'
-    UserIdentifierConditionEvaluatorPattern:
-      type: object
-      properties:
-        matchType:
-          $ref: '#/components/schemas/UserIdentifierMatchType'
-        value:
-          type: string
-    UserIdentifierMatchType:
-      type: string
-      x-okta-known-values:
-        - CONTAINS
-        - EQUALS
-        - EXPRESSION
-        - STARTS_WITH
-        - SUFFIX
-    UserIdentifierPolicyRuleCondition:
-      type: object
-      properties:
-        attribute:
-          type: string
-        patterns:
-          type: array
-          items:
-            $ref: '#/components/schemas/UserIdentifierConditionEvaluatorPattern'
-        type:
-          $ref: '#/components/schemas/UserIdentifierType'
-    UserIdentifierType:
-      type: string
-      x-okta-known-values:
-        - ATTRIBUTE
-        - IDENTIFIER
-    UserIdentityProviderLinkRequest:
-      type: object
-      properties:
-        externalId:
-          type: string
-    UserLifecycleAttributePolicyRuleCondition:
-      type: object
-      properties:
-        attributeName:
-          type: string
-        matchingValue:
-          type: string
-    UserNextLogin:
-      type: string
-      x-okta-known-values:
-        - changePassword
-    UserPolicyRuleCondition:
-      type: object
-      properties:
-        exclude:
-          type: array
-          items:
-            type: string
-        inactivity:
-          $ref: '#/components/schemas/InactivityPolicyRuleCondition'
-        include:
-          type: array
-          items:
-            type: string
-        lifecycleExpiration:
-          $ref: '#/components/schemas/LifecycleExpirationPolicyRuleCondition'
-        passwordExpiration:
-          $ref: '#/components/schemas/PasswordExpirationPolicyRuleCondition'
-        userLifecycleAttribute:
-          $ref: '#/components/schemas/UserLifecycleAttributePolicyRuleCondition'
-    UserProfile:
-      type: object
-      additionalProperties: true
-      properties:
-        city:
-          type: string
-          maxLength: 128
-          nullable: true
-        costCenter:
-          type: string
-        countryCode:
-          type: string
-          maxLength: 2
-          nullable: true
-        department:
-          type: string
-        displayName:
-          type: string
-        division:
-          type: string
-        email:
-          type: string
-          format: email
-          minLength: 5
-          maxLength: 100
-        employeeNumber:
-          type: string
-        firstName:
-          type: string
-          minLength: 1
-          maxLength: 50
-          nullable: true
-        honorificPrefix:
-          type: string
-        honorificSuffix:
-          type: string
-        lastName:
-          type: string
-          minLength: 1
-          maxLength: 50
-          nullable: true
-        locale:
-          $ref: '#/components/schemas/Language'
-        login:
-          type: string
-          maxLength: 100
-        manager:
-          type: string
-        managerId:
-          type: string
-        middleName:
-          type: string
-        mobilePhone:
-          type: string
-          maxLength: 100
-          nullable: true
-        nickName:
-          type: string
-        organization:
-          type: string
-        postalAddress:
-          type: string
-          maxLength: 4096
-          nullable: true
-        preferredLanguage:
-          type: string
-        primaryPhone:
-          type: string
-          maxLength: 100
-          nullable: true
-        profileUrl:
-          type: string
-        secondEmail:
-          type: string
-          format: email
-          minLength: 5
-          maxLength: 100
-          nullable: true
-        state:
-          type: string
-          maxLength: 128
-          nullable: true
-        streetAddress:
-          type: string
-          maxLength: 1024
-          nullable: true
-        timezone:
-          type: string
-        title:
-          type: string
-        userType:
-          type: string
-        zipCode:
-          type: string
-          maxLength: 50
-          nullable: true
-    UserSchema:
-      type: object
-      properties:
-        $schema:
-          type: string
-          readOnly: true
-        created:
-          type: string
-          readOnly: true
-        definitions:
-          $ref: '#/components/schemas/UserSchemaDefinitions'
-        id:
-          type: string
-          readOnly: true
-        lastUpdated:
-          type: string
-          readOnly: true
-        name:
-          type: string
-          readOnly: true
-        properties:
-          $ref: '#/components/schemas/UserSchemaProperties'
-        title:
-          type: string
-        type:
-          type: string
-          readOnly: true
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    UserSchemaAttribute:
-      type: object
-      properties:
-        description:
-          type: string
-        enum:
-          type: array
-          items:
-            type: string
-        externalName:
-          type: string
-        externalNamespace:
-          type: string
-        items:
-          $ref: '#/components/schemas/UserSchemaAttributeItems'
-        master:
-          $ref: '#/components/schemas/UserSchemaAttributeMaster'
-        maxLength:
-          type: integer
-        minLength:
-          type: integer
-        mutability:
-          type: string
-        oneOf:
-          type: array
-          items:
-            $ref: '#/components/schemas/UserSchemaAttributeEnum'
-        pattern:
-          type: string
-        permissions:
-          type: array
-          items:
-            $ref: '#/components/schemas/UserSchemaAttributePermission'
-        required:
-          type: boolean
-        scope:
-          $ref: '#/components/schemas/UserSchemaAttributeScope'
-        title:
-          type: string
-        type:
-          $ref: '#/components/schemas/UserSchemaAttributeType'
-        union:
-          $ref: '#/components/schemas/UserSchemaAttributeUnion'
-        unique:
-          type: string
-      x-okta-allow-null-property-value-for-updates: true
-    UserSchemaAttributeEnum:
-      type: object
-      properties:
-        const:
-          type: string
-        title:
-          type: string
-    UserSchemaAttributeItems:
-      type: object
-      properties:
-        enum:
-          type: array
-          items:
-            type: string
-        oneOf:
-          type: array
-          items:
-            $ref: '#/components/schemas/UserSchemaAttributeEnum'
-        type:
-          type: string
-    UserSchemaAttributeMaster:
-      type: object
-      properties:
-        priority:
-          type: array
-          items:
-            $ref: '#/components/schemas/UserSchemaAttributeMasterPriority'
-        type:
-          $ref: '#/components/schemas/UserSchemaAttributeMasterType'
-    UserSchemaAttributeMasterPriority:
-      type: object
-      properties:
-        type:
-          type: string
-        value:
-          type: string
-    UserSchemaAttributeMasterType:
-      type: string
-      x-okta-known-values:
-        - OKTA
-        - OVERRIDE
-        - PROFILE_MASTER
-    UserSchemaAttributePermission:
-      type: object
-      properties:
-        action:
-          type: string
-        principal:
-          type: string
-    UserSchemaAttributeScope:
-      type: string
-      x-okta-known-values:
-        - NONE
-        - SELF
-    UserSchemaAttributeType:
-      type: string
-      x-okta-known-values:
-        - array
-        - boolean
-        - integer
-        - number
-        - string
-    UserSchemaAttributeUnion:
-      type: string
-      x-okta-known-values:
-        - DISABLE
-        - ENABLE
-    UserSchemaBase:
-      type: object
-      properties:
-        id:
-          type: string
-        properties:
-          $ref: '#/components/schemas/UserSchemaBaseProperties'
-        required:
-          type: array
-          items:
-            type: string
-        type:
-          type: string
-    UserSchemaBaseProperties:
-      type: object
-      properties:
-        city:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        costCenter:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        countryCode:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        department:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        displayName:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        division:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        email:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        employeeNumber:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        firstName:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        honorificPrefix:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        honorificSuffix:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        lastName:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        locale:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        login:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        manager:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        managerId:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        middleName:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        mobilePhone:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        nickName:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        organization:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        postalAddress:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        preferredLanguage:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        primaryPhone:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        profileUrl:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        secondEmail:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        state:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        streetAddress:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        timezone:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        title:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        userType:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-        zipCode:
-          $ref: '#/components/schemas/UserSchemaAttribute'
-    UserSchemaDefinitions:
-      type: object
-      properties:
-        base:
-          $ref: '#/components/schemas/UserSchemaBase'
-        custom:
-          $ref: '#/components/schemas/UserSchemaPublic'
-    UserSchemaProperties:
-      type: object
-      properties:
-        profile:
-          $ref: '#/components/schemas/UserSchemaPropertiesProfile'
-    UserSchemaPropertiesProfile:
-      type: object
-      properties:
-        allOf:
-          type: array
-          items:
-            $ref: '#/components/schemas/UserSchemaPropertiesProfileItem'
-    UserSchemaPropertiesProfileItem:
-      type: object
-      properties:
-        $ref:
-          type: string
-    UserSchemaPublic:
-      type: object
-      properties:
-        id:
-          type: string
-        properties:
-          type: object
-          additionalProperties:
-            $ref: '#/components/schemas/UserSchemaAttribute'
-        required:
-          type: array
-          items:
-            type: string
-        type:
-          type: string
-    UserStatus:
-      type: string
-      x-okta-known-values:
-        - ACTIVE
-        - DEPROVISIONED
-        - LOCKED_OUT
-        - PASSWORD_EXPIRED
-        - PROVISIONED
-        - RECOVERY
-        - STAGED
-        - SUSPENDED
-    UserStatusPolicyRuleCondition:
-      type: object
-      properties:
-        value:
-          $ref: '#/components/schemas/PolicyUserStatus'
-    UserType:
-      type: object
-      properties:
-        created:
-          type: string
-          format: date-time
-          readOnly: true
-        createdBy:
-          type: string
-          readOnly: true
-        default:
-          type: boolean
-          readOnly: true
-        description:
-          type: string
-        displayName:
-          type: string
-        id:
-          type: string
-        lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
-        lastUpdatedBy:
-          type: string
-          readOnly: true
-        name:
-          type: string
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    UserTypeCondition:
-      properties:
-        exclude:
-          items:
-            type: string
-          type: array
-        include:
-          items:
-            type: string
-          type: array
-    UserVerificationEnum:
-      type: string
-      x-okta-known-values:
-        - PREFERRED
-        - REQUIRED
-    VerificationMethod:
-      type: object
-      properties:
-        constraints:
-          items:
-            $ref: '#/components/schemas/AccessPolicyConstraints'
-          type: array
-        factorMode:
-          type: string
-        reauthenticateIn:
-          type: string
-        type:
-          type: string
-    VerifyFactorRequest:
-      type: object
-      properties:
-        activationToken:
-          type: string
-        answer:
-          type: string
-        attestation:
-          type: string
-        clientData:
-          type: string
-        nextPassCode:
-          type: string
-        passCode:
-          type: string
-        registrationData:
-          type: string
-        stateToken:
-          type: string
-    VerifyUserFactorResponse:
-      type: object
-      properties:
-        expiresAt:
-          type: string
-          format: date-time
-          readOnly: true
-        factorResult:
-          $ref: '#/components/schemas/VerifyUserFactorResult'
-        factorResultMessage:
-          type: string
-        _embedded:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-        _links:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-    VerifyUserFactorResult:
-      type: string
-      x-okta-known-values:
-        - CHALLENGE
-        - ERROR
-        - EXPIRED
-        - FAILED
-        - PASSCODE_REPLAYED
-        - REJECTED
-        - SUCCESS
-        - TIMEOUT
-        - TIME_WINDOW_EXCEEDED
-        - WAITING
-    Version:
-      description: The version specified as a [Semantic Version](https://semver.org/).
-      type: string
-      pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$
-    VersionObject:
-      type: object
-      properties:
-        minimum:
-          type: string
-    WebAuthnUserFactor:
-      allOf:
-        - $ref: '#/components/schemas/UserFactor'
-        - type: object
-          properties:
-            profile:
-              $ref: '#/components/schemas/WebAuthnUserFactorProfile'
-    WebAuthnUserFactorProfile:
-      type: object
-      properties:
-        authenticatorName:
-          type: string
-        credentialId:
-          type: string
-    WebUserFactor:
-      allOf:
-        - $ref: '#/components/schemas/UserFactor'
-        - type: object
-          properties:
-            profile:
-              $ref: '#/components/schemas/WebUserFactorProfile'
-    WebUserFactorProfile:
-      type: object
-      properties:
-        credentialId:
-          type: string
-    WsFederationApplication:
-      x-okta-defined-as:
-        name: template_wsfed
-      allOf:
-        - $ref: '#/components/schemas/Application'
-        - type: object
-          properties:
-            name:
-              type: string
-              default: template_wsfed
-            settings:
-              $ref: '#/components/schemas/WsFederationApplicationSettings'
-    WsFederationApplicationSettings:
-      allOf:
-        - $ref: '#/components/schemas/ApplicationSettings'
-        - type: object
-          properties:
-            app:
-              $ref: '#/components/schemas/WsFederationApplicationSettingsApplication'
-    WsFederationApplicationSettingsApplication:
-      type: object
-      properties:
-        attributeStatements:
-          type: string
-        audienceRestriction:
-          type: string
-        authnContextClassRef:
-          type: string
-        groupFilter:
-          type: string
-        groupName:
-          type: string
-        groupValueFormat:
-          type: string
-        nameIDFormat:
-          type: string
-        realm:
-          type: string
-        siteURL:
-          type: string
-        usernameAttribute:
-          type: string
-        wReplyOverride:
-          type: boolean
-        wReplyURL:
-          type: string
-  responses:
-    ErrorApiValidationFailed400:
-      description: Bad Request
-      content:
-        application/json:
-          schema:
-            $ref: '#/components/schemas/Error'
-          examples:
-            API Validation Failed:
-              $ref: '#/components/examples/ErrorApiValidationFailed'
-    ErrorAccessDenied403:
-      description: Forbidden
-      content:
-        application/json:
-          schema:
-            $ref: '#/components/schemas/Error'
-          examples:
-            Access Denied:
-              $ref: '#/components/examples/ErrorAccessDenied'
-    ErrorResourceNotFound404:
-      description: Not Found
-      content:
-        application/json:
-          schema:
-            $ref: '#/components/schemas/Error'
-          examples:
-            Resource Not Found:
-              $ref: '#/components/examples/ErrorResourceNotFound'
-    ErrorTooManyRequests429:
-      description: Too Many Requests
-      content:
-        application/json:
-          schema:
-            $ref: '#/components/schemas/Error'
-          examples:
-            Resource Not Found:
-              $ref: '#/components/examples/ErrorTooManyRequests'
diff --git a/openapi3/management-old.yaml b/openapi3/management-old.yaml
new file mode 100644
index 000000000..94b976026
--- /dev/null
+++ b/openapi3/management-old.yaml
@@ -0,0 +1,32401 @@
+openapi: 3.0.3
+info:
+  title: Okta Admin Management
+  description: Allows customers to easily access the Okta Management APIs
+  termsOfService: https://developer.okta.com/terms/
+  contact:
+    name: Okta Developer Team
+    url: https://developer.okta.com/
+    email: devex-public@okta.com
+  license:
+    name: Apache-2.0
+    url: https://www.apache.org/licenses/LICENSE-2.0.html
+  version: 5.1.0
+  x-logo:
+    url: logo.svg
+    backgroundColor: transparent
+    altText: Okta Developer
+externalDocs:
+  description: Find more info here
+  url: https://developer.okta.com/docs/reference/core-okta-api/#design-principles
+servers:
+  - url: https://{yourOktaDomain}
+    variables:
+      yourOktaDomain:
+        default: subdomain.okta.com
+        description: The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains.
+tags:
+  - name: AgentPools
+    x-displayName: Agent Pools
+    description: The Agent Pools API provides operation to manage the update settings of the agents for your organization.
+  - name: ApiServiceIntegrations
+    x-displayName: API Service Integrations
+    description: |
+      This API provides operations to manage API service integration instances in your organization.
+
+      For a current list of available API service integrations, see the [Okta Integration Network catalog](https://www.okta.com/integrations/?capability=api).
+
+      See [Add an API Service Integration](https://help.okta.com/okta_help.htm?type=oie&id=ext-add-api-service-integration) for corresponding admin instructions using the Admin Console.
+      If you want to build an API service integration, see [API service integrations in the OIN](https://developer.okta.com/docs/guides/oin-api-service-overview/).
+  - name: ApiToken
+    x-displayName: API Tokens
+    description: The API Tokens API provides operations to manage SSWS API tokens for your organization.
+  - name: Application
+    x-displayName: Applications
+    description: The Applications API provides operations to manage applications and/or assignments to users or groups for your organization.
+  - name: ApplicationConnections
+    x-displayName: Application Connections
+    description: |
+      The Application Connections API provides operations for configuring connections to an app.
+
+      Currently, only the Okta Org2Org app provisioning connection is supported in this API.
+  - name: ApplicationCredentials
+    x-displayName: Application Credentials
+    description: |
+      Specifies credentials and scheme for the application's `signOnMode`
+
+      ### Application Key Credential
+      The application Key Credential object defines a [JSON Web Key](https://datatracker.ietf.org/doc/html/rfc7517) for a signature or encryption credential for an application.
+
+      > **Notes:**
+      > * To update the app, you can provide just the Signing Credential object instead of the entire Application Credential object.
+      > * Currently only the X.509 JWK format is supported for applications with the `SAML_2_0` sign-on mode.
+  - name: ApplicationFeatures
+    x-displayName: Application Features
+    description: |
+      The Feature object is used to configure feature settings for the application.
+
+      The only feature this API currently supports is `USER_PROVISIONING` for the Org2Org application type.
+      The `USER_PROVISIONING` feature is the same as the **To App** provisioning setting in the Admin Console.
+      Enable this feature to:
+      * Create Users
+      * Update User Attributes
+      * Deactivate Users
+      * Sync Password
+  - name: ApplicationGrants
+    x-displayName: Application Grants
+    description: |
+      The Application Grants API provides a set of operations to manage scope consent grants for an app.
+
+      A scope consent grant represents an app's permission to include specific Okta scopes in OAuth 2.0 Bearer tokens.
+      If the app doesn't have permission to grant consent for a particular Okta scope, token requests that contain the scope are denied.
+  - name: ApplicationGroups
+    x-displayName: Application Groups
+    description: Groups assigned to an application
+  - name: ApplicationLogos
+    x-displayName: Application Logos
+    description: Provides a resource to manage the application instance logo
+  - name: ApplicationPolicies
+    x-displayName: Application Policies
+    description: Provides a resource to manage authentication policies associated with an application
+  - name: ApplicationSSO
+    x-displayName: Application SSO
+    description: Provides a Single Sign-On (SSO) resource for an application
+  - name: ApplicationTokens
+    x-displayName: Application Tokens
+    description: Application OAuth 2.0 token operations
+  - name: ApplicationUsers
+    x-displayName: Application Users
+    description: Application user operations
+  - name: AttackProtection
+    x-displayName: Attack Protection
+    description: The Attack Protection API provides operations to configure the User Lockout Settings in your org to prevent brute-force attacks.
+  - name: Authenticator
+    x-displayName: Authenticators
+    description: |-
+      The Authenticators Administration API provides operations to configure which Authenticators are available to end users for use when signing in to applications.
+
+      End users are required to use one or more Authenticators depending on the security requirements of the authentication policy.
+
+      Okta Identity Engine currently supports Authenticators for the following factors:
+
+      **Knowledge-based:**
+
+      * Password
+      * Security Question
+
+      **Possession-based:**
+
+      * Phone (SMS, Voice Call)
+      * Email
+      * WebAuthn
+      * Duo
+      * Custom App
+  - name: AuthorizationServer
+    x-displayName: Authorization Servers
+    description: Authorization Servers generate OAuth 2.0 and OpenID Connect tokens, including access tokens and ID tokens. The Okta Management API gives you the ability to configure and manage Authorization Servers and the security policies that are attached to them.
+  - name: Behavior
+    x-displayName: Behavior Rules
+    description: The Behavior Rules API provides operations to manage the behavior detection rules for your organization.
+  - name: CAPTCHA
+    x-displayName: CAPTCHAs
+    description: |-
+      As an option to increase org security, Okta supports CAPTCHA services to prevent automated sign-in attempts. You can integrate one of two providers: [hCaptcha](https://www.hcaptcha.com/) or [reCAPTCHA v2](https://developers.google.com/recaptcha/docs/invisible).
+
+      The vendor implementations supported by Okta are both invisible. They each run risk-analysis software in the background during user sign in to determine the likelihood that the user is a bot. This risk analysis is based on the settings that you configure with the provider that you choose.
+
+      Before you configure your org to use CAPTCHA, sign in to the vendor of your choice or sign up for an account. For more details, refer to [CAPTCHA integration](https://help.okta.com/okta_help.htm?type=oie&id=csh-captcha).
+  - name: CustomDomain
+    x-displayName: Custom Domains
+    description: The Custom Domains API provides operations to manage custom domains for your organization.
+  - name: Customization
+    x-displayName: Customizations
+    description: |-
+      The Brands API allows you to customize the look and feel of pages and templates, such as the Okta-hosted sign-in page, error pages, email templates, and the Okta End-User Dashboard.
+
+      Each new org contains Okta default branding. You can upload your own assets (colors, background image, logo, and favicon) to replace the default assets and publish these assets directly to your pages and templates.
+  - name: Device
+    x-displayName: Devices
+    description: |-
+      The Okta Devices API provides a centralized integration platform to fetch and manage device information. Okta administrators can use these APIs to manage workforce identity Device object information.
+
+      The Devices API supports the following **Device Operations**:
+      * Get, Delete Device objects.
+      * Perform lifecycle transitions on the Device objects.
+        Device lifecycle is defined as transitions of the Device Status by the associated operations. The Device object follows a predefined lifecycle transition flow. Device Lifecycle operations are idempotent and its calls are synchronous.
+
+      The Devices API supports the following **Authorization Schemes**:
+      * SSWS - [API tokens](https://developer.okta.com/docs/reference/core-okta-api/#authentication)
+      * Bearer - [OAuth2.0 and OpenID Connect](https://developer.okta.com/docs/concepts/oauth-openid/)
+
+      > **Note:** For devices to enroll in Okta and show up in the Devices API, the following actions are required:
+      > 1. Admins - Enable Okta FastPass. See [Enable FastPass](https://help.okta.com/okta_help.htm?type=oie&id=ext-fp-enable)
+      > 2. End users with existing mobile Okta Verify enrollments - After you upgrade your org to Okta Identity Engine, direct end users with existing Okta Verify enrollments to use [FastPass](https://help.okta.com/okta_help.htm?type=oie&id=csh-fp-main).
+
+      > **Note:** End users with a new enrollment in Okta Verify on an Okta Identity Engine org have a device record created in the device inventory by default.
+      See [Device Registration](https://help.okta.com/okta_help.htm?type=oie&id=csh-device-registration), [Login Using Okta Verify](https://help.okta.com/okta_help.htm?type=eu&id=ext-ov-user-overview).
+  - name: DeviceAssurance
+    x-displayName: Device Assurance Policies
+    description: The Device Assurance Policies API provides operations to manage device assurance policies in your organization.
+  - name: EmailDomain
+    x-displayName: Email Domains
+    description: The Email Domains API provides operations to manage email domains for your organization.
+  - name: EmailServer
+    x-displayName: Email Servers
+    description: The Okta Email Servers API provides operations to manage custom email SMTP servers for your organization.
+  - name: EventHook
+    x-displayName: Event Hooks
+    description: |-
+      The Event Hooks API provides operations to manage event hooks for your organization.
+
+      For general information on event hooks and how to create and use them, see [Event hooks](https://developer.okta.com/docs/concepts/event-hooks/). The following documentation is only for the management API, which provides a CRUD interface for registering event hooks.
+
+      For a step-by-step guide on implementing an example event hook, see the [Event hook](https://developer.okta.com/docs/guides/event-hook-implementation/) guide.
+  - name: Feature
+    x-displayName: Features
+    description: |-
+      The Okta Features API provides operations to manage self-service Early Access (EA) and Beta features in your org.
+
+      > **Note:** Important background information for this API is available on the [Feature Lifecycle Management](https://developer.okta.com/docs/concepts/feature-lifecycle-management/) page.
+  - name: Group
+    x-displayName: Groups
+    description: The Groups API provides operations to manage Okta Groups and their user members for your organization.
+  - name: HookKey
+    x-displayName: Hook Keys
+    description: The Hook Keys API provides operations to manage hook keys for your organization.
+  - name: IdentityProvider
+    x-displayName: Identity Providers
+    description: The Identity Providers API provides operations to manage federations with external Identity Providers (IdP). For example, your app can support signing in with credentials from Apple, Facebook, Google, LinkedIn, Microsoft, an enterprise IdP using SAML 2.0, or an IdP using the OpenID Connect (`OIDC`) protocol.
+  - name: IdentitySource
+    x-displayName: Identity Sources
+    description: The Okta Identity Source API provides a mechanism to synchronize an HR source (the custom identity source) with Okta user profiles in an org.
+  - name: InlineHook
+    x-displayName: Inline Hooks
+    description: |-
+      The Inline Hooks API provides operations to manage inline hooks for your organization.
+
+      For general information on inline hooks and how to create and use them, see [inline hooks](https://developer.okta.com/docs/concepts/inline-hooks/). The following documentation is only for the management API, which provides a CRUD interface for registering inline hooks.
+  - name: LinkedObject
+    x-displayName: Linked Objects
+    description: |-
+      Users have relationships to each other, like manager and subordinate or customer and sales representative. You can create users with relationships by using the Linked Objects API to represent the relationship.
+
+      1. Create a Linked Object definition such as Manager:Subordinate or Case Worker:Client. These pairs are represented by a `primary` attribute and an `associated` attribute.
+      2. Link users together to create the relationship between the two. You create a Linked Object value with a single request that links one `primary` and one `associated` user.
+
+      For each relationship:
+
+      * A user has at most one `primary` link (a user has a single manager), but can have many `associated` links (a user can have many subordinates).
+      * A user can be the `primary` in one relationship and the `associated` in another.
+      * A user can be both the `primary` and `associated` in the same relationship.
+
+      Okta Expression Language function for [Linked Objects](https://developer.okta.com/docs/reference/okta-expression-language/#linked-object-function) provides access to the details about a linked user.
+
+      > **Note:** The Linked Objects feature isn't available for OpenID Connect claims.
+
+      ## Example usage
+
+      Okta allows you to create up to 200 Linked Object definitions. These definitions are one-to-many, for example:
+
+      * A manager has many subordinates. Each subordinate has one manager.
+      * A sales representative has many customers. Each customer has one sales rep.
+      * A case worker has many clients. Each client has one case worker.
+
+      Most organizations have more than one manager or sales representative. You can create the Linked Object definition once, and then assign the `primary` relationship to as many users as you have people in that relationship.
+
+      You can assign the `associated` relationship for a single `primary` user to as many users as needed. The `associated` user can be related to only one `primary` per Linked Object definition. But a user can be assigned to more than one Linked Object definition.
+
+      For example, assume that you've created one Linked Object definition for manager (`primary`) and for subordinates (`associated`):
+
+      * Joe is Frank's manager.
+      * Bob is Joe's manager, but Jane's subordinate.
+      * Jane is the CEO, so she reports to herself.
+
+      Thus, you can create chains of relationships (Jane > Bob > Joe > Frank) or terminal relationships (Jane is both `primary` and `associated` user).
+
+      Then, if you create another Linked Object relationship for scrum team membership, you could assign relationships to the same four users:
+
+      * Bob is the scrum lead for the Identity Scrum team.
+      * Joe and Frank are both contributors to the team.
+
+      Bob can be the `primary` for a Manager:Subordinate, an `associated` user for that same Linked Object definition, and also the `primary` for the Scrumlead:Contributor Linked Object definition.
+
+      To represent a relationship, create a Linked Object definition that specifies a `primary` (parent) relationship and an `associated` (child) relationship, and then add a link in which the appropriate user is assigned to each side of that link type.
+
+      ## Links between User Types
+
+      If you created multiple User Types, they all share the same Linked Object definitions. For example, if you have separate User Types for employees and contractors, a link could designate an employee as the manager for a contractor, with the contractor being a subordinate of that employee.
+  - name: LogStream
+    x-displayName: Log Streaming
+    description: The Log Streaming API provides operations to manage log stream configurations for an org. You can configure up to two log stream integrations per org.
+  - name: NetworkZone
+    x-displayName: Network Zones
+    description: |-
+      The Okta Network Zones API provides operations to manage Zones in your organization. There are two usage Zone types: Policy Network Zones and Blocklist Network Zones. Policy Network Zones are used to guide policy decisions. Blocklist Network Zones are used to deny access from certain IP addresses, locations, proxy types, or Autonomous System Numbers (ASNs) before policy evaluation.
+
+      A default system Policy Network Zone is provided in your Okta org. You can use the Network Zones API to modify the default Policy Network Zone or to create a custom Policy or Blocklist Network Zone. When you create your custom Zone, you can specify if the Zone is an IP Zone or a Dynamic Zone. An IP Zone allows you to define network perimeters around a set of IPs, whereas a Dynamic Zone allows you to define network perimeters around location, IP type, and ASNs.
+  - name: OrgSetting
+    x-displayName: Org Settings
+    description: The Org Settings API provides operations to manage your org account settings such as contact information, granting Okta Support access, and more.
+  - name: Policy
+    x-displayName: Policies
+    description: |-
+      The Okta Policy API enables an Administrator to perform Policy and Policy Rule operations. The Policy framework is used by Okta to control Rules and settings that govern, among other things, user session lifetime, whether multi-factor authentication is required when logging in, what MFA factors may be employed, password complexity requirements, what types of self-service operations are permitted under various circumstances, and what identity provider to route users to.
+
+      Policy settings for a particular Policy type, such as Sign On Policy, consist of one or more Policy objects, each of which contains one or more Policy Rules. Policies and Rules contain conditions that determine whether they are applicable to a particular user at a particular time.
+  - name: PrincipalRateLimit
+    x-displayName: Principal Rate Limits
+    description: The Principal Rate Limits API provides operations to manage Principal Rate Limits for your organization.
+  - name: ProfileMapping
+    x-displayName: Profile Mappings
+    description: The Mappings API provides operations to manage the mapping of Profile properties between an Okta User and an App User using [Okta Expression Language](https://developer.okta.com/docs/reference/okta-expression-language). More information on Okta User and App User Profiles can be found in Okta's [User profiles](https://developer.okta.com/docs/concepts/user-profiles/#what-is-the-okta-universal-directory).
+  - name: PushProvider
+    x-displayName: Push Providers
+    description: The Push Providers API provides operations to manage Push Providers for your organization.
+    x-okta-lifecycle:
+      features:
+        - CUSTOM_PUSH_AUTHENTICATOR
+  - name: RateLimitSettings
+    x-displayName: Rate Limit Settings
+    description: The Rate Limit Settings APIs provide operations to manage settings and configurations surrounding rate limiting in your Okta organization.
+  - name: Realm
+    x-displayName: Realms
+    description: The realm API provides operations to manage realms
+  - name: ResourceSet
+    x-displayName: Resource Sets
+    description: The Resource Sets API provides operations to manage Resource Sets as custom collections of resources. You can use Resource Sets to assign Custom Roles to administrators who are scoped to the designated resources. See [Supported Resources](https://developer.okta.com/docs/concepts/role-assignment/#supported-resources).
+  - name: RiskEvent
+    x-displayName: Risk Events
+    description: The Risk Events API provides the ability for third-party risk providers to send risk events to Okta. See [Third-party risk provider integration](https://developer.okta.com/docs/guides/third-party-risk-integration/) for guidance on integrating third-party risk providers with Okta.
+  - name: RiskProvider
+    x-displayName: Risk Providers
+    description: The Risk Providers API provides the ability to manage the Risk Providers within Okta. See [Third-party risk provider integration](https://developer.okta.com/docs/guides/third-party-risk-integration/) for guidance on integrating third-party risk providers with Okta.
+  - name: Role
+    x-displayName: Roles
+    description: |-
+      The Roles API provides operations to manage administrative Role assignments for a User.
+
+      Role listing APIs provide a union of both standard and Custom Roles assigned to a User or Group.
+  - name: RoleAssignment
+    x-displayName: Role Assignments
+    description: These APIs allow you to assign custom roles to user and groups, as well as designate Third-Party Administrator status to a user or group.
+  - name: RoleTarget
+    x-displayName: Role Targets
+    description: |-
+      Role targets are a way of defining permissions for admin roles into a smaller subset of Groups or Apps within your org. Targets limit an admin's permissions to a targeted area of the org. You can define admin roles to target Groups, Applications, and Application Instances.
+
+      * **Group targets:** Grant an admin permission to manage only a specified Group. For example, an admin role may be assigned to manage only the IT Group.
+      * **App targets:** Grant an admin permission to manage all instances of the specified Apps. Target Apps are Okta catalog Apps. For example, you can have multiple configurations of an Okta catalog App, such as Salesforce or Facebook. When you add a Salesforce or Facebook App as a target, that grants the admin permission to manage all the instances of those Apps and create new instances of them.
+      * **App Instance targets:** Grant an admin permission to manage an instance of one App or instances of multiple Apps. App Instances are specific Apps that admins have created in their org. For example, there may be a Salesforce App configured differently for each sales region of a company. When you create an App Instance target, you can assign an admin to manage only two instances of the configured Salesforce Apps and then also to manage an instance of another configured App such as Workday.
+
+      > **Note:** Don't use these operations with a Custom Role ID. Custom Role assignments always require a target Resource Set. See [Role Assignments](https://developer.okta.com/docs/concepts/role-assignment/) for more information.
+  - name: Schema
+    x-displayName: Schemas
+    description: |-
+      The Schemas API provides operations to manage custom User profiles as well as endpoints to discover the structure of the Log Stream configuration.
+
+      Okta's [Universal Directory](https://help.okta.com/okta_help.htm?id=ext_About_Universal_Directory) allows administrators to define custom User profiles for Okta Users and Applications.
+      Okta adopts a subset of [JSON Schema Draft 4](https://tools.ietf.org/html/draft-zyp-json-schema-04) as the schema language to describe and validate extensible User profiles.
+      For Log Stream Schemas, Okta uses [JSON Schema Draft 2020-12](https://json-schema.org/specification.html).
+      [JSON Schema](http://json-schema.org/) is a lightweight declarative format for describing the structure, constraints, and validation of JSON documents.
+
+      > **Note:** Okta implements only a subset of [JSON Schema Draft 4](https://tools.ietf.org/html/draft-zyp-json-schema-04) and [JSON Schema Draft 2020-12](https://json-schema.org/specification.html). This document describes which parts apply to Okta, and any extensions Okta has made to [JSON Schema Draft 4](https://tools.ietf.org/html/draft-zyp-json-schema-04) and [JSON Schema Draft 2020-12](https://json-schema.org/specification.html).
+  - name: Session
+    x-displayName: Sessions
+    description: |-
+      Okta uses a cookie-based authentication mechanism to maintain a user's authentication Session across web requests. The Okta Sessions API provides operations to create and manage authentication Sessions for users in your Okta organization.
+
+      >**Note:** Some browsers block third-party cookies by default, which disrupts Okta functionality in certain flows. See [FAQ: How Blocked Third Party Cookies Can Potentially Impact Your Okta Environment](https://support.okta.com/help/s/article/FAQ-How-Blocking-Third-Party-Cookies-Can-Potentially-Impact-Your-Okta-Environment).
+
+      >**Note:** The Sessions API doesn't support direct authentication. Direct authentication is supported through the [Authentication API](https://developer.okta.com/docs/reference/api/authn/#authentication-operations) or through OIDC using the [Resource Owner Password flow](https://developer.okta.com/docs/guides/implement-grant-type/ropassword/main/).
+
+      ### Session cookie
+
+      Okta uses an HTTP session cookie to provide access to your Okta organization and applications across web requests for an interactive user agent such as a web browser. A session cookie has an expiration configurable by an administrator for the organization and is valid until the cookie expires or the user closes the Session (logout) or browser application.
+
+      ### Session token
+
+      A [session token](https://developer.okta.com/docs/reference/api/authn/#session-token) is a one-time bearer token that provides proof of authentication and may be redeemed for an interactive SSO session in Okta in a user agent. Session tokens can only be used **once** to establish a Session for a user and are revoked when the token expires.
+
+      Okta provides a very rich [Authentication API](https://developer.okta.com/docs/reference/api/authn/) to validate a [user's primary credentials](https://developer.okta.com/docs/reference/api/authn/#primary-authentication) and secondary [MFA factor](https://developer.okta.com/docs/reference/api/authn/#verify-factor). A session token is returned after successful authentication, which can be later exchanged for a session cookie that uses one of the following flows:
+
+      - [Retrieve a session cookie by visiting the OpenID Connect Authorization Endpoint](https://developer.okta.com/docs/guides/session-cookie/main/#retrieve-a-session-cookie-through-the-openid-connect-authorization-endpoint)
+      - [Retrieve a session cookie by visiting a session redirect link](https://developer.okta.com/docs/guides/session-cookie/main/#retrieve-a-session-cookie-by-visiting-a-session-redirect-link)
+      - [Retrieve a session cookie by visiting an application embed link](https://developer.okta.com/docs/guides/session-cookie/main/#retrieve-a-session-cookie-by-visiting-an-application-embed-link)
+
+      >**Note:** **Session tokens** are secrets and should be protected at rest and during transit. A session token for a user is equivalent to having the user's actual credentials.
+  - name: Subscription
+    x-displayName: Subscriptions
+    description: The Subscriptions API provides operations to manage email subscription settings for Okta administrator notifications.
+  - name: SystemLog
+    x-displayName: System Log
+    description: |-
+      The System Log records system events that are related to your organization in order to provide an audit trail that can be used to understand platform activity and to diagnose problems.
+
+      The System Log API provides near real-time, read-only access to your organization's system log and is the programmatic counterpart of the [System Log UI](https://help.okta.com/okta_help.htm?id=ext_Reports_SysLog).
+
+      The terms "event" and "log event" are often used interchangeably. In the context of this API, an "event" is an occurrence of interest within the system, and a "log" or "log event" is the recorded fact.
+
+      The System Log API supports these primary use cases:
+        * Event data export into a security information and event management system (SIEM)
+        * System monitoring
+        * Development debugging
+        * Event introspection and audit
+
+      The System Log API isn't intended for use as a Database as a Service (DBaaS) or to serve data directly to downstream consumers without an intermediate data store.
+
+      See [Events API Migration](https://developer.okta.com/docs/concepts/events-api-migration/) for information on migrating from the Events API to the System Log API.
+  - name: Template
+    x-displayName: SMS Templates
+    description: |-
+      The SMS Templates API provides operations to manage custom SMS templates for verification.
+
+      > **Note:** Only SMS custom Templates are available through the API.
+
+      SMS Templates customize the SMS message that is sent to users. One default SMS Template is provided. All custom Templates must have the variable `${code}` as part of the text. The `${code}` variable is replaced with the actual SMS code when the message is sent. Optionally, you can also use the variable `${org.name}`. If a Template contains `${org.name}`, it is replaced with the organization name before the SMS message is sent.
+  - name: ThreatInsight
+    x-displayName: ThreatInsight
+    description: |-
+      [Okta ThreatInsight](https://help.okta.com/okta_help.htm?id=ext_threatinsight) maintains a
+      constantly evolving list of IP addresses that consistently exhibit malicious activity.
+      Authentication requests that are associated with an IP in this list can be logged to the
+      [System Log](https://help.okta.com/okta_help.htm?id=ext_Reports_SysLog) and blocked.
+      ThreatInsight also covers non-authentication requests in limited capacity depending on the attack patterns of these malicious IPs.
+
+      The ThreatInsight API provides operations to manage your org ThreatInsight configuration.
+
+      > **Note:** To prevent abuse, Okta ThreatInsight works in a limited capacity for free trial edition orgs. Please contact Okta support if fully functional Okta ThreatInsight is required.
+  - name: TrustedOrigin
+    x-displayName: Trusted Origins
+    description: |-
+      The Trusted Origins API provides operations to manage Trusted Origins and sources.
+
+      When external URLs are requested during sign-in, sign-out, or recovery operations, Okta checks those URLs against the allowed list of Trusted Origins. Trusted Origins also enable browser-based applications to access Okta APIs from JavaScript (CORS). If the origins aren't specified, the related operation (redirect or Okta API access) isn't permitted.
+
+      You can also configure Trusted Origins to allow iFrame embedding of Okta resources, such as Okta sign-in pages and the Okta End-User Dashboard, within that origin. This is an Early Access feature. To enable it, contact [Okta Support](https://support.okta.com/help/s/).
+
+      > **Note:** This Early Access feature is supported for Okta domains only. It isn't currently supported for custom domains.
+  - name: UISchema
+    x-displayName: UI Schema
+    description: |-
+      The Okta UI Schema API allows you to control how inputs appear on an enrollment form. The UI Schema API is only available as a part of Okta Identity Engine.
+
+      If you’re not sure which solution you’re using, check the footer on any page of the Admin Console. The version number is appended with E for Identity Engine orgs and C for Classic Engine orgs.
+  - name: User
+    x-displayName: Users
+    description: The User API provides operations to manage users in your organization.
+  - name: UserFactor
+    x-displayName: User Factors
+    description: The Factors API provides operations to enroll, manage, and verify factors for multifactor authentication (MFA). Manage both administration and end-user accounts, or verify an individual factor at any time.
+  - name: UserType
+    x-displayName: User Types
+    description: The User Types API provides operations to manage User Types.
+paths:
+  /.well-known/app-authenticator-configuration:
+    get:
+      x-okta-lifecycle:
+        features:
+          - CUSTOM_PUSH_AUTHENTICATOR
+      summary: Retrieve the Well-Known App Authenticator Configuration
+      description: Retrieves the well-known app authenticator configuration, which includes an app authenticator's settings, supported methods and various other configuration details
+      operationId: getWellKnownAppAuthenticatorConfiguration
+      parameters:
+        - name: oauthClientId
+          in: query
+          description: Filters app authenticator configurations by `oauthClientId`
+          required: true
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/WellKnownAppAuthenticatorConfiguration'
+        '400':
+          $ref: '#/components/responses/ErrorMissingRequiredParameter400'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security: []
+      tags:
+        - Authenticator
+  /.well-known/okta-organization:
+    get:
+      summary: Retrieve the Well-Known Org Metadata
+      description: Retrieves the well-known org metadata, which includes the id, configured custom domains, authentication pipeline, and various other org settings
+      operationId: getWellknownOrgMetadata
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/WellKnownOrgMetadata'
+              examples:
+                Identity Engine Org with Custom Domain:
+                  $ref: '#/components/examples/WellKnownOrgMetadataResponseCustomUrlOie'
+                Classic Org:
+                  $ref: '#/components/examples/WellKnownOrgMetadataResponseClassic'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security: []
+      tags:
+        - OrgSetting
+  /api/v1/agentPools:
+    get:
+      summary: List all Agent Pools
+      description: Lists all agent pools with pagination support
+      operationId: listAgentPools
+      parameters:
+        - $ref: '#/components/parameters/queryLimitPerPoolType'
+        - $ref: '#/components/parameters/queryPoolType'
+        - $ref: '#/components/parameters/queryAfter'
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/AgentPool'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.agentPools.read
+      tags:
+        - AgentPools
+  /api/v1/agentPools/{poolId}/updates:
+    parameters:
+      - $ref: '#/components/parameters/pathPoolId'
+    get:
+      summary: List all Agent Pool updates
+      description: Lists all agent pool updates
+      operationId: listAgentPoolsUpdates
+      parameters:
+        - $ref: '#/components/parameters/queryScheduled'
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/AgentPoolUpdate'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.agentPools.read
+      tags:
+        - AgentPools
+    post:
+      summary: Create an Agent Pool update
+      description: Creates an Agent pool update \n For user flow 2 manual update, starts the update immediately. \n For user flow 3, schedules the update based on the configured update window and delay.
+      operationId: createAgentPoolsUpdate
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AgentPoolUpdate'
+        required: true
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AgentPoolUpdate'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.agentPools.manage
+      tags:
+        - AgentPools
+  /api/v1/agentPools/{poolId}/updates/settings:
+    parameters:
+      - $ref: '#/components/parameters/pathPoolId'
+    get:
+      summary: Retrieve an Agent Pool update's settings
+      description: Retrieves the current state of the agent pool update instance settings
+      operationId: getAgentPoolsUpdateSettings
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AgentPoolUpdateSetting'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.agentPools.read
+      tags:
+        - AgentPools
+    post:
+      summary: Update an Agent Pool update settings
+      description: Updates an agent pool update settings
+      operationId: updateAgentPoolsUpdateSettings
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AgentPoolUpdateSetting'
+        required: true
+      responses:
+        '201':
+          description: Updated
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AgentPoolUpdateSetting'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.agentPools.manage
+      tags:
+        - AgentPools
+  /api/v1/agentPools/{poolId}/updates/{updateId}:
+    parameters:
+      - $ref: '#/components/parameters/pathPoolId'
+      - $ref: '#/components/parameters/pathUpdateId'
+    get:
+      summary: Retrieve an Agent Pool update by id
+      description: Retrieves Agent pool update from updateId
+      operationId: getAgentPoolsUpdateInstance
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AgentPoolUpdate'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.agentPools.read
+      tags:
+        - AgentPools
+    post:
+      summary: Update an Agent Pool update by id
+      description: Updates Agent pool update and return latest agent pool update
+      operationId: updateAgentPoolsUpdate
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AgentPoolUpdate'
+        required: true
+      responses:
+        '201':
+          description: Updated
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AgentPoolUpdate'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.agentPools.manage
+      tags:
+        - AgentPools
+    delete:
+      summary: Delete an Agent Pool update
+      description: Deletes Agent pool update
+      operationId: deleteAgentPoolsUpdate
+      responses:
+        '204':
+          description: Deleted
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.agentPools.manage
+      tags:
+        - AgentPools
+  /api/v1/agentPools/{poolId}/updates/{updateId}/activate:
+    parameters:
+      - $ref: '#/components/parameters/pathPoolId'
+      - $ref: '#/components/parameters/pathUpdateId'
+    post:
+      summary: Activate an Agent Pool update
+      description: Activates scheduled Agent pool update
+      operationId: activateAgentPoolsUpdate
+      responses:
+        '201':
+          description: Activated
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AgentPoolUpdate'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.agentPools.manage
+      tags:
+        - AgentPools
+  /api/v1/agentPools/{poolId}/updates/{updateId}/deactivate:
+    parameters:
+      - $ref: '#/components/parameters/pathPoolId'
+      - $ref: '#/components/parameters/pathUpdateId'
+    post:
+      summary: Deactivate an Agent Pool update
+      description: Deactivates scheduled Agent pool update
+      operationId: deactivateAgentPoolsUpdate
+      responses:
+        '201':
+          description: Deactivated
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AgentPoolUpdate'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.agentPools.manage
+      tags:
+        - AgentPools
+  /api/v1/agentPools/{poolId}/updates/{updateId}/pause:
+    parameters:
+      - $ref: '#/components/parameters/pathPoolId'
+      - $ref: '#/components/parameters/pathUpdateId'
+    post:
+      summary: Pause an Agent Pool update
+      description: Pauses running or queued Agent pool update
+      operationId: pauseAgentPoolsUpdate
+      responses:
+        '201':
+          description: Paused
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AgentPoolUpdate'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.agentPools.manage
+      tags:
+        - AgentPools
+  /api/v1/agentPools/{poolId}/updates/{updateId}/resume:
+    parameters:
+      - $ref: '#/components/parameters/pathPoolId'
+      - $ref: '#/components/parameters/pathUpdateId'
+    post:
+      summary: Resume an Agent Pool update
+      description: Resumes running or queued Agent pool update
+      operationId: resumeAgentPoolsUpdate
+      responses:
+        '201':
+          description: Resumed
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AgentPoolUpdate'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.agentPools.manage
+      tags:
+        - AgentPools
+  /api/v1/agentPools/{poolId}/updates/{updateId}/retry:
+    parameters:
+      - $ref: '#/components/parameters/pathPoolId'
+      - $ref: '#/components/parameters/pathUpdateId'
+    post:
+      summary: Retry an Agent Pool update
+      description: Retries Agent pool update
+      operationId: retryAgentPoolsUpdate
+      responses:
+        '201':
+          description: Retried
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AgentPoolUpdate'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.agentPools.manage
+      tags:
+        - AgentPools
+  /api/v1/agentPools/{poolId}/updates/{updateId}/stop:
+    parameters:
+      - $ref: '#/components/parameters/pathPoolId'
+      - $ref: '#/components/parameters/pathUpdateId'
+    post:
+      summary: Stop an Agent Pool update
+      description: Stops Agent pool update
+      operationId: stopAgentPoolsUpdate
+      responses:
+        '201':
+          description: Stopped
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AgentPoolUpdate'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.agentPools.manage
+      tags:
+        - AgentPools
+  /api/v1/api-tokens:
+    get:
+      summary: List all API Token Metadata
+      description: Lists all the metadata of the active API tokens
+      operationId: listApiTokens
+      parameters:
+        - $ref: '#/components/parameters/queryAfter'
+        - $ref: '#/components/parameters/queryLimit'
+        - name: q
+          in: query
+          description: Finds a token that matches the name or clientName.
+          schema:
+            type: string
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/ApiToken'
+              examples:
+                List Tokens:
+                  $ref: '#/components/examples/ApiTokenListMetadataResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apiTokens.read
+      tags:
+        - ApiToken
+  /api/v1/api-tokens/current:
+    delete:
+      summary: Revoke the Current API Token
+      description: Revokes the API token provided in the Authorization header
+      operationId: revokeCurrentApiToken
+      responses:
+        '204':
+          description: No Content
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+      tags:
+        - ApiToken
+  /api/v1/api-tokens/{apiTokenId}:
+    parameters:
+      - $ref: '#/components/parameters/pathApiTokenId'
+    get:
+      summary: Retrieve an API Token's Metadata
+      description: Retrieves the metadata for an active API token by id
+      operationId: getApiToken
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApiToken'
+              examples:
+                HCaptcha:
+                  $ref: '#/components/examples/ApiTokenMetadataResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apiTokens.read
+      tags:
+        - ApiToken
+    delete:
+      summary: Revoke an API Token
+      description: Revokes an API token by `apiTokenId`
+      operationId: revokeApiToken
+      responses:
+        '204':
+          description: No Content
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apiTokens.manage
+      tags:
+        - ApiToken
+  /api/v1/apps:
+    get:
+      summary: List all Applications
+      description: Lists all applications with pagination. A subset of apps can be returned that match a supported filter expression or query.
+      operationId: listApplications
+      parameters:
+        - name: q
+          in: query
+          schema:
+            type: string
+        - name: after
+          in: query
+          description: Specifies the pagination cursor for the next page of apps
+          schema:
+            type: string
+        - name: limit
+          in: query
+          description: Specifies the number of results for a page
+          schema:
+            type: integer
+            format: int32
+            default: -1
+        - name: filter
+          in: query
+          description: Filters apps by status, user.id, group.id or credentials.signing.kid expression
+          schema:
+            type: string
+        - name: expand
+          in: query
+          description: Traverses users link relationship and optionally embeds Application User resource
+          schema:
+            type: string
+        - name: includeNonDeleted
+          in: query
+          schema:
+            type: boolean
+            default: false
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Application'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.read
+      tags:
+        - Application
+    post:
+      summary: Create an Application
+      description: Creates a new application to your Okta organization
+      operationId: createApplication
+      parameters:
+        - name: activate
+          in: query
+          description: Executes activation lifecycle operation when creating the app
+          schema:
+            type: boolean
+            default: true
+        - name: OktaAccessGateway-Agent
+          in: header
+          schema:
+            type: string
+      x-codegen-request-body-name: application
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/Application'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Application'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - Application
+  /api/v1/apps/${appId}/sso/saml/metadata:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+    get:
+      summary: Preview the application SAML metadata
+      description: Previews the SSO SAML metadata for an application
+      operationId: previewSAMLmetadataForApplication
+      responses:
+        '200':
+          description: OK
+          content:
+            text/xml:
+              schema:
+                type: string
+                description: SAML metadata in XML
+                format: xml
+              examples:
+                previewSAML:
+                  summary: SAML metadata example
+                  value: |
+                    <?xml version="1.0" encoding="UTF-8"?>
+                      <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="exk39sivhuytV2D8H0h7">
+                        <md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+                            <md:KeyDescriptor use="signing">
+                                <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                                    <ds:X509Data>
+                                        <ds:X509Certificate>MIIDqDCCApCgAwIBAgIGAVGNO4qeMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYDVQQGEwJVUzETMBEG
+                    A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
+                    MBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGJhbGFjb21wdGVzdDEcMBoGCSqGSIb3DQEJ
+                    ARYNaW5mb0Bva3RhLmNvbTAeFw0xNTEyMTAxODUwMDhaFw0xNzEyMTAxODUxMDdaMIGUMQswCQYD
+                    VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsG
+                    A1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGJhbGFjb21wdGVzdDEc
+                    MBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+                    ggEBALAakG48bgcTWHdwmVLHig0mkiRejxIVm3wbzrNSJcBruTq2zCYZ1rGfVxTYON8kJqvkXPmv
+                    kzWKhpEkvhubL+mx29XpXY0AsNIfgcm5xIV56yhXSvlMdqzGo3ciRwoACaF+ClNLxmXK9UTZD89B
+                    bVVGCG5AEvja0eCQ0GYsO5i9aSI5aTroab8Aew31PuWl/RGQWmjVy8+7P4wwkKKJNKCpxMYDlhfa
+                    WRp0zwUSbUCO0qEyeAYdZx6CLES4FGrDi/7D6G+ewWC+kbz1tL1XpF2Dcg3+IOlHrV6VWzz3rG39
+                    v9zFIncjvoQJFDGWhpqGqcmXvgH0Ze3SVcVF01T+bK0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
+                    AHmnSZ4imjNrIf9wxfQIcqHXEBoJ+oJtd59cw1Ur/YQY9pKXxoglqCQ54ZmlIf4GghlcZhslLO+m
+                    NdkQVwSmWMh6KLxVM18/xAkq8zyKbMbvQnTjFB7x45bgokwbjhivWqrB5LYHHCVN7k/8mKlS4eCK
+                    Ci6RGEmErjojr4QN2xV0qAqP6CcGANgpepsQJCzlWucMFKAh0x9Kl8fmiQodfyLXyrebYsVnLrMf
+                    jxE1b6dg4jKvv975tf5wreQSYZ7m//g3/+NnuDKkN/03HqhV7hTNi1fyctXk8I5Nwgyr+pT5LT2k
+                    YoEdncuy+GQGzE9yLOhC4HNfHQXpqp2tMPdRlw==</ds:X509Certificate>
+                                    </ds:X509Data>
+                                </ds:KeyInfo>
+                            </md:KeyDescriptor>
+                            <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
+                            <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+                            <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://{yourOktaDomain}/app/sample-app/exk39sivhuytV2D8H0h7/sso/saml"/>
+                            <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://{yourOktaDomain}/app/sample-app/exk39sivhuytV2D8H0h7/sso/saml"/>
+                        </md:IDPSSODescriptor>
+                    </md:EntityDescriptor>
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.read
+      tags:
+        - ApplicationSSO
+  /api/v1/apps/{appId}:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+    get:
+      summary: Retrieve an Application
+      description: Retrieves an application from your Okta organization by `id`
+      operationId: getApplication
+      parameters:
+        - name: expand
+          in: query
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Application'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.read
+      tags:
+        - Application
+    put:
+      summary: Replace an Application
+      description: Replaces an application
+      operationId: replaceApplication
+      x-codegen-request-body-name: application
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/Application'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Application'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - Application
+    delete:
+      summary: Delete an Application
+      description: Deletes an inactive application
+      operationId: deleteApplication
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - Application
+  /api/v1/apps/{appId}/connections/default:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+    get:
+      summary: Retrieve the default Provisioning Connection
+      description: Retrieves the default Provisioning Connection for an app
+      operationId: getDefaultProvisioningConnectionForApplication
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ProvisioningConnection'
+              examples:
+                ProvisioningConnectionResponseExample:
+                  $ref: '#/components/examples/ProvisioningConnectionTokenResponseEx'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.read
+      tags:
+        - ApplicationConnections
+    post:
+      summary: Update the default Provisioning Connection
+      description: Updates the default Provisioning Connection for an app
+      operationId: updateDefaultProvisioningConnectionForApplication
+      parameters:
+        - in: query
+          name: activate
+          schema:
+            type: boolean
+          description: Activates the Provisioning Connection
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ProvisioningConnectionRequest'
+            examples:
+              ProvisioningConnectionTokenExample:
+                $ref: '#/components/examples/ProvisioningConnectionTokenRequestEx'
+              ProvisioningConnectionOauthExample:
+                $ref: '#/components/examples/ProvisioningConnectionOauthRequestEx'
+        required: true
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ProvisioningConnection'
+              examples:
+                ProvisioningConnectionTokenExample:
+                  $ref: '#/components/examples/ProvisioningConnectionTokenResponseEx'
+                ProvisioningConnectionOauthExample:
+                  $ref: '#/components/examples/ProvisioningConnectionOauthResponseEx'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - ApplicationConnections
+  /api/v1/apps/{appId}/connections/default/lifecycle/activate:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+    post:
+      summary: Activate the default Provisioning Connection
+      description: Activates the default Provisioning Connection for an app
+      operationId: activateDefaultProvisioningConnectionForApplication
+      responses:
+        '204':
+          description: No Content
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - ApplicationConnections
+  /api/v1/apps/{appId}/connections/default/lifecycle/deactivate:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+    post:
+      summary: Deactivate the default Provisioning Connection
+      description: Deactivates the default Provisioning Connection for an app
+      operationId: deactivateDefaultProvisioningConnectionForApplication
+      responses:
+        '204':
+          description: No Content
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - ApplicationConnections
+  /api/v1/apps/{appId}/credentials/csrs:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+    get:
+      summary: List all Certificate Signing Requests
+      description: Lists all Certificate Signing Requests for an application
+      operationId: listCsrsForApplication
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Csr'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.read
+      tags:
+        - ApplicationCredentials
+    post:
+      summary: Generate a Certificate Signing Request
+      description: Generates a new key pair and returns the Certificate Signing Request for it
+      operationId: generateCsrForApplication
+      x-codegen-request-body-name: metadata
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CsrMetadata'
+        required: true
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Csr'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - ApplicationCredentials
+  /api/v1/apps/{appId}/credentials/csrs/{csrId}:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+      - $ref: '#/components/parameters/pathCsrId'
+    get:
+      summary: Retrieve a Certificate Signing Request
+      description: Retrieves a certificate signing request for the app by `id`
+      operationId: getCsrForApplication
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Csr'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.read
+      tags:
+        - ApplicationCredentials
+    delete:
+      summary: Revoke a Certificate Signing Request
+      description: Revokes a certificate signing request and deletes the key pair from the application
+      operationId: revokeCsrFromApplication
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - ApplicationCredentials
+  /api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+      - $ref: '#/components/parameters/pathCsrId'
+    post:
+      summary: Publish a Certificate Signing Request
+      description: Publishes a certificate signing request for the app with a signed X.509 certificate and adds it into the application key credentials
+      operationId: publishCsrFromApplication
+      requestBody:
+        required: true
+        content:
+          application/x-x509-ca-cert:
+            schema:
+              type: string
+              format: binary
+              x-okta-operationId: publishBinaryCerCert
+          application/pkix-cert:
+            schema:
+              type: string
+              format: binary
+              x-okta-operationId: publishBinaryDerCert
+          application/x-pem-file:
+            schema:
+              type: string
+              format: binary
+              x-okta-operationId: publishBinaryPemCert
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JsonWebKey'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - ApplicationCredentials
+  /api/v1/apps/{appId}/credentials/keys:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+    get:
+      summary: List all Key Credentials
+      description: Lists all key credentials for an application
+      operationId: listApplicationKeys
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/JsonWebKey'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.read
+      tags:
+        - ApplicationCredentials
+  /api/v1/apps/{appId}/credentials/keys/generate:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+    post:
+      summary: Generate a Key Credential
+      description: Generates a new X.509 certificate for an application key credential
+      operationId: generateApplicationKey
+      parameters:
+        - name: validityYears
+          in: query
+          schema:
+            type: integer
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JsonWebKey'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - ApplicationCredentials
+  /api/v1/apps/{appId}/credentials/keys/{keyId}:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+      - $ref: '#/components/parameters/pathKeyId'
+    get:
+      summary: Retrieve a Key Credential
+      description: Retrieves a specific application key credential by kid
+      operationId: getApplicationKey
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JsonWebKey'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.read
+      tags:
+        - ApplicationCredentials
+  /api/v1/apps/{appId}/credentials/keys/{keyId}/clone:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+      - $ref: '#/components/parameters/pathKeyId'
+    post:
+      summary: Clone a Key Credential
+      description: Clones a X.509 certificate for an application key credential from a source application to target application.
+      operationId: cloneApplicationKey
+      parameters:
+        - name: targetAid
+          in: query
+          description: Unique key of the target Application
+          required: true
+          schema:
+            type: string
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JsonWebKey'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - ApplicationCredentials
+  /api/v1/apps/{appId}/features:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+    get:
+      summary: List all Features
+      description: |
+        Lists all features for an application
+        > **Note:** The only application feature currently supported is `USER_PROVISIONING`.
+        > This request returns an error if provisioning isn't enabled for the application.
+        > To set up provisioning, see [Update the default Provisioning Connection](/openapi/okta-management/management/tag/ApplicationConnections/#tag/ApplicationConnections/operation/updateDefaultProvisioningConnectionForApplication).
+      operationId: listFeaturesForApplication
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/ApplicationFeature'
+                type: array
+              examples:
+                ListAppFeatureResponse:
+                  $ref: '#/components/examples/AppFeatureListResponseEx'
+        '400':
+          description: Bad Request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                ListAppFeatureAPIValidationFailed:
+                  $ref: '#/components/examples/ErrorAppFeatureAPIValidationFailed'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.read
+      tags:
+        - ApplicationFeatures
+  /api/v1/apps/{appId}/features/{featureName}:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+      - $ref: '#/components/parameters/pathFeatureName'
+    get:
+      summary: Retrieve a Feature
+      description: Retrieves a Feature object for an application
+      operationId: getFeatureForApplication
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApplicationFeature'
+              examples:
+                AppFeatureResponse:
+                  $ref: '#/components/examples/AppFeatureResponseEx'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.read
+      tags:
+        - ApplicationFeatures
+    put:
+      summary: Update a Feature
+      description: |
+        Updates a Feature object for an application
+        > **Note:** This endpoint supports partial updates.
+      operationId: updateFeatureForApplication
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CapabilitiesObject'
+            examples:
+              UpdateAppFeatureEx:
+                $ref: '#/components/examples/UpdateAppFeatureRequestEx'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApplicationFeature'
+              examples:
+                UpdateAppFeatureEx:
+                  $ref: '#/components/examples/UpdateAppFeatureResponseEx'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - ApplicationFeatures
+  /api/v1/apps/{appId}/grants:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+    get:
+      summary: List all app Grants
+      description: Lists all scope consent Grants for the app
+      operationId: listScopeConsentGrants
+      parameters:
+        - $ref: '#/components/parameters/queryExpand'
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.appGrants.read
+      tags:
+        - ApplicationGrants
+    post:
+      summary: Grant consent to scope
+      description: Grants consent for the app to request an OAuth 2.0 Okta scope
+      operationId: grantConsentToScope
+      x-codegen-request-body-name: oAuth2ScopeConsentGrant
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+        required: true
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.appGrants.manage
+      tags:
+        - ApplicationGrants
+  /api/v1/apps/{appId}/grants/{grantId}:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+      - $ref: '#/components/parameters/pathGrantId'
+    get:
+      summary: Retrieve an app Grant
+      description: Retrieves a single scope consent Grant object for the app
+      operationId: getScopeConsentGrant
+      parameters:
+        - $ref: '#/components/parameters/queryExpand'
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.appGrants.read
+      tags:
+        - ApplicationGrants
+    delete:
+      summary: Revoke an app Grant
+      description: Revokes permission for the app to grant the given scope
+      operationId: revokeScopeConsentGrant
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.appGrants.manage
+      tags:
+        - ApplicationGrants
+  /api/v1/apps/{appId}/groups:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+    get:
+      summary: List all Assigned Groups
+      description: Lists all group assignments for an application
+      operationId: listApplicationGroupAssignments
+      parameters:
+        - name: q
+          in: query
+          schema:
+            type: string
+        - name: after
+          in: query
+          description: Specifies the pagination cursor for the next page of assignments
+          schema:
+            type: string
+        - name: limit
+          in: query
+          description: Specifies the number of results for a page
+          schema:
+            type: integer
+            format: int32
+            default: -1
+        - name: expand
+          in: query
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/ApplicationGroupAssignment'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.read
+      tags:
+        - ApplicationGroups
+  /api/v1/apps/{appId}/groups/{groupId}:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+      - $ref: '#/components/parameters/pathGroupId'
+    get:
+      summary: Retrieve an Assigned Group
+      description: Retrieves an application group assignment
+      operationId: getApplicationGroupAssignment
+      parameters:
+        - name: appId
+          in: path
+          required: true
+          schema:
+            type: string
+        - name: groupId
+          in: path
+          required: true
+          schema:
+            type: string
+        - name: expand
+          in: query
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApplicationGroupAssignment'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.read
+      tags:
+        - ApplicationGroups
+    put:
+      summary: Assign a Group
+      description: Assigns a group to an application
+      operationId: assignGroupToApplication
+      parameters:
+        - name: appId
+          in: path
+          required: true
+          schema:
+            type: string
+        - name: groupId
+          in: path
+          required: true
+          schema:
+            type: string
+      x-codegen-request-body-name: applicationGroupAssignment
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ApplicationGroupAssignment'
+        required: false
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApplicationGroupAssignment'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - ApplicationGroups
+    delete:
+      summary: Unassign a Group
+      description: Unassigns a group from an application
+      operationId: unassignApplicationFromGroup
+      parameters:
+        - name: appId
+          in: path
+          required: true
+          schema:
+            type: string
+        - name: groupId
+          in: path
+          required: true
+          schema:
+            type: string
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - ApplicationGroups
+  /api/v1/apps/{appId}/lifecycle/activate:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+    post:
+      summary: Activate an Application
+      description: Activates an inactive application
+      operationId: activateApplication
+      responses:
+        '200':
+          description: Success
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - Application
+  /api/v1/apps/{appId}/lifecycle/deactivate:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+    post:
+      summary: Deactivate an Application
+      description: Deactivates an active application
+      operationId: deactivateApplication
+      responses:
+        '200':
+          description: Success
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - Application
+  /api/v1/apps/{appId}/logo:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+    post:
+      summary: Upload an application Logo
+      description: |
+        Uploads a logo for the app instance.
+        If the app already has a logo, this operation replaces the previous logo.
+
+        The logo is visible in the Admin Console as an icon for your app instance.
+        If you have one `appLink` object configured, this logo also appears in the End-User Dashboard as an icon for your app.
+        > **Note:** If you have multiple `appLink` objects, use the Admin Console to add logos for each app link.
+        > You can't use the API to add logos for multiple app links.
+      operationId: uploadApplicationLogo
+      requestBody:
+        content:
+          multipart/form-data:
+            schema:
+              type: object
+              properties:
+                file:
+                  type: string
+                  format: binary
+                  description: |
+                    The image file containing the logo.
+
+                    The file must be in PNG, JPG, SVG, or GIF format, and less than one MB in size.
+                    For best results, use an image with a transparent background and a square dimension of 200 x 200 pixels to prevent upscaling.
+              required:
+                - file
+      responses:
+        '201':
+          description: Content Created
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - ApplicationLogos
+  /api/v1/apps/{appId}/policies/{policyId}:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+      - $ref: '#/components/parameters/pathPolicyId'
+    put:
+      summary: Assign an application to a Policy
+      description: |-
+        Assigns an application to an [authentication policy](/openapi/okta-management/management/tag/Policy/), identified by `policyId`.
+        If the application was previously assigned to another policy, this operation replaces that assignment with the updated policy identified by `policyId`.
+
+        > **Note:** When you [merge duplicate authentication policies](https://help.okta.com/okta_help.htm?type=oie&id=ext-merge-auth-policies),
+        the policy and mapping CRUD operations may be unavailable during the consolidation. When the consolidation is complete, you receive an email.
+      operationId: assignApplicationPolicy
+      responses:
+        '204':
+          description: No Content
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - ApplicationPolicies
+  /api/v1/apps/{appId}/tokens:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+    get:
+      summary: List all OAuth 2.0 Tokens
+      description: Lists all tokens for the application
+      operationId: listOAuth2TokensForApplication
+      parameters:
+        - name: expand
+          in: query
+          schema:
+            type: string
+        - name: after
+          in: query
+          schema:
+            type: string
+        - name: limit
+          in: query
+          schema:
+            type: integer
+            format: int32
+            default: 20
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/OAuth2Token'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.read
+      tags:
+        - ApplicationTokens
+    delete:
+      summary: Revoke all OAuth 2.0 Tokens
+      description: Revokes all tokens for the specified application
+      operationId: revokeOAuth2TokensForApplication
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - ApplicationTokens
+  /api/v1/apps/{appId}/tokens/{tokenId}:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+      - $ref: '#/components/parameters/pathTokenId'
+    get:
+      summary: Retrieve an OAuth 2.0 Token
+      description: Retrieves a token for the specified application
+      operationId: getOAuth2TokenForApplication
+      parameters:
+        - name: expand
+          in: query
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OAuth2Token'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.read
+      tags:
+        - ApplicationTokens
+    delete:
+      summary: Revoke an OAuth 2.0 Token
+      description: Revokes the specified token for the specified application
+      operationId: revokeOAuth2TokenForApplication
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - ApplicationTokens
+  /api/v1/apps/{appId}/users:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+    get:
+      summary: List all assigned Users
+      description: Lists all assigned users for an app
+      operationId: listApplicationUsers
+      parameters:
+        - name: q
+          in: query
+          schema:
+            type: string
+        - name: query_scope
+          in: query
+          schema:
+            type: string
+        - name: after
+          in: query
+          description: specifies the pagination cursor for the next page of assignments
+          schema:
+            type: string
+        - name: limit
+          in: query
+          description: specifies the number of results for a page
+          schema:
+            type: integer
+            format: int32
+            default: -1
+        - name: filter
+          in: query
+          schema:
+            type: string
+        - name: expand
+          in: query
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/AppUser'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.read
+      tags:
+        - ApplicationUsers
+    post:
+      summary: Assign a User
+      description: |-
+        Assigns a user to an app with credentials and an app-specific [profile](/openapi/okta-management/management/tag/Application/#tag/Application/operation/assignUserToApplication!c=200&path=profile&t=response).
+        Profile mappings defined for the app are applied first before applying any profile properties that are specified in the request.
+
+        > **Notes:**
+        > * You need to specify the `id` and omit the `credentials` parameter in the request body only for
+        `signOnMode` or authentication schemes (`credentials.scheme`) that don't require credentials.
+        > * You can only specify profile properties that aren't defined by profile mappings when Universal Directory is enabled.
+        > * If your SSO app requires a profile but doesn't have provisioning enabled, you need to add a profile to the request body.
+      operationId: assignUserToApplication
+      x-codegen-request-body-name: appUser
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AppUser'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AppUser'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - ApplicationUsers
+  /api/v1/apps/{appId}/users/{userId}:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+      - $ref: '#/components/parameters/pathUserId'
+    get:
+      summary: Retrieve an assigned User
+      description: Retrieves a specific user assignment for app by `id`
+      operationId: getApplicationUser
+      parameters:
+        - name: expand
+          in: query
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AppUser'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.read
+      tags:
+        - ApplicationUsers
+    post:
+      summary: Update an App Profile for an assigned User
+      description: Updates a user's profile for an application
+      operationId: updateApplicationUser
+      x-codegen-request-body-name: appUser
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AppUser'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AppUser'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - ApplicationUsers
+    delete:
+      summary: Unassign an App User
+      description: Unassigns a user from an application
+      operationId: unassignUserFromApplication
+      parameters:
+        - name: sendEmail
+          in: query
+          schema:
+            type: boolean
+            default: false
+          x-okta-added-version: 1.5.0
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - ApplicationUsers
+  /api/v1/authenticators:
+    get:
+      summary: List all Authenticators
+      description: Lists all authenticators
+      operationId: listAuthenticators
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/Authenticator'
+                type: array
+              examples:
+                OrgAuthenticatorsEx:
+                  $ref: '#/components/examples/AuthenticatorsResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authenticators.read
+      tags:
+        - Authenticator
+    post:
+      summary: Create an Authenticator
+      description: Creates an authenticator
+      operationId: createAuthenticator
+      parameters:
+        - in: query
+          name: activate
+          description: Whether to execute the activation lifecycle operation when Okta creates the authenticator
+          schema:
+            type: boolean
+            default: false
+      x-codegen-request-body-name: authenticator
+      requestBody:
+        $ref: '#/components/requestBodies/AuthenticatorRequestBody'
+      responses:
+        '200':
+          $ref: '#/components/responses/AuthenticatorResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authenticators.manage
+      tags:
+        - Authenticator
+  /api/v1/authenticators/{authenticatorId}:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthenticatorId'
+    get:
+      summary: Retrieve an Authenticator
+      description: Retrieves an authenticator from your Okta organization by `authenticatorId`
+      operationId: getAuthenticator
+      responses:
+        '200':
+          $ref: '#/components/responses/AuthenticatorResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authenticators.read
+      tags:
+        - Authenticator
+    put:
+      summary: Replace an Authenticator
+      description: Replaces the properties for an Authenticator identified by `authenticatorId`
+      operationId: replaceAuthenticator
+      x-codegen-request-body-name: authenticator
+      requestBody:
+        $ref: '#/components/requestBodies/AuthenticatorRequestBody'
+      responses:
+        '200':
+          $ref: '#/components/responses/AuthenticatorResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authenticators.manage
+      tags:
+        - Authenticator
+  /api/v1/authenticators/{authenticatorId}/lifecycle/activate:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthenticatorId'
+    post:
+      summary: Activate an Authenticator
+      description: Activates an authenticator by `authenticatorId`
+      operationId: activateAuthenticator
+      responses:
+        '200':
+          $ref: '#/components/responses/AuthenticatorResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authenticators.manage
+      tags:
+        - Authenticator
+  /api/v1/authenticators/{authenticatorId}/lifecycle/deactivate:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthenticatorId'
+    post:
+      summary: Deactivate an Authenticator
+      description: Deactivates an authenticator by `authenticatorId`
+      operationId: deactivateAuthenticator
+      responses:
+        '200':
+          $ref: '#/components/responses/AuthenticatorResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authenticators.manage
+      tags:
+        - Authenticator
+  /api/v1/authenticators/{authenticatorId}/methods:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthenticatorId'
+    get:
+      summary: List all Methods of an Authenticator
+      description: Lists all Methods of an Authenticator identified by `authenticatorId`
+      operationId: listAuthenticatorMethods
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/AuthenticatorMethodBase'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authenticators.read
+      tags:
+        - Authenticator
+  /api/v1/authenticators/{authenticatorId}/methods/{methodType}:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthenticatorId'
+      - $ref: '#/components/parameters/pathMethodType'
+    get:
+      summary: Retrieve a Method
+      description: Retrieves a Method identified by `methodType` of an Authenticator identified by `authenticatorId`
+      operationId: getAuthenticatorMethod
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AuthenticatorMethodBase'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authenticators.read
+      tags:
+        - Authenticator
+    put:
+      summary: Replace a Method
+      description: Replaces a Method of `methodType` for an Authenticator identified by `authenticatorId`
+      operationId: replaceAuthenticatorMethod
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AuthenticatorMethodBase'
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AuthenticatorMethodBase'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authenticators.manage
+      tags:
+        - Authenticator
+  /api/v1/authenticators/{authenticatorId}/methods/{methodType}/lifecycle/activate:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthenticatorId'
+      - $ref: '#/components/parameters/pathMethodType'
+    post:
+      summary: Activate an Authenticator Method
+      description: Activates a Method for an Authenticator identified by `authenticatorId` and `methodType`
+      operationId: activateAuthenticatorMethod
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AuthenticatorMethodBase'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authenticators.manage
+      tags:
+        - Authenticator
+  /api/v1/authenticators/{authenticatorId}/methods/{methodType}/lifecycle/deactivate:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthenticatorId'
+      - $ref: '#/components/parameters/pathMethodType'
+    post:
+      summary: Deactivate an Authenticator Method
+      description: Deactivates a Method for an Authenticator identified by `authenticatorId` and `methodType`
+      operationId: deactivateAuthenticatorMethod
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AuthenticatorMethodBase'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authenticators.manage
+      tags:
+        - Authenticator
+  /api/v1/authorizationServers:
+    get:
+      summary: List all Authorization Servers
+      description: Lists all authorization servers
+      operationId: listAuthorizationServers
+      parameters:
+        - name: q
+          in: query
+          schema:
+            type: string
+        - name: limit
+          in: query
+          schema:
+            type: integer
+            format: int32
+            default: 200
+        - name: after
+          in: query
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/AuthorizationServer'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.read
+      tags:
+        - AuthorizationServer
+    post:
+      summary: Create an Authorization Server
+      description: Creates an authorization server
+      operationId: createAuthorizationServer
+      x-codegen-request-body-name: authorizationServer
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AuthorizationServer'
+        required: true
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AuthorizationServer'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthServerId'
+    get:
+      summary: Retrieve an Authorization Server
+      description: Retrieves an authorization server
+      operationId: getAuthorizationServer
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AuthorizationServer'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.read
+      tags:
+        - AuthorizationServer
+    put:
+      summary: Replace an Authorization Server
+      description: Replaces an authorization server
+      operationId: replaceAuthorizationServer
+      x-codegen-request-body-name: authorizationServer
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AuthorizationServer'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AuthorizationServer'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+    delete:
+      summary: Delete an Authorization Server
+      description: Deletes an authorization server
+      operationId: deleteAuthorizationServer
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/associatedServers:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthServerId'
+    get:
+      summary: List all Associated Authorization Servers
+      description: Lists all associated authorization servers by trusted type for the given `authServerId`
+      operationId: listAssociatedServersByTrustedType
+      parameters:
+        - name: trusted
+          in: query
+          description: Searches trusted authorization servers when true, or searches untrusted authorization servers when false
+          schema:
+            type: boolean
+        - name: q
+          in: query
+          description: Searches the name or audience of the associated authorization servers
+          schema:
+            type: string
+        - name: limit
+          in: query
+          description: Specifies the number of results for a page
+          schema:
+            type: integer
+            format: int32
+            default: 200
+        - name: after
+          in: query
+          description: Specifies the pagination cursor for the next page of the associated authorization servers
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/AuthorizationServer'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.read
+      tags:
+        - AuthorizationServer
+    post:
+      summary: Create the Associated Authorization Servers
+      description: Creates the trusted relationships between the given authorization server and other authorization servers
+      operationId: createAssociatedServers
+      x-codegen-request-body-name: associatedServerMediated
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AssociatedServerMediated'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/AuthorizationServer'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/associatedServers/{associatedServerId}:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthServerId'
+      - $ref: '#/components/parameters/pathAssociatedServerId'
+    delete:
+      summary: Delete an Associated Authorization Server
+      description: Deletes an associated authorization server
+      operationId: deleteAssociatedServer
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/claims:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthServerId'
+    get:
+      summary: List all Custom Token Claims
+      description: Lists all custom token claims
+      operationId: listOAuth2Claims
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/OAuth2Claim'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.read
+      tags:
+        - AuthorizationServer
+    post:
+      summary: Create a Custom Token Claim
+      description: Creates a custom token claim
+      operationId: createOAuth2Claim
+      x-codegen-request-body-name: oAuth2Claim
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/OAuth2Claim'
+        required: true
+      responses:
+        '201':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OAuth2Claim'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/claims/{claimId}:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthServerId'
+      - $ref: '#/components/parameters/pathClaimId'
+    get:
+      summary: Retrieve a Custom Token Claim
+      description: Retrieves a custom token claim
+      operationId: getOAuth2Claim
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OAuth2Claim'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.read
+      tags:
+        - AuthorizationServer
+    put:
+      summary: Replace a Custom Token Claim
+      description: Replaces a custom token claim
+      operationId: replaceOAuth2Claim
+      x-codegen-request-body-name: oAuth2Claim
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/OAuth2Claim'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OAuth2Claim'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+    delete:
+      summary: Delete a Custom Token Claim
+      description: Deletes a custom token claim
+      operationId: deleteOAuth2Claim
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/clients:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthServerId'
+    get:
+      summary: List all Clients
+      description: Lists all clients
+      operationId: listOAuth2ClientsForAuthorizationServer
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/OAuth2Client'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.read
+      tags:
+        - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthServerId'
+      - $ref: '#/components/parameters/pathClientId'
+    get:
+      summary: List all Refresh Tokens for a Client
+      description: Lists all refresh tokens for a client
+      operationId: listRefreshTokensForAuthorizationServerAndClient
+      parameters:
+        - name: expand
+          in: query
+          schema:
+            type: string
+        - name: after
+          in: query
+          schema:
+            type: string
+        - name: limit
+          in: query
+          schema:
+            type: integer
+            format: int32
+            default: -1
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/OAuth2RefreshToken'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.read
+      tags:
+        - AuthorizationServer
+    delete:
+      summary: Revoke all Refresh Tokens for a Client
+      description: Revokes all refresh tokens for a client
+      operationId: revokeRefreshTokensForAuthorizationServerAndClient
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthServerId'
+      - $ref: '#/components/parameters/pathClientId'
+      - $ref: '#/components/parameters/pathTokenId'
+    get:
+      summary: Retrieve a Refresh Token for a Client
+      description: Retrieves a refresh token for a client
+      operationId: getRefreshTokenForAuthorizationServerAndClient
+      parameters:
+        - name: expand
+          in: query
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OAuth2RefreshToken'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.read
+      tags:
+        - AuthorizationServer
+    delete:
+      summary: Revoke a Refresh Token for a Client
+      description: Revokes a refresh token for a client
+      operationId: revokeRefreshTokenForAuthorizationServerAndClient
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/credentials/keys:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthServerId'
+    get:
+      summary: List all Credential Keys
+      description: Lists all credential keys
+      operationId: listAuthorizationServerKeys
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/JsonWebKey'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.read
+      tags:
+        - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/credentials/lifecycle/keyRotate:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthServerId'
+    post:
+      summary: Rotate all Credential Keys
+      description: Rotates all credential keys
+      operationId: rotateAuthorizationServerKeys
+      x-codegen-request-body-name: use
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/JwkUse'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/JsonWebKey'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/lifecycle/activate:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthServerId'
+    post:
+      summary: Activate an Authorization Server
+      description: Activates an authorization server
+      operationId: activateAuthorizationServer
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/lifecycle/deactivate:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthServerId'
+    post:
+      summary: Deactivate an Authorization Server
+      description: Deactivates an authorization server
+      operationId: deactivateAuthorizationServer
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/policies:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthServerId'
+    get:
+      summary: List all Policies
+      description: Lists all policies
+      operationId: listAuthorizationServerPolicies
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/AuthorizationServerPolicy'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.read
+      tags:
+        - AuthorizationServer
+    post:
+      summary: Create a Policy
+      description: Creates a policy
+      operationId: createAuthorizationServerPolicy
+      x-codegen-request-body-name: policy
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AuthorizationServerPolicy'
+        required: true
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AuthorizationServerPolicy'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/policies/{policyId}:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthServerId'
+      - $ref: '#/components/parameters/pathPolicyId'
+    get:
+      summary: Retrieve a Policy
+      description: Retrieves a policy
+      operationId: getAuthorizationServerPolicy
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AuthorizationServerPolicy'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.read
+      tags:
+        - AuthorizationServer
+    put:
+      summary: Replace a Policy
+      description: Replaces a policy
+      operationId: replaceAuthorizationServerPolicy
+      x-codegen-request-body-name: policy
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AuthorizationServerPolicy'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AuthorizationServerPolicy'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+    delete:
+      summary: Delete a Policy
+      description: Deletes a policy
+      operationId: deleteAuthorizationServerPolicy
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/activate:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthServerId'
+      - $ref: '#/components/parameters/pathPolicyId'
+    post:
+      summary: Activate a Policy
+      description: Activates an authorization server policy
+      operationId: activateAuthorizationServerPolicy
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/deactivate:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthServerId'
+      - $ref: '#/components/parameters/pathPolicyId'
+    post:
+      summary: Deactivate a Policy
+      description: Deactivates an authorization server policy
+      operationId: deactivateAuthorizationServerPolicy
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthServerId'
+      - $ref: '#/components/parameters/pathPolicyId'
+    get:
+      summary: List all Policy Rules
+      description: Lists all policy rules for the specified Custom Authorization Server and Policy
+      operationId: listAuthorizationServerPolicyRules
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/AuthorizationServerPolicyRule'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.read
+      tags:
+        - AuthorizationServer
+    post:
+      summary: Create a Policy Rule
+      description: Creates a policy rule for the specified Custom Authorization Server and Policy
+      operationId: createAuthorizationServerPolicyRule
+      x-codegen-request-body-name: policyRule
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AuthorizationServerPolicyRule'
+        required: true
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AuthorizationServerPolicyRule'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthServerId'
+      - $ref: '#/components/parameters/pathPolicyId'
+      - $ref: '#/components/parameters/pathRuleId'
+    get:
+      summary: Retrieve a Policy Rule
+      description: Retrieves a policy rule by `ruleId`
+      operationId: getAuthorizationServerPolicyRule
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AuthorizationServerPolicyRule'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.read
+      tags:
+        - AuthorizationServer
+    put:
+      summary: Replace a Policy Rule
+      description: Replaces the configuration of the Policy Rule defined in the specified Custom Authorization Server and Policy
+      operationId: replaceAuthorizationServerPolicyRule
+      x-codegen-request-body-name: policyRule
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AuthorizationServerPolicyRule'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AuthorizationServerPolicyRule'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+    delete:
+      summary: Delete a Policy Rule
+      description: Deletes a Policy Rule defined in the specified Custom Authorization Server and Policy
+      operationId: deleteAuthorizationServerPolicyRule
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/activate:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthServerId'
+      - $ref: '#/components/parameters/pathPolicyId'
+      - $ref: '#/components/parameters/pathRuleId'
+    post:
+      summary: Activate a Policy Rule
+      description: Activates an authorization server policy rule
+      operationId: activateAuthorizationServerPolicyRule
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthServerId'
+      - $ref: '#/components/parameters/pathPolicyId'
+      - $ref: '#/components/parameters/pathRuleId'
+    post:
+      summary: Deactivate a Policy Rule
+      description: Deactivates an authorization server policy rule
+      operationId: deactivateAuthorizationServerPolicyRule
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/scopes:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthServerId'
+    get:
+      summary: List all Custom Token Scopes
+      description: Lists all custom token scopes
+      operationId: listOAuth2Scopes
+      parameters:
+        - name: q
+          in: query
+          schema:
+            type: string
+        - name: filter
+          in: query
+          schema:
+            type: string
+        - name: cursor
+          in: query
+          schema:
+            type: string
+        - name: limit
+          in: query
+          schema:
+            type: integer
+            format: int32
+            default: -1
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/OAuth2Scope'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.read
+      tags:
+        - AuthorizationServer
+    post:
+      summary: Create a Custom Token Scope
+      description: Creates a custom token scope
+      operationId: createOAuth2Scope
+      x-codegen-request-body-name: oAuth2Scope
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/OAuth2Scope'
+        required: true
+      responses:
+        '201':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OAuth2Scope'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/scopes/{scopeId}:
+    parameters:
+      - $ref: '#/components/parameters/pathAuthServerId'
+      - $ref: '#/components/parameters/pathScopeId'
+    get:
+      summary: Retrieve a Custom Token Scope
+      description: Retrieves a custom token scope
+      operationId: getOAuth2Scope
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OAuth2Scope'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.read
+      tags:
+        - AuthorizationServer
+    put:
+      summary: Replace a Custom Token Scope
+      description: Replaces a custom token scope
+      operationId: replaceOAuth2Scope
+      x-codegen-request-body-name: oAuth2Scope
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/OAuth2Scope'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OAuth2Scope'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+    delete:
+      summary: Delete a Custom Token Scope
+      description: Deletes a custom token scope
+      operationId: deleteOAuth2Scope
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.authorizationServers.manage
+      tags:
+        - AuthorizationServer
+  /api/v1/behaviors:
+    get:
+      summary: List all Behavior Detection Rules
+      description: Lists all behavior detection rules with pagination support
+      operationId: listBehaviorDetectionRules
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/BehaviorRule'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.behaviors.read
+      tags:
+        - Behavior
+    post:
+      summary: Create a Behavior Detection Rule
+      description: Creates a new behavior detection rule
+      operationId: createBehaviorDetectionRule
+      x-codegen-request-body-name: rule
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/BehaviorRule'
+            examples:
+              BehaviorRuleRequest:
+                $ref: '#/components/examples/BehaviorRuleRequest'
+        required: true
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/BehaviorRule'
+              examples:
+                BehaviorRuleReSponse:
+                  $ref: '#/components/examples/BehaviorRuleResponse'
+        '400':
+          description: Bad Request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.behaviors.manage
+      tags:
+        - Behavior
+  /api/v1/behaviors/{behaviorId}:
+    parameters:
+      - $ref: '#/components/parameters/pathBehaviorId'
+    get:
+      summary: Retrieve a Behavior Detection Rule
+      description: Retrieves a Behavior Detection Rule by `behaviorId`
+      operationId: getBehaviorDetectionRule
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/BehaviorRule'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          description: Not Found
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.behaviors.read
+      tags:
+        - Behavior
+    put:
+      summary: Replace a Behavior Detection Rule
+      description: Replaces a Behavior Detection Rule by `behaviorId`
+      operationId: replaceBehaviorDetectionRule
+      x-codegen-request-body-name: rule
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/BehaviorRule'
+            examples:
+              BehaviorRuleRequest:
+                $ref: '#/components/examples/BehaviorRuleRequest'
+        required: true
+      responses:
+        '200':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/BehaviorRule'
+              examples:
+                BehaviorRuleReSponse:
+                  $ref: '#/components/examples/BehaviorRuleResponse'
+        '400':
+          description: Bad Request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          description: Not Found
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.behaviors.manage
+      tags:
+        - Behavior
+    delete:
+      summary: Delete a Behavior Detection Rule
+      description: Deletes a Behavior Detection Rule by `behaviorId`
+      operationId: deleteBehaviorDetectionRule
+      responses:
+        '204':
+          description: No Content
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          description: Not Found
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.behaviors.manage
+      tags:
+        - Behavior
+  /api/v1/behaviors/{behaviorId}/lifecycle/activate:
+    parameters:
+      - $ref: '#/components/parameters/pathBehaviorId'
+    post:
+      summary: Activate a Behavior Detection Rule
+      description: Activates a behavior detection rule
+      operationId: activateBehaviorDetectionRule
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/BehaviorRule'
+              examples:
+                BehaviorRuleReSponse:
+                  $ref: '#/components/examples/BehaviorRuleResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.behaviors.manage
+      tags:
+        - Behavior
+  /api/v1/behaviors/{behaviorId}/lifecycle/deactivate:
+    parameters:
+      - $ref: '#/components/parameters/pathBehaviorId'
+    post:
+      summary: Deactivate a Behavior Detection Rule
+      description: Deactivates a behavior detection rule
+      operationId: deactivateBehaviorDetectionRule
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/BehaviorRule'
+              examples:
+                BehaviorRuleReSponse:
+                  $ref: '#/components/examples/BehaviorRuleResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.behaviors.manage
+      tags:
+        - Behavior
+  /api/v1/brands:
+    parameters:
+      - $ref: '#/components/parameters/queryExpandBrand'
+      - $ref: '#/components/parameters/queryAfter'
+      - $ref: '#/components/parameters/queryLimit'
+      - $ref: '#/components/parameters/queryFilter'
+    get:
+      summary: List all Brands
+      description: Lists all the brands in your org
+      operationId: listBrands
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/BrandWithEmbedded'
+              examples:
+                Get brands response:
+                  $ref: '#/components/examples/ListBrandsResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.read
+      tags:
+        - Customization
+    post:
+      summary: Create a Brand
+      description: Creates a new brand in your org
+      operationId: createBrand
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CreateBrandRequest'
+            examples:
+              Create brand request:
+                $ref: '#/components/examples/CreateBrandRequest'
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Brand'
+              examples:
+                Create brand response:
+                  $ref: '#/components/examples/CreateBrandResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.manage
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+      - $ref: '#/components/parameters/queryExpandBrand'
+    get:
+      summary: Retrieve a Brand
+      description: Retrieves a brand by `brandId`
+      operationId: getBrand
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/BrandWithEmbedded'
+              examples:
+                Get brand response:
+                  $ref: '#/components/examples/GetBrandResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.read
+      tags:
+        - Customization
+    put:
+      summary: Replace a Brand
+      description: Replaces a brand by `brandId`
+      operationId: replaceBrand
+      x-codegen-request-body-name: brand
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/BrandRequest'
+            examples:
+              Update brand request:
+                $ref: '#/components/examples/UpdateBrandRequest'
+        required: true
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Brand'
+              examples:
+                Update brand response:
+                  $ref: '#/components/examples/UpdateBrandResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.manage
+      tags:
+        - Customization
+    delete:
+      summary: Delete a brand
+      description: Deletes a brand by `brandId`
+      operationId: deleteBrand
+      responses:
+        '204':
+          description: Successfully deleted the brand.
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '409':
+          description: Conflict
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Cannot delete default brand:
+                  $ref: '#/components/examples/ErrorDeleteDefaultBrand'
+                Cannot delete brand associated with a domain:
+                  $ref: '#/components/examples/ErrorDeleteBrandAssociatedWithDomain'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.manage
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}/domains:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+    get:
+      summary: List all Domains associated with a Brand
+      description: Lists all domains associated with a brand by `brandId`
+      operationId: listBrandDomains
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/BrandDomains'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.read
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}/pages/error:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+      - $ref: '#/components/parameters/queryExpandPageRoot'
+    get:
+      summary: Retrieve the Error Page Sub-Resources
+      description: Retrieves the error page sub-resources. The `expand` query parameter specifies which sub-resources to include in the response.
+      operationId: getErrorPage
+      responses:
+        '200':
+          description: Successfully retrieved the error page.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PageRoot'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.read
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}/pages/error/customized:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+    get:
+      summary: Retrieve the Customized Error Page
+      description: Retrieves the customized error page. The customized error page appears in your live environment.
+      operationId: getCustomizedErrorPage
+      responses:
+        '200':
+          description: Successfully retrieved the customized error page.
+          headers:
+            Location:
+              schema:
+                type: string
+                format: uri
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ErrorPage'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.read
+      tags:
+        - Customization
+    put:
+      summary: Replace the Customized Error Page
+      description: Replaces the customized error page. The customized error page appears in your live environment.
+      operationId: replaceCustomizedErrorPage
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ErrorPage'
+        required: true
+      responses:
+        '200':
+          description: Successfully replaced the customized error page.
+          headers:
+            Location:
+              schema:
+                type: string
+                format: uri
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ErrorPage'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.manage
+      tags:
+        - Customization
+    delete:
+      summary: Delete the Customized Error Page
+      description: Deletes the customized error page. As a result, the default error page appears in your live environment.
+      operationId: deleteCustomizedErrorPage
+      responses:
+        '204':
+          description: Successfully deleted the customized error page.
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.manage
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}/pages/error/default:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+    get:
+      summary: Retrieve the Default Error Page
+      description: Retrieves the default error page. The default error page appears when no customized error page exists.
+      operationId: getDefaultErrorPage
+      responses:
+        '200':
+          description: Successfully retrieved the default error page.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ErrorPage'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.read
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}/pages/error/preview:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+    get:
+      summary: Retrieve the Preview Error Page Preview
+      description: Retrieves the preview error page. The preview error page contains unpublished changes and isn't shown in your live environment. Preview it at `${yourOktaDomain}/error/preview`.
+      operationId: getPreviewErrorPage
+      responses:
+        '200':
+          description: Successfully retrieved the preview error page.
+          headers:
+            Location:
+              schema:
+                type: string
+                format: uri
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ErrorPage'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.read
+      tags:
+        - Customization
+    put:
+      summary: Replace the Preview Error Page
+      description: Replaces the preview error page. The preview error page contains unpublished changes and isn't shown in your live environment. Preview it at `${yourOktaDomain}/error/preview`.
+      operationId: replacePreviewErrorPage
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ErrorPage'
+        required: true
+      responses:
+        '200':
+          description: Successfully replaced the preview error page.
+          headers:
+            Location:
+              schema:
+                type: string
+                format: uri
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ErrorPage'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.manage
+      tags:
+        - Customization
+    delete:
+      summary: Delete the Preview Error Page
+      description: Deletes the preview error page. The preview error page contains unpublished changes and isn't shown in your live environment. Preview it at `${yourOktaDomain}/error/preview`.
+      operationId: deletePreviewErrorPage
+      responses:
+        '204':
+          description: Successfully deleted the preview error page.
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.manage
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}/pages/sign-in:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+      - $ref: '#/components/parameters/queryExpandPageRoot'
+    get:
+      summary: Retrieve the Sign-in Page Sub-Resources
+      description: Retrieves the sign-in page sub-resources. The `expand` query parameter specifies which sub-resources to include in the response.
+      operationId: getSignInPage
+      responses:
+        '200':
+          description: Successfully retrieved the sign-in page.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PageRoot'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.read
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}/pages/sign-in/customized:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+    get:
+      summary: Retrieve the Customized Sign-in Page
+      description: Retrieves the customized sign-in page. The customized sign-in page appears in your live environment.
+      operationId: getCustomizedSignInPage
+      responses:
+        '200':
+          description: Successfully retrieved the customized sign-in page.
+          headers:
+            Location:
+              schema:
+                type: string
+                format: uri
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SignInPage'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.read
+      tags:
+        - Customization
+    put:
+      summary: Replace the Customized Sign-in Page
+      description: Replaces the customized sign-in page. The customized sign-in page appears in your live environment.
+      operationId: replaceCustomizedSignInPage
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SignInPage'
+        required: true
+      responses:
+        '200':
+          description: Successfully replaced the customized sign-in page.
+          headers:
+            Location:
+              schema:
+                type: string
+                format: uri
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SignInPage'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.manage
+      tags:
+        - Customization
+    delete:
+      summary: Delete the Customized Sign-in Page
+      description: Deletes the customized sign-in page. As a result, the default sign-in page appears in your live environment.
+      operationId: deleteCustomizedSignInPage
+      responses:
+        '204':
+          description: Successfully deleted the sign-in page.
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.manage
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}/pages/sign-in/default:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+    get:
+      summary: Retrieve the Default Sign-in Page
+      description: Retrieves the default sign-in page. The default sign-in page appears when no customized sign-in page exists.
+      operationId: getDefaultSignInPage
+      responses:
+        '200':
+          description: Successfully retrieved the default sign-in page.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SignInPage'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.read
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}/pages/sign-in/preview:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+    get:
+      summary: Retrieve the Preview Sign-in Page Preview
+      description: Retrieves the preview sign-in page. The preview sign-in page contains unpublished changes and isn't shown in your live environment. Preview it at `${yourOktaDomain}/login/preview`.
+      operationId: getPreviewSignInPage
+      responses:
+        '200':
+          description: Successfully retrieved the preview sign-in page.
+          headers:
+            Location:
+              schema:
+                type: string
+                format: uri
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SignInPage'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.read
+      tags:
+        - Customization
+    put:
+      summary: Replace the Preview Sign-in Page
+      description: Replaces the preview sign-in page. The preview sign-in page contains unpublished changes and isn't shown in your live environment. Preview it at `${yourOktaDomain}/login/preview`.
+      operationId: replacePreviewSignInPage
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SignInPage'
+        required: true
+      responses:
+        '200':
+          description: Successfully replaced the preview sign-in page.
+          headers:
+            Location:
+              schema:
+                type: string
+                format: uri
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SignInPage'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.manage
+      tags:
+        - Customization
+    delete:
+      summary: Delete the Preview Sign-in Page
+      description: Deletes the preview sign-in page. The preview sign-in page contains unpublished changes and isn't shown in your live environment. Preview it at `${yourOktaDomain}/login/preview`.
+      operationId: deletePreviewSignInPage
+      responses:
+        '204':
+          description: Successfully deleted the preview sign-in page.
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.manage
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}/pages/sign-in/widget-versions:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+    get:
+      summary: List all Sign-in Widget Versions
+      description: Lists all sign-in widget versions supported by the current org
+      operationId: listAllSignInWidgetVersions
+      responses:
+        '200':
+          description: Successfully listed the sign-in widget versions.
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  type: string
+                  pattern: ^\d+\.\d+$
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.read
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}/pages/sign-out/customized:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+    get:
+      summary: Retrieve the Sign-out Page Settings
+      description: Retrieves the sign-out page settings
+      operationId: getSignOutPageSettings
+      responses:
+        '200':
+          description: Successfully retrieved the sign-out page settings.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/HostedPage'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.read
+      tags:
+        - Customization
+    put:
+      summary: Replace the Sign-out Page Settings
+      description: Replaces the sign-out page settings
+      operationId: replaceSignOutPageSettings
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/HostedPage'
+        required: true
+      responses:
+        '200':
+          description: Successfully replaced the sign-out page settings.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/HostedPage'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.manage
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}/templates/email:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+    get:
+      summary: List all Email Templates
+      description: Lists all email templates
+      operationId: listEmailTemplates
+      parameters:
+        - $ref: '#/components/parameters/queryAfter'
+        - $ref: '#/components/parameters/queryLimit'
+        - $ref: '#/components/parameters/queryExpandEmailTemplate'
+      responses:
+        '200':
+          description: Successfully returned the list of email templates.
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/EmailTemplate'
+              examples:
+                List email templates response:
+                  $ref: '#/components/examples/ListEmailTemplateResponse'
+          headers:
+            Link:
+              schema:
+                type: string
+              description: The pagination header containing links to the current and next page of results. See [Pagination](/#pagination) for more information.
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.read
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}/templates/email/{templateName}:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+      - $ref: '#/components/parameters/pathTemplateName'
+    get:
+      summary: Retrieve an Email Template
+      description: Retrieves the details of an email template by name
+      operationId: getEmailTemplate
+      parameters:
+        - $ref: '#/components/parameters/queryExpandEmailTemplate'
+      responses:
+        '200':
+          description: Successfully retrieved the email template.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EmailTemplate'
+              examples:
+                Get email template response:
+                  $ref: '#/components/examples/GetEmailTemplateResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.read
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}/templates/email/{templateName}/customizations:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+      - $ref: '#/components/parameters/pathTemplateName'
+    get:
+      summary: List all Email Customizations
+      description: Lists all customizations of an email template
+      operationId: listEmailCustomizations
+      parameters:
+        - $ref: '#/components/parameters/queryAfter'
+        - $ref: '#/components/parameters/queryLimit'
+      responses:
+        '200':
+          description: Successfully retrieved all email customizations for the specified email template.
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/EmailCustomization'
+              examples:
+                List Email customizations response:
+                  $ref: '#/components/examples/ListEmailCustomizationResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.read
+      tags:
+        - Customization
+    post:
+      summary: Create an Email Customization
+      description: Creates a new email customization
+      operationId: createEmailCustomization
+      x-codegen-request-body-name: instance
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/EmailCustomization'
+            examples:
+              Create email customization request:
+                $ref: '#/components/examples/CreateUpdateEmailCustomizationRequest'
+      responses:
+        '201':
+          description: Successfully created the email customization.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EmailCustomization'
+              examples:
+                Create email customization response:
+                  $ref: '#/components/examples/CreateUpdateEmailCustomizationResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '409':
+          description: Could not create the email customization because it conflicts with an existing email customization.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Default email customization already exists:
+                  $ref: '#/components/examples/ErrorEmailCustomizationDefaultAlreadyExists'
+                Email customization already exists for the specified language:
+                  $ref: '#/components/examples/ErrorEmailCustomizationLanguageAlreadyExists'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.manage
+      tags:
+        - Customization
+    delete:
+      summary: Delete all Email Customizations
+      description: Deletes all customizations for an email template
+      operationId: deleteAllCustomizations
+      responses:
+        '204':
+          description: Successfully deleted all customizations for the email template.
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.manage
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+      - $ref: '#/components/parameters/pathTemplateName'
+      - $ref: '#/components/parameters/pathCustomizationId'
+    get:
+      summary: Retrieve an Email Customization
+      description: Retrieves an email customization by its unique identifier
+      operationId: getEmailCustomization
+      responses:
+        '200':
+          description: Successfully retrieved the email customization.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EmailCustomization'
+              examples:
+                Get email customization response:
+                  $ref: '#/components/examples/EmailCustomizationResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.read
+      tags:
+        - Customization
+    put:
+      summary: Replace an Email Customization
+      description: Replaces an existing email customization using the property values provided
+      operationId: replaceEmailCustomization
+      x-codegen-request-body-name: instance
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/EmailCustomization'
+            examples:
+              Update email customization request:
+                $ref: '#/components/examples/CreateUpdateEmailCustomizationRequest'
+        description: Request
+      responses:
+        '200':
+          description: Successfully updated the email customization.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EmailCustomization'
+              examples:
+                Update email customization response:
+                  $ref: '#/components/examples/CreateUpdateEmailCustomizationResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '409':
+          description: Could not update the email customization because the update would cause a conflict with an existing email customization.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Default email customization already exists:
+                  $ref: '#/components/examples/ErrorEmailCustomizationDefaultAlreadyExists'
+                Email customization already exists for the specified language:
+                  $ref: '#/components/examples/ErrorEmailCustomizationLanguageAlreadyExists'
+                Cannot set the default email customization's isDefault to false:
+                  $ref: '#/components/examples/ErrorEmailCustomizationCannotClearDefault'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.manage
+      tags:
+        - Customization
+    delete:
+      summary: Delete an Email Customization
+      description: Deletes an email customization by its unique identifier
+      operationId: deleteEmailCustomization
+      responses:
+        '204':
+          description: Successfully deleted the email customization.
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '409':
+          description: Could not delete the email customization deleted because it is the default email customization.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Cannot delete default email customization:
+                  $ref: '#/components/examples/ErrorEmailCustomizationCannotDeleteDefault'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.manage
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}/preview:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+      - $ref: '#/components/parameters/pathTemplateName'
+      - $ref: '#/components/parameters/pathCustomizationId'
+    get:
+      summary: Retrieve a Preview of an Email Customization
+      description: Retrieves a preview of an email customization. All variable references (e.g., `${user.profile.firstName}`) are populated using the current user's context.
+      operationId: getCustomizationPreview
+      responses:
+        '200':
+          description: Successfully generated a preview of the email customization.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EmailPreview'
+              examples:
+                Preview email customization response:
+                  $ref: '#/components/examples/PreviewEmailCustomizationResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.read
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}/templates/email/{templateName}/default-content:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+      - $ref: '#/components/parameters/pathTemplateName'
+    get:
+      summary: Retrieve an Email Template Default Content
+      description: Retrieves an email template's default content
+      operationId: getEmailDefaultContent
+      parameters:
+        - $ref: '#/components/parameters/queryLanguage'
+      responses:
+        '200':
+          description: Successfully retrieved the email template's default content.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EmailDefaultContent'
+              examples:
+                Get email template default content response:
+                  $ref: '#/components/examples/EmailTemplateDefaultContentResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.read
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}/templates/email/{templateName}/default-content/preview:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+      - $ref: '#/components/parameters/pathTemplateName'
+    get:
+      summary: Retrieve a Preview of the Email Template Default Content
+      description: Retrieves a preview of an email template's default content. All variable references (e.g., `${user.profile.firstName}`) are populated using the current user's context.
+      operationId: getEmailDefaultPreview
+      parameters:
+        - $ref: '#/components/parameters/queryLanguage'
+      responses:
+        '200':
+          description: Successfully generated a preview of the email template's default content.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EmailPreview'
+              examples:
+                Preview email template default content response:
+                  $ref: '#/components/examples/PreviewEmailTemplateDefaultContentResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.read
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}/templates/email/{templateName}/settings:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+      - $ref: '#/components/parameters/pathTemplateName'
+    get:
+      summary: Retrieve the Email Template Settings
+      description: Retrieves an email template's settings
+      operationId: getEmailSettings
+      responses:
+        '200':
+          description: Successfully retrieved the email template's settings.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EmailSettings'
+              examples:
+                Get email template settings response:
+                  $ref: '#/components/examples/EmailSettingsResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.read
+      tags:
+        - Customization
+    put:
+      summary: Replace the Email Template Settings
+      description: Replaces an email template's settings
+      operationId: replaceEmailSettings
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/EmailSettings'
+      responses:
+        '204':
+          description: Successfully updated the email template's settings.
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '422':
+          description: Could not update the email template's settings due to an invalid setting value.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Invalid email template recipients:
+                  $ref: '#/components/examples/ErrorInvalidEmailTemplateRecipients'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.manage
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}/templates/email/{templateName}/test:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+      - $ref: '#/components/parameters/pathTemplateName'
+    post:
+      summary: Send a Test Email
+      description: |-
+        Sends a test email to the current user’s primary and secondary email addresses. The email content is selected based on the following priority:
+        1. The email customization for the language specified in the `language` query parameter.
+        2. The email template's default customization.
+        3. The email template’s default content, translated to the current user's language.
+      operationId: sendTestEmail
+      parameters:
+        - $ref: '#/components/parameters/queryLanguage'
+      responses:
+        '204':
+          description: Successfully sent a test email.
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.read
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}/themes:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+    get:
+      summary: List all Themes
+      description: Lists all the themes in your brand
+      operationId: listBrandThemes
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/ThemeResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.read
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}/themes/{themeId}:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+      - $ref: '#/components/parameters/pathThemeId'
+    get:
+      summary: Retrieve a Theme
+      description: Retrieves a theme for a brand
+      operationId: getBrandTheme
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ThemeResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.read
+      tags:
+        - Customization
+    put:
+      summary: Replace a Theme
+      description: Replaces a theme for a brand
+      operationId: replaceBrandTheme
+      x-codegen-request-body-name: theme
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/Theme'
+        required: true
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ThemeResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.manage
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}/themes/{themeId}/background-image:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+      - $ref: '#/components/parameters/pathThemeId'
+    post:
+      summary: Upload the Background Image
+      description: Uploads and replaces the background image for the theme. The file must be in PNG, JPG, or GIF format and less than 2 MB in size.
+      operationId: uploadBrandThemeBackgroundImage
+      requestBody:
+        content:
+          multipart/form-data:
+            schema:
+              type: object
+              description: The file must be in PNG, JPG, or GIF format and less than 2 MB in size.
+              properties:
+                file:
+                  type: string
+                  format: binary
+              required:
+                - file
+        description: background image file
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ImageUploadResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.manage
+      tags:
+        - Customization
+    delete:
+      summary: Delete the Background Image
+      description: Deletes a Theme background image
+      operationId: deleteBrandThemeBackgroundImage
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.manage
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}/themes/{themeId}/favicon:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+      - $ref: '#/components/parameters/pathThemeId'
+    post:
+      summary: Upload the Favicon
+      description: Uploads and replaces the favicon for the theme
+      operationId: uploadBrandThemeFavicon
+      requestBody:
+        content:
+          multipart/form-data:
+            schema:
+              type: object
+              description: The file must be in PNG, or ico format and less than ?? in size and 128 x 128 dimensions
+              properties:
+                file:
+                  type: string
+                  format: binary
+              required:
+                - file
+        description: favicon file
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ImageUploadResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.manage
+      tags:
+        - Customization
+    delete:
+      summary: Delete the Favicon
+      description: Deletes a Theme favicon. The theme will use the default Okta favicon.
+      operationId: deleteBrandThemeFavicon
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.manage
+      tags:
+        - Customization
+  /api/v1/brands/{brandId}/themes/{themeId}/logo:
+    parameters:
+      - $ref: '#/components/parameters/pathBrandId'
+      - $ref: '#/components/parameters/pathThemeId'
+    post:
+      summary: Upload the Logo
+      description: Uploads and replaces the logo for the theme. The file must be in PNG, JPG, or GIF format and less than 100kB in size. For best results use landscape orientation, a transparent background, and a minimum size of 300px by 50px to prevent upscaling.
+      operationId: uploadBrandThemeLogo
+      requestBody:
+        content:
+          multipart/form-data:
+            schema:
+              description: The file must be in PNG, JPG, or GIF format and less than 100kB in size. For best results use landscape orientation, a transparent background, and a minimum size of 300px by 50px to prevent upscaling.
+              type: object
+              properties:
+                file:
+                  type: string
+                  format: binary
+              required:
+                - file
+        description: logo file
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ImageUploadResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.manage
+      tags:
+        - Customization
+    delete:
+      summary: Delete the Logo
+      description: Deletes a Theme logo. The theme will use the default Okta logo.
+      operationId: deleteBrandThemeLogo
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.brands.manage
+      tags:
+        - Customization
+  /api/v1/captchas:
+    get:
+      summary: List all CAPTCHA Instances
+      description: Lists all CAPTCHA instances with pagination support. A subset of CAPTCHA instances can be returned that match a supported filter expression or query.
+      operationId: listCaptchaInstances
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/CAPTCHAInstance'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.captchas.read
+      tags:
+        - CAPTCHA
+    post:
+      summary: Create a CAPTCHA instance
+      description: Creates a new CAPTCHA instance. Currently, an org can only configure a single CAPTCHA instance.
+      operationId: createCaptchaInstance
+      x-codegen-request-body-name: instance
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CAPTCHAInstance'
+            examples:
+              HCaptcha:
+                $ref: '#/components/examples/CAPTCHAInstanceRequestHCaptcha'
+              ReCaptcha:
+                $ref: '#/components/examples/CAPTCHAInstanceRequestReCaptcha'
+        required: true
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/CAPTCHAInstance'
+              examples:
+                HCaptcha:
+                  $ref: '#/components/examples/CAPTCHAInstanceResponseHCaptcha'
+                ReCaptcha:
+                  $ref: '#/components/examples/CAPTCHAInstanceResponseReCaptcha'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+                Error Limit of One CAPTCHA instance per org:
+                  $ref: '#/components/examples/ErrorCAPTCHALimitOfOne'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.captchas.manage
+      tags:
+        - CAPTCHA
+  /api/v1/captchas/{captchaId}:
+    parameters:
+      - $ref: '#/components/parameters/pathCaptchaId'
+    get:
+      summary: Retrieve a CAPTCHA Instance
+      description: Retrieves the properties of a specified CAPTCHA instance
+      operationId: getCaptchaInstance
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/CAPTCHAInstance'
+              examples:
+                HCaptcha:
+                  $ref: '#/components/examples/CAPTCHAInstanceResponseHCaptcha'
+                ReCaptcha:
+                  $ref: '#/components/examples/CAPTCHAInstanceResponseReCaptcha'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.captchas.read
+      tags:
+        - CAPTCHA
+    post:
+      summary: Update a CAPTCHA Instance
+      description: Partially updates the properties of a specified CAPTCHA instance
+      operationId: updateCaptchaInstance
+      x-codegen-request-body-name: instance
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CAPTCHAInstance'
+            examples:
+              HCaptcha:
+                $ref: '#/components/examples/CAPTCHAInstanceRequestHCaptcha'
+              ReCaptcha:
+                $ref: '#/components/examples/CAPTCHAInstanceRequestReCaptcha'
+        required: true
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/CAPTCHAInstance'
+              examples:
+                HCaptcha:
+                  $ref: '#/components/examples/CAPTCHAInstanceResponseHCaptcha'
+                ReCaptcha:
+                  $ref: '#/components/examples/CAPTCHAInstanceResponseReCaptcha'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.captchas.manage
+      tags:
+        - CAPTCHA
+    put:
+      summary: Replace a CAPTCHA Instance
+      description: Replaces the properties for a specified CAPTCHA instance
+      operationId: replaceCaptchaInstance
+      x-codegen-request-body-name: instance
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CAPTCHAInstance'
+            examples:
+              HCaptcha:
+                $ref: '#/components/examples/CAPTCHAInstanceRequestHCaptcha'
+              ReCaptcha:
+                $ref: '#/components/examples/CAPTCHAInstanceRequestReCaptcha'
+        required: true
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/CAPTCHAInstance'
+              examples:
+                HCaptcha:
+                  $ref: '#/components/examples/CAPTCHAInstanceResponseHCaptcha'
+                ReCaptcha:
+                  $ref: '#/components/examples/CAPTCHAInstanceResponseReCaptcha'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.captchas.manage
+      tags:
+        - CAPTCHA
+    delete:
+      summary: Delete a CAPTCHA Instance
+      description: |-
+        Deletes a specified CAPTCHA instance
+        > **Note:** If your CAPTCHA instance is still associated with your org, the request fails. You must first update your Org-wide CAPTCHA settings to remove the CAPTCHA instance.
+      operationId: deleteCaptchaInstance
+      responses:
+        '204':
+          description: No Content
+        '403':
+          description: Forbidden
+          headers: {}
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+                Cannot remove CAPTCHA in use:
+                  $ref: '#/components/examples/ErrorCAPTCHAOrgWideSetting'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.captchas.manage
+      tags:
+        - CAPTCHA
+  /api/v1/device-assurances:
+    get:
+      summary: List all Device Assurance Policies
+      description: Lists all device assurance policies
+      operationId: listDeviceAssurancePolicies
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/DeviceAssurance'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.deviceAssurance.read
+      tags:
+        - DeviceAssurance
+    post:
+      summary: Create a Device Assurance Policy
+      description: Creates a new Device Assurance Policy
+      operationId: createDeviceAssurancePolicy
+      x-codegen-request-body-name: deviceAssurance
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/DeviceAssurance'
+            examples:
+              Android:
+                $ref: '#/components/examples/DeviceAssuranceAndroidRequest'
+              iOS:
+                $ref: '#/components/examples/DeviceAssuranceIosRequest'
+              MacOS:
+                $ref: '#/components/examples/DeviceAssuranceMacOSRequest'
+              Windows:
+                $ref: '#/components/examples/DeviceAssuranceWindowsRequest'
+              ChromeOSWithThirdPartySignalProviders:
+                $ref: '#/components/examples/DeviceAssuranceChromeOSWithThirdPartySignalProvidersRequest'
+              MacOSWithThirdPartySignalProviders:
+                $ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersRequest'
+              WindowsWithThirdPartySignalProviders:
+                $ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersRequest'
+        required: true
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/DeviceAssurance'
+              examples:
+                Android:
+                  $ref: '#/components/examples/DeviceAssuranceAndroidResponse'
+                iOS:
+                  $ref: '#/components/examples/DeviceAssuranceIosResponse'
+                MacOS:
+                  $ref: '#/components/examples/DeviceAssuranceMacOSResponse'
+                Windows:
+                  $ref: '#/components/examples/DeviceAssuranceWindowsResponse'
+                ChromeOSWithThirdPartySignalProviders:
+                  $ref: '#/components/examples/DeviceAssuranceChromeOSWithThirdPartySignalProvidersResponse'
+                MacOSWithThirdPartySignalProviders:
+                  $ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersResponse'
+                WindowsWithThirdPartySignalProviders:
+                  $ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.deviceAssurance.manage
+      tags:
+        - DeviceAssurance
+  /api/v1/device-assurances/{deviceAssuranceId}:
+    parameters:
+      - $ref: '#/components/parameters/pathDeviceAssuranceId'
+    get:
+      summary: Retrieve a Device Assurance Policy
+      description: Retrieves a Device Assurance Policy by `deviceAssuranceId`
+      operationId: getDeviceAssurancePolicy
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/DeviceAssurance'
+              examples:
+                Android:
+                  $ref: '#/components/examples/DeviceAssuranceAndroidResponse'
+                iOS:
+                  $ref: '#/components/examples/DeviceAssuranceIosResponse'
+                MacOS:
+                  $ref: '#/components/examples/DeviceAssuranceMacOSResponse'
+                Windows:
+                  $ref: '#/components/examples/DeviceAssuranceWindowsResponse'
+                ChromeOSWithThirdPartySignalProviders:
+                  $ref: '#/components/examples/DeviceAssuranceChromeOSWithThirdPartySignalProvidersResponse'
+                MacOSWithThirdPartySignalProviders:
+                  $ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersResponse'
+                WindowsWithThirdPartySignalProviders:
+                  $ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.deviceAssurance.read
+      tags:
+        - DeviceAssurance
+    put:
+      summary: Replace a Device Assurance Policy
+      description: Replaces a Device Assurance Policy by `deviceAssuranceId`
+      operationId: replaceDeviceAssurancePolicy
+      x-codegen-request-body-name: deviceAssurance
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/DeviceAssurance'
+            examples:
+              Android:
+                $ref: '#/components/examples/DeviceAssuranceAndroidRequest'
+              iOS:
+                $ref: '#/components/examples/DeviceAssuranceIosRequest'
+              MacOS:
+                $ref: '#/components/examples/DeviceAssuranceMacOSRequest'
+              Windows:
+                $ref: '#/components/examples/DeviceAssuranceWindowsRequest'
+              ChromeOSWithThirdPartySignalProviders:
+                $ref: '#/components/examples/DeviceAssuranceChromeOSWithThirdPartySignalProvidersRequest'
+              MacOSWithThirdPartySignalProviders:
+                $ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersRequest'
+              WindowsWithThirdPartySignalProviders:
+                $ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersRequest'
+        required: true
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/DeviceAssurance'
+              examples:
+                Android:
+                  $ref: '#/components/examples/DeviceAssuranceAndroidResponse'
+                iOS:
+                  $ref: '#/components/examples/DeviceAssuranceIosResponse'
+                MacOS:
+                  $ref: '#/components/examples/DeviceAssuranceMacOSResponse'
+                Windows:
+                  $ref: '#/components/examples/DeviceAssuranceWindowsResponse'
+                ChromeOSWithThirdPartySignalProviders:
+                  $ref: '#/components/examples/DeviceAssuranceChromeOSWithThirdPartySignalProvidersResponse'
+                MacOSWithThirdPartySignalProviders:
+                  $ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersResponse'
+                WindowsWithThirdPartySignalProviders:
+                  $ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.deviceAssurance.manage
+      tags:
+        - DeviceAssurance
+    delete:
+      summary: Delete a Device Assurance Policy
+      description: Deletes a Device Assurance Policy by `deviceAssuranceId`. If the Device Assurance Policy is currently being used in the org Authentication Policies, the delete will not be allowed.
+      operationId: deleteDeviceAssurancePolicy
+      responses:
+        '204':
+          description: No Content
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '409':
+          description: Conflict
+          headers: {}
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                ErrorDeviceAssuranceInUse:
+                  $ref: '#/components/examples/ErrorDeviceAssuranceInUse'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.deviceAssurance.manage
+      tags:
+        - DeviceAssurance
+  /api/v1/devices:
+    get:
+      summary: List all Devices
+      description: |-
+        Lists all devices with pagination support.
+        You can return a subset of Devices that match a supported search criteria using the `search` query parameter.
+        Searches for devices based on the properties specified in the `search` parameter conforming SCIM filter specifications (case-insensitive). This data is eventually consistent. The API returns different results depending on specified queries in the request. Empty list is returned if no objects match `search` request.
+        > **Note:** Listing devices with `search` should not be used as a part of any critical flows—such as authentication or updates—to prevent potential data loss. `search` results may not reflect the latest information, as this endpoint uses a search index which may not be up-to-date with recent updates to the object. <br> Don't use search results directly for record updates, as the data might be stale and therefore overwrite newer data, resulting in data loss. <br> Use an `id` lookup for records that you update to ensure your results contain the latest data.
+        This operation requires [URL encoding](https://www.w3.org/TR/html4/interact/forms.html#h-17.13.4.1). For example, `search=profile.displayName eq "Bob"` is encoded as `search=profile.displayName%20eq%20%22Bob%22`.
+      operationId: listDevices
+      parameters:
+        - $ref: '#/components/parameters/queryAfter'
+        - name: limit
+          in: query
+          schema:
+            type: integer
+            minimum: 1
+            maximum: 200
+            default: 200
+          description: A limit on the number of objects to return (recommend `20`)
+        - name: search
+          in: query
+          description: A SCIM filter expression that filters the results. Searches include all Device `profile` properties and the Device `id`, `status`, and `lastUpdated` properties.
+          schema:
+            type: string
+          examples:
+            Devices that have a `status` of `ACTIVE`:
+              value: status eq "ACTIVE"
+            Devices last updated after a specific timestamp:
+              value: lastUpdated gt "yyyy-MM-dd'T'HH:mm:ss.SSSZ"
+            Devices with a specified `id`:
+              value: id eq "guo4a5u7JHHhjXrMK0g4"
+            Devices that have a `displayName` of `Bob`:
+              value: profile.displayName eq "Bob"
+            Devices that have an `platform` of `WINDOWS`:
+              value: profile.platform eq "WINDOWS"
+            Devices whose `sid` starts with `S-1`:
+              value: profile.sid sw "S-1"
+        - name: expand
+          in: query
+          schema:
+            type: string
+            # enum:
+            #   - user # TODO: REVISIT WITH API TEAM
+          description: Lists associated users for the device in `_embedded` element
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Device'
+              examples:
+                APIDevicesResponseExample:
+                  type: array
+                  $ref: '#/components/examples/APIDevicesListAllResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.devices.read
+      tags:
+        - Device
+  /api/v1/devices/{deviceId}:
+    parameters:
+      - $ref: '#/components/parameters/pathDeviceId'
+    get:
+      summary: Retrieve a Device
+      description: Retrieves a device by `deviceId`
+      operationId: getDevice
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Device'
+              examples:
+                APIDevicesResponseExample:
+                  $ref: '#/components/examples/DeviceResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.devices.read
+      tags:
+        - Device
+    delete:
+      summary: Delete a Device
+      description: |-
+        Deletes (permanently) a device by `deviceId` if it has a status of `DEACTIVATED`. You can transition the device to `DEACTIVATED` status using the [Deactivate a Device](#tag/Device/operation/deactivateDevice) endpoint.
+        This request is destructive and deletes all of the profile data related to the device. Once deleted, device data can't be recovered. However, reenrollment creates a new device record.
+        > **Note:** Attempts to delete a device that isn't in a `DEACTIVATED` state raise an error.
+      operationId: deleteDevice
+      responses:
+        '204':
+          description: No Content
+        '403':
+          description: Forbidden
+          headers: {}
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.devices.manage
+      tags:
+        - Device
+  /api/v1/devices/{deviceId}/lifecycle/activate:
+    parameters:
+      - $ref: '#/components/parameters/pathDeviceId'
+    post:
+      summary: Activate a Device
+      description: |-
+        Activates a Device by setting its status to ACTIVE by `deviceId`.
+        Activated devices are used to create and delete Device user links.
+      operationId: activateDevice
+      responses:
+        '204':
+          description: No Content
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.devices.manage
+      tags:
+        - Device
+  /api/v1/devices/{deviceId}/lifecycle/deactivate:
+    parameters:
+      - $ref: '#/components/parameters/pathDeviceId'
+    post:
+      summary: Deactivate a Device
+      description: |-
+        Deactivates a Device by setting its status to DEACTIVATED by `deviceId`.
+        Deactivation causes a Device to lose all device user links.
+        Set the Device status to DEACTIVATED before deleting it.
+        > **Note:** When deactivating a Device, keep in mind the following:
+          - Device deactivation is a destructive operation for device factors and client certificates. Device reenrollment using Okta Verify allows end users to set up new factors on the device.
+          - Device deletion removes the device record from Okta. Reenrollment creates a new device record.
+      operationId: deactivateDevice
+      responses:
+        '204':
+          description: No Content
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.devices.manage
+      tags:
+        - Device
+  /api/v1/devices/{deviceId}/lifecycle/suspend:
+    parameters:
+      - $ref: '#/components/parameters/pathDeviceId'
+    post:
+      summary: Suspend a Device
+      description: |-
+        Suspends a Device by setting its status to SUSPENDED.
+        Use suspended devices to create and delete device user links.
+        You can only unsuspend or deactivate suspended devices.
+        > **Note:** SUSPENDED status is meant to be temporary, so it isn't destructive.
+      operationId: suspendDevice
+      responses:
+        '204':
+          description: No Content
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.devices.manage
+      tags:
+        - Device
+  /api/v1/devices/{deviceId}/lifecycle/unsuspend:
+    parameters:
+      - $ref: '#/components/parameters/pathDeviceId'
+    post:
+      summary: Unsuspend a Device
+      description: |-
+        Unsuspends a Device by returning its `status` to ACTIVE.
+        >**Note:** Only devices with a SUSPENDED status can be unsuspended.
+      operationId: unsuspendDevice
+      responses:
+        '204':
+          description: No Content
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.devices.manage
+      tags:
+        - Device
+  /api/v1/devices/{deviceId}/users:
+    parameters:
+      - $ref: '#/components/parameters/pathDeviceId'
+    get:
+      summary: List all Users for a Device
+      description: Lists all Users for a Device by `deviceId`
+      operationId: listDeviceUsers
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/DeviceUser'
+              examples:
+                APIDevicesListAllUsersResponseExample:
+                  summary: List all users for a specific device
+                  $ref: '#/components/examples/APIDevicesListAllUsersResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.devices.read
+      tags:
+        - Device
+  /api/v1/domains:
+    get:
+      summary: List all Custom Domains
+      description: Lists all verified custom domains for the org
+      operationId: listCustomDomains
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/DomainListResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.domains.read
+      tags:
+        - CustomDomain
+    # post:
+    #   summary: Create a Custom Domain
+    #   description: Creates your custom domain
+    #   operationId: createCustomDomain
+    #   x-codegen-request-body-name: domain
+    #   requestBody:
+    #     content:
+    #       application/json:
+    #         schema:
+    #           $ref: '#/components/schemas/DomainRequest'
+    #     required: true
+    #   responses:
+    #     '200':
+    #       description: Success
+    #       content:
+    #         application/json:
+    #           schema:
+    #             $ref: '#/components/schemas/DomainResponse'
+    #     '400':
+    #       $ref: '#/components/responses/ErrorApiValidationFailed400'
+    #     '403':
+    #       $ref: '#/components/responses/ErrorAccessDenied403'
+    #     '429':
+    #       $ref: '#/components/responses/ErrorTooManyRequests429'
+    #   security:
+    #     - apiToken: []
+    #     - oauth2:
+    #         - okta.domains.manage
+    #   tags:
+    #     - CustomDomain
+  /api/v1/domains/{domainId}:
+    parameters:
+      - $ref: '#/components/parameters/pathDomainId'
+    get:
+      summary: Retrieve a Custom Domain
+      description: Retrieves a custom domain by `domainId`
+      operationId: getCustomDomain
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/DomainResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.domains.read
+      tags:
+        - CustomDomain
+    put:
+      summary: Replace a Custom Domain's Brand
+      description: Replaces a custom domain's brand
+      operationId: replaceCustomDomain
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UpdateDomain'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/DomainResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.domains.manage
+      tags:
+        - CustomDomain
+    delete:
+      summary: Delete a Custom Domain
+      description: Deletes a custom domain by `domainId`
+      operationId: deleteCustomDomain
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.domains.manage
+      tags:
+        - CustomDomain
+  /api/v1/domains/{domainId}/certificate:
+    parameters:
+      - $ref: '#/components/parameters/pathDomainId'
+    put:
+      summary: Upsert the Custom Domain's Certificate
+      description: Upserts (creates or renews) the `MANUAL` certificate for the custom domain. If the `certificateSourceType` in the domain is `OKTA_MANAGED`, it becomes `MANUAL` and Okta no longer manages and renews certificates for this domain since a user-managed certificate has been provided.
+      operationId: upsertCertificate
+      x-codegen-request-body-name: certificate
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/DomainCertificate'
+        required: true
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.domains.manage
+      tags:
+        - CustomDomain
+  /api/v1/domains/{domainId}/verify:
+    parameters:
+      - $ref: '#/components/parameters/pathDomainId'
+    post:
+      summary: Verify a Custom Domain
+      description: Verifies the custom domain and validity of DNS records by `domainId`. Furthermore, if the `certificateSourceType` in the domain is `OKTA_MANAGED`, then an attempt is made to obtain and install a certificate. After a certificate is obtained and installed by Okta, Okta manages the certificate including certificate renewal.
+      operationId: verifyDomain
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/DomainResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.domains.manage
+      tags:
+        - CustomDomain
+  /api/v1/email-domains:
+    parameters:
+      - $ref: '#/components/parameters/queryExpandEmailDomain'
+    get:
+      summary: List all Email Domains
+      description: Lists all the Email Domains in your org
+      operationId: listEmailDomains
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/EmailDomainResponseWithEmbedded'
+              examples:
+                List email domain response:
+                  $ref: '#/components/examples/EmailDomainResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.emailDomains.read
+      tags:
+        - EmailDomain
+    post:
+      summary: Create an Email Domain
+      description: Creates an Email Domain in your org
+      operationId: createEmailDomain
+      x-codegen-request-body-name: emailDomain
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/EmailDomain'
+            examples:
+              Create email domain request:
+                $ref: '#/components/examples/CreateEmailDomainRequest'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EmailDomainResponse'
+              examples:
+                Create email domain response:
+                  $ref: '#/components/examples/EmailDomainResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '409':
+          description: Conflict
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Email domain already exists:
+                  $ref: '#/components/examples/ErrorEmailDomainAlreadyExists'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.emailDomains.manage
+      tags:
+        - EmailDomain
+  /api/v1/email-domains/{emailDomainId}:
+    parameters:
+      - $ref: '#/components/parameters/pathEmailDomainId'
+      - $ref: '#/components/parameters/queryExpandEmailDomain'
+    get:
+      summary: Retrieve an Email Domain
+      description: Retrieves an Email Domain by `emailDomainId`
+      operationId: getEmailDomain
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EmailDomainResponseWithEmbedded'
+              examples:
+                Retrieve email domain response:
+                  $ref: '#/components/examples/EmailDomainResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.emailDomains.read
+      tags:
+        - EmailDomain
+    put:
+      summary: Replace an Email Domain
+      description: Replaces associated username and sender display name by `emailDomainId`
+      operationId: replaceEmailDomain
+      x-codegen-request-body-name: updateEmailDomain
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UpdateEmailDomain'
+            examples:
+              Update email domain request:
+                $ref: '#/components/examples/UpdateEmailDomainRequest'
+        required: true
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EmailDomainResponse'
+              examples:
+                Update email domain response:
+                  $ref: '#/components/examples/UpdatedEmailDomainResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.emailDomains.manage
+      tags:
+        - EmailDomain
+    delete:
+      summary: Delete an Email Domain
+      description: Deletes an Email Domain by `emailDomainId`
+      operationId: deleteEmailDomain
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '400':
+          description: Unable to delete custom email domain due to mail provider specific restrictions
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Email domain in use:
+                  $ref: '#/components/examples/ErrorEmailDomainInUse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.emailDomains.manage
+      tags:
+        - EmailDomain
+  /api/v1/email-domains/{emailDomainId}/verify:
+    parameters:
+      - $ref: '#/components/parameters/pathEmailDomainId'
+    post:
+      summary: Verify an Email Domain
+      description: Verifies an Email Domain by `emailDomainId`
+      operationId: verifyEmailDomain
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EmailDomainResponse'
+              examples:
+                Verified email domain response:
+                  $ref: '#/components/examples/VerifiedEmailDomainResponse'
+        '400':
+          description: Email domain could not be verified by mail provider
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Email domain could not be verified:
+                  $ref: '#/components/examples/ErrorEmailDomainNotVerified'
+                Email domain invalid status:
+                  $ref: '#/components/examples/ErrorEmailDomainInvalidStatus'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.emailDomains.manage
+      tags:
+        - EmailDomain
+  /api/v1/email-servers:
+    get:
+      summary: List all enrolled SMTP servers
+      description: Lists all the enrolled custom email SMTP servers
+      operationId: listEmailServers
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EmailServerListResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.emailServers.read
+      tags:
+        - EmailServer
+    post:
+      summary: Create a custom SMTP server
+      description: Creates a custom email SMTP server configuration for your organization
+      operationId: createEmailServer
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/EmailServerPost'
+      responses:
+        '201':
+          description: Successfully enrolled server credentials
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EmailServerResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.emailServers.manage
+      tags:
+        - EmailServer
+  /api/v1/email-servers/{emailServerId}:
+    parameters:
+      - $ref: '#/components/parameters/pathEmailServerId'
+    get:
+      summary: Retrieve an SMTP Server configuration
+      description: Retrieves a configuration of your organization's custom SMTP server with the given ID
+      operationId: getEmailServer
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EmailServerListResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.emailServers.read
+      tags:
+        - EmailServer
+    patch:
+      summary: Update an SMTP Server configuration
+      description: Updates one or more fields of your organization's custom SMTP Server configuration
+      operationId: updateEmailServer
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/EmailServerRequest'
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EmailServerResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.emailServers.manage
+      tags:
+        - EmailServer
+    delete:
+      summary: Delete an SMTP Server configuration
+      description: Deletes your organization's custom SMTP server with the given ID
+      operationId: deleteEmailServer
+      responses:
+        '204':
+          description: No content
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.emailServers.manage
+      tags:
+        - EmailServer
+  /api/v1/email-servers/{emailServerId}/test:
+    parameters:
+      - $ref: '#/components/parameters/pathEmailServerId'
+    post:
+      summary: Test an SMTP Server configuration
+      description: Tests your organization's custom SMTP Server with the given ID
+      operationId: testEmailServer
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/EmailTestAddresses'
+      responses:
+        '204':
+          description: No content
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.emailServers.manage
+      tags:
+        - EmailServer
+  /api/v1/eventHooks:
+    get:
+      summary: List all Event Hooks
+      description: Lists all event hooks
+      operationId: listEventHooks
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/EventHook'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.eventHooks.read
+      tags:
+        - EventHook
+    post:
+      summary: Create an Event Hook
+      description: Creates an event hook
+      operationId: createEventHook
+      x-codegen-request-body-name: eventHook
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/EventHook'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EventHook'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.eventHooks.manage
+      tags:
+        - EventHook
+  /api/v1/eventHooks/{eventHookId}:
+    parameters:
+      - $ref: '#/components/parameters/pathEventHookId'
+    get:
+      summary: Retrieve an Event Hook
+      description: Retrieves an event hook
+      operationId: getEventHook
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EventHook'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.eventHooks.read
+      tags:
+        - EventHook
+    put:
+      summary: Replace an Event Hook
+      description: Replaces an event hook
+      operationId: replaceEventHook
+      x-codegen-request-body-name: eventHook
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/EventHook'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EventHook'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.eventHooks.manage
+      tags:
+        - EventHook
+    delete:
+      summary: Delete an Event Hook
+      description: Deletes an event hook
+      operationId: deleteEventHook
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.eventHooks.manage
+      tags:
+        - EventHook
+  /api/v1/eventHooks/{eventHookId}/lifecycle/activate:
+    parameters:
+      - $ref: '#/components/parameters/pathEventHookId'
+    post:
+      summary: Activate an Event Hook
+      description: Activates an event hook
+      operationId: activateEventHook
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EventHook'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.eventHooks.manage
+      tags:
+        - EventHook
+  /api/v1/eventHooks/{eventHookId}/lifecycle/deactivate:
+    parameters:
+      - $ref: '#/components/parameters/pathEventHookId'
+    post:
+      summary: Deactivate an Event Hook
+      description: Deactivates an event hook
+      operationId: deactivateEventHook
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EventHook'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.eventHooks.manage
+      tags:
+        - EventHook
+  /api/v1/eventHooks/{eventHookId}/lifecycle/verify:
+    parameters:
+      - $ref: '#/components/parameters/pathEventHookId'
+    post:
+      summary: Verify an Event Hook
+      description: Verifies an event hook
+      operationId: verifyEventHook
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EventHook'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.eventHooks.manage
+      tags:
+        - EventHook
+  /api/v1/features:
+    get:
+      summary: List all Features
+      description: Lists all features
+      operationId: listFeatures
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Feature'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.features.read
+      tags:
+        - Feature
+  /api/v1/features/{featureId}:
+    parameters:
+      - $ref: '#/components/parameters/pathFeatureId'
+    get:
+      summary: Retrieve a Feature
+      description: Retrieves a feature
+      operationId: getFeature
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Feature'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.features.read
+      tags:
+        - Feature
+  /api/v1/features/{featureId}/dependencies:
+    parameters:
+      - $ref: '#/components/parameters/pathFeatureId'
+    get:
+      summary: List all Dependencies
+      description: Lists all dependencies
+      operationId: listFeatureDependencies
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Feature'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.features.read
+      tags:
+        - Feature
+  /api/v1/features/{featureId}/dependents:
+    parameters:
+      - $ref: '#/components/parameters/pathFeatureId'
+    get:
+      summary: List all Dependents
+      description: Lists all dependents
+      operationId: listFeatureDependents
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Feature'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.features.read
+      tags:
+        - Feature
+  /api/v1/features/{featureId}/{lifecycle}:
+    parameters:
+      - $ref: '#/components/parameters/pathFeatureId'
+      - $ref: '#/components/parameters/pathLifecycle'
+    post:
+      summary: Update a Feature Lifecycle
+      description: Updates a feature lifecycle
+      operationId: updateFeatureLifecycle
+      parameters:
+        - name: mode
+          in: query
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Feature'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.features.manage
+      tags:
+        - Feature
+  /api/v1/groups:
+    get:
+      summary: List all Groups
+      description: Lists all groups with pagination support. A subset of groups can be returned that match a supported filter expression or query.
+      operationId: listGroups
+      parameters:
+        - name: q
+          in: query
+          description: Searches the name property of groups for matching value
+          schema:
+            type: string
+        - name: filter
+          in: query
+          description: Filter expression for groups
+          schema:
+            type: string
+        - name: after
+          in: query
+          description: Specifies the pagination cursor for the next page of groups
+          schema:
+            type: string
+        - name: limit
+          in: query
+          description: Specifies the number of group results in a page
+          schema:
+            type: integer
+            format: int32
+            default: 10000
+        - name: expand
+          in: query
+          description: If specified, it causes additional metadata to be included in the response.
+          schema:
+            type: string
+        - name: search
+          in: query
+          description: Searches for groups with a supported filtering expression for all attributes except for _embedded, _links, and objectClass
+          schema:
+            type: string
+        - name: sortBy
+          in: query
+          description: Specifies field to sort by and can be any single property (for search queries only).
+          schema:
+            type: string
+            example: lastUpdated
+        - name: sortOrder
+          in: query
+          description: |-
+            Specifies sort order `asc` or `desc` (for search queries only). This parameter is ignored if `sortBy` is not present.
+            Groups with the same value for the `sortBy` parameter are ordered by `id`.
+          schema:
+            type: string
+            default: asc
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Group'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.groups.read
+      tags:
+        - Group
+    post:
+      summary: Create a Group
+      description: Creates a new group with `OKTA_GROUP` type
+      operationId: createGroup
+      x-codegen-request-body-name: group
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/Group'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Group'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.groups.manage
+      tags:
+        - Group
+  /api/v1/groups/rules:
+    get:
+      summary: List all Group Rules
+      description: Lists all group rules
+      operationId: listGroupRules
+      parameters:
+        - name: limit
+          in: query
+          description: Specifies the number of rule results in a page
+          schema:
+            type: integer
+            format: int32
+            default: 50
+        - name: after
+          in: query
+          description: Specifies the pagination cursor for the next page of rules
+          schema:
+            type: string
+        - name: search
+          in: query
+          description: Specifies the keyword to search fules for
+          schema:
+            type: string
+        - name: expand
+          in: query
+          description: If specified as `groupIdToGroupNameMap`, then show group names
+          schema:
+            type: string
+          x-okta-added-version: 1.3.0
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/GroupRule'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.groups.read
+      tags:
+        - Group
+    post:
+      summary: Create a Group Rule
+      description: Creates a group rule to dynamically add users to the specified group if they match the condition
+      operationId: createGroupRule
+      x-codegen-request-body-name: groupRule
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/GroupRule'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GroupRule'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.groups.manage
+      tags:
+        - Group
+  /api/v1/groups/rules/{groupRuleId}:
+    parameters:
+      - $ref: '#/components/parameters/pathGroupRuleId'
+    get:
+      summary: Retrieve a Group Rule
+      description: Retrieves a specific group rule by `groupRuleId`
+      operationId: getGroupRule
+      parameters:
+        - name: expand
+          in: query
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GroupRule'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.groups.read
+      tags:
+        - Group
+    put:
+      summary: Replace a Group Rule
+      description: Replaces a group rule. Only `INACTIVE` rules can be updated.
+      operationId: replaceGroupRule
+      x-codegen-request-body-name: groupRule
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/GroupRule'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GroupRule'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.groups.manage
+      tags:
+        - Group
+    delete:
+      summary: Delete a group Rule
+      description: Deletes a specific group rule by `groupRuleId`
+      operationId: deleteGroupRule
+      parameters:
+        - name: removeUsers
+          in: query
+          description: Indicates whether to keep or remove users from groups assigned by this rule.
+          schema:
+            type: boolean
+      responses:
+        '202':
+          description: Accepted
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.groups.manage
+      tags:
+        - Group
+  /api/v1/groups/rules/{groupRuleId}/lifecycle/activate:
+    parameters:
+      - $ref: '#/components/parameters/pathGroupRuleId'
+    post:
+      summary: Activate a Group Rule
+      description: Activates a specific group rule by `groupRuleId`
+      operationId: activateGroupRule
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.groups.manage
+      tags:
+        - Group
+  /api/v1/groups/rules/{groupRuleId}/lifecycle/deactivate:
+    parameters:
+      - $ref: '#/components/parameters/pathGroupRuleId'
+    post:
+      summary: Deactivate a Group Rule
+      description: Deactivates a specific group rule by `groupRuleId`
+      operationId: deactivateGroupRule
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.groups.manage
+      tags:
+        - Group
+  /api/v1/groups/{groupId}:
+    parameters:
+      - $ref: '#/components/parameters/pathGroupId'
+    get:
+      summary: Retrieve a Group
+      description: Retrieves a group by `groupId`
+      operationId: getGroup
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Group'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.groups.read
+      tags:
+        - Group
+    put:
+      summary: Replace a Group
+      description: Replaces the profile for a group with `OKTA_GROUP` type
+      operationId: replaceGroup
+      x-codegen-request-body-name: group
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/Group'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Group'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.groups.manage
+      tags:
+        - Group
+    delete:
+      summary: Delete a Group
+      description: Deletes a group with `OKTA_GROUP` type
+      operationId: deleteGroup
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.groups.manage
+      tags:
+        - Group
+  /api/v1/groups/{groupId}/apps:
+    parameters:
+      - $ref: '#/components/parameters/pathGroupId'
+    get:
+      summary: List all Assigned Applications
+      description: Lists all applications that are assigned to a group
+      operationId: listAssignedApplicationsForGroup
+      parameters:
+        - name: after
+          in: query
+          description: Specifies the pagination cursor for the next page of apps
+          schema:
+            type: string
+        - name: limit
+          in: query
+          description: Specifies the number of app results for a page
+          schema:
+            type: integer
+            format: int32
+            default: 20
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Application'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.groups.read
+      tags:
+        - Group
+  /api/v1/groups/{groupId}/owners:
+    parameters:
+      - $ref: '#/components/parameters/pathGroupId'
+    get:
+      summary: List all Group Owners
+      description: Lists all owners for a specific group
+      operationId: listGroupOwners
+      parameters:
+        - name: filter
+          in: query
+          description: SCIM Filter expression for group owners. Allows to filter owners by type.
+          schema:
+            type: string
+        - name: after
+          in: query
+          description: Specifies the pagination cursor for the next page of owners
+          schema:
+            type: string
+        - name: limit
+          in: query
+          description: Specifies the number of owner results in a page
+          schema:
+            type: integer
+            format: int32
+            default: 1000
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/GroupOwner'
+              examples:
+                ListsOneOwnerOfaGroup:
+                  $ref: '#/components/examples/ListsOwnerOneResponse'
+                ListsMultipleOwnersOfaGroup:
+                  $ref: '#/components/examples/ListsOwnersMultipleResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.groups.read
+      tags:
+        - Group
+    post:
+      summary: Assign a Group Owner
+      description: Assigns a group owner
+      operationId: assignGroupOwner
+      parameters:
+        - name: groupId
+          in: path
+          required: true
+          schema:
+            type: string
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AssignGroupOwnerRequestBody'
+            examples:
+              AssignAGroupOwner:
+                $ref: '#/components/examples/AssignGroupOwnerRequest'
+        required: true
+      responses:
+        '201':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GroupOwner'
+              examples:
+                AssignAGroupOwner:
+                  $ref: '#/components/examples/AssignGroupOwnerResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.groups.manage
+      tags:
+        - Group
+  /api/v1/groups/{groupId}/owners/{ownerId}:
+    parameters:
+      - $ref: '#/components/parameters/pathGroupId'
+      - $ref: '#/components/parameters/pathOwnerId'
+    delete:
+      summary: Delete a Group Owner
+      description: Deletes a group owner from a specific group
+      operationId: deleteGroupOwner
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.groups.manage
+      tags:
+        - Group
+  /api/v1/groups/{groupId}/roles:
+    parameters:
+      - $ref: '#/components/parameters/pathGroupId'
+    get:
+      summary: List all Assigned Roles of Group
+      description: Lists all assigned roles of group identified by `groupId`
+      operationId: listGroupAssignedRoles
+      parameters:
+        - name: expand
+          in: query
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Role'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - RoleAssignment
+    post:
+      summary: Assign a Role to a Group
+      description: Assigns a role to a group
+      operationId: assignRoleToGroup
+      parameters:
+        - name: disableNotifications
+          in: query
+          description: Setting this to `true` grants the group third-party admin status
+          schema:
+            type: boolean
+      x-codegen-request-body-name: assignRoleRequest
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AssignRoleRequest'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Role'
+        '201':
+          description: Success
+          content: {}
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - RoleAssignment
+  /api/v1/groups/{groupId}/roles/{roleId}:
+    parameters:
+      - $ref: '#/components/parameters/pathGroupId'
+      - $ref: '#/components/parameters/pathRoleId'
+    get:
+      summary: Retrieve a Role assigned to Group
+      description: Retrieves a role identified by `roleId` assigned to group identified by `groupId`
+      operationId: getGroupAssignedRole
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Role'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - RoleAssignment
+    delete:
+      summary: Unassign a Role from a Group
+      description: Unassigns a role identified by `roleId` assigned to group identified by `groupId`
+      operationId: unassignRoleFromGroup
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - RoleAssignment
+  /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps:
+    parameters:
+      - $ref: '#/components/parameters/pathGroupId'
+      - $ref: '#/components/parameters/pathRoleId'
+    get:
+      summary: List all Application Targets for an Application Administrator Role
+      description: Lists all App targets for an `APP_ADMIN` Role assigned to a Group. This methods return list may include full Applications or Instances. The response for an instance will have an `ID` value, while Application will not have an ID.
+      operationId: listApplicationTargetsForApplicationAdministratorRoleForGroup
+      parameters:
+        - name: after
+          in: query
+          schema:
+            type: string
+        - name: limit
+          in: query
+          schema:
+            type: integer
+            format: int32
+            default: 20
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/CatalogApplication'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - RoleTarget
+  /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}:
+    parameters:
+      - $ref: '#/components/parameters/pathGroupId'
+      - $ref: '#/components/parameters/pathRoleId'
+      - $ref: '#/components/parameters/pathAppName'
+    put:
+      summary: Assign an Application Target to Administrator Role
+      description: Assigns an application target to administrator role
+      operationId: assignAppTargetToAdminRoleForGroup
+      responses:
+        '200':
+          description: Success
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - RoleTarget
+    delete:
+      summary: Unassign an Application Target from Application Administrator Role
+      description: Unassigns an application target from application administrator role
+      operationId: unassignAppTargetToAdminRoleForGroup
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - RoleTarget
+  /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{appId}:
+    parameters:
+      - $ref: '#/components/parameters/pathGroupId'
+      - $ref: '#/components/parameters/pathRoleId'
+      - $ref: '#/components/parameters/pathAppName'
+      - $ref: '#/components/parameters/pathAppId'
+    put:
+      summary: Assign an Application Instance Target to Application Administrator Role
+      description: Assigns App Instance Target to App Administrator Role given to a Group
+      operationId: assignAppInstanceTargetToAppAdminRoleForGroup
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - RoleTarget
+    delete:
+      summary: Unassign an Application Instance Target from an Application Administrator Role
+      description: Unassigns an application instance target from application administrator role
+      operationId: unassignAppInstanceTargetToAppAdminRoleForGroup
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - RoleTarget
+  /api/v1/groups/{groupId}/roles/{roleId}/targets/groups:
+    parameters:
+      - $ref: '#/components/parameters/pathGroupId'
+      - $ref: '#/components/parameters/pathRoleId'
+    get:
+      summary: List all Group Targets for a Group Role
+      description: Lists all group targets for a group role
+      operationId: listGroupTargetsForGroupRole
+      parameters:
+        - name: after
+          in: query
+          schema:
+            type: string
+        - name: limit
+          in: query
+          schema:
+            type: integer
+            format: int32
+            default: 20
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Group'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - RoleTarget
+  /api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}:
+    parameters:
+      - $ref: '#/components/parameters/pathGroupId'
+      - $ref: '#/components/parameters/pathRoleId'
+      - $ref: '#/components/parameters/pathTargetGroupId'
+    put:
+      summary: Assign a Group Target to a Group Role
+      description: Assigns a group target to a group role
+      operationId: assignGroupTargetToGroupAdminRole
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - RoleTarget
+    delete:
+      summary: Unassign a Group Target from a Group Role
+      description: Unassigns a group target from a group role
+      operationId: unassignGroupTargetFromGroupAdminRole
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - RoleTarget
+  /api/v1/groups/{groupId}/users:
+    parameters:
+      - $ref: '#/components/parameters/pathGroupId'
+    get:
+      summary: List all Member Users
+      description: Lists all users that are a member of a group
+      operationId: listGroupUsers
+      parameters:
+        - name: after
+          in: query
+          description: Specifies the pagination cursor for the next page of users
+          schema:
+            type: string
+        - name: limit
+          in: query
+          description: Specifies the number of user results in a page
+          schema:
+            type: integer
+            format: int32
+            default: 1000
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/User'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.groups.read
+      tags:
+        - Group
+  /api/v1/groups/{groupId}/users/{userId}:
+    parameters:
+      - $ref: '#/components/parameters/pathGroupId'
+      - $ref: '#/components/parameters/pathUserId'
+    put:
+      summary: Assign a User
+      description: Assigns a user to a group with 'OKTA_GROUP' type
+      operationId: assignUserToGroup
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.groups.manage
+      tags:
+        - Group
+    delete:
+      summary: Unassign a User
+      description: Unassigns a user from a group with 'OKTA_GROUP' type
+      operationId: unassignUserFromGroup
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.groups.manage
+      tags:
+        - Group
+  /api/v1/hook-keys:
+    get:
+      summary: List all keys
+      description: Lists all keys
+      operationId: listHookKeys
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/HookKey'
+              examples:
+                ResponseExample:
+                  $ref: '#/components/examples/ListAllKeysResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.inlineHooks.read
+      tags:
+        - HookKey
+    post:
+      summary: Create a key
+      description: |
+        Creates a key for use with other parts of the application, such as inline hooks
+
+        Use the key name to access this key for inline hook operations.
+
+        The total number of keys that you can create in an Okta org is limited to 50.
+      operationId: createHookKey
+      x-codegen-request-body-name: keyRequest
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/KeyRequest'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/HookKey'
+              examples:
+                ResponseExample:
+                  $ref: '#/components/examples/CreateHookKeyResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.inlineHooks.manage
+      tags:
+        - HookKey
+  /api/v1/hook-keys/public/{publicKeyId}:
+    parameters:
+      - $ref: '#/components/parameters/pathPublicKeyId'
+    get:
+      summary: Retrieve a public key
+      description: Retrieves a public key by `keyId`
+      operationId: getPublicKey
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JsonWebKey'
+              examples:
+                ResponseExample:
+                  $ref: '#/components/examples/RetrievePublicKeyResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.inlineHooks.read
+      tags:
+        - HookKey
+  /api/v1/hook-keys/{hookKeyId}:
+    parameters:
+      - $ref: '#/components/parameters/pathHookKeyId'
+    get:
+      summary: Retrieve a key
+      description: Retrieves a key by `hookKeyId`
+      operationId: getHookKey
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/HookKey'
+                examples:
+                  ResponseExample:
+                    $ref: '#/components/examples/RetrieveKeyResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.inlineHooks.read
+      tags:
+        - HookKey
+    put:
+      summary: Replace a key
+      description: |
+        Replaces a key by `hookKeyId`
+
+        This request replaces existing properties after passing validation.
+
+        Note: The only parameter that you can update is the name of the key, which must be unique at all times.
+      operationId: replaceHookKey
+      x-codegen-request-body-name: keyRequest
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/KeyRequest'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/HookKey'
+                examples:
+                  ResponseExample:
+                    $ref: '#/components/examples/ReplaceKeyResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.inlineHooks.manage
+      tags:
+        - HookKey
+    delete:
+      summary: Delete a key
+      description: |
+        Deletes a key by `hookKeyId`. After being deleted, the key is unrecoverable.
+
+        As a safety precaution, only keys that aren't being used are eligible for deletion.
+      operationId: deleteHookKey
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.inlineHooks.manage
+      tags:
+        - HookKey
+  /api/v1/iam/assignees/users:
+    get:
+      summary: List all Users with Role Assignments
+      description: Lists all users with Role Assignments
+      operationId: listUsersWithRoleAssignments
+      parameters:
+        - name: after
+          in: query
+          schema:
+            type: string
+        - name: limit
+          in: query
+          description: Specifies the number of results returned. Defaults to `100`.
+          schema:
+            type: integer
+            format: int32
+            default: 100
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RoleAssignedUsers'
+              examples:
+                User List:
+                  $ref: '#/components/examples/RoleAssignedUsersResponseExample'
+        '403':
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - RoleAssignment
+  /api/v1/iam/resource-sets:
+    get:
+      summary: List all Resource Sets
+      description: Lists all Resource Sets with pagination support
+      operationId: listResourceSets
+      parameters:
+        - $ref: '#/components/parameters/queryAfter'
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ResourceSets'
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/ResourceSetsResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - ResourceSet
+    post:
+      summary: Create a Resource Set
+      description: Creates a new Resource Set
+      operationId: createResourceSet
+      x-codegen-request-body-name: instance
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CreateResourceSetRequest'
+            examples:
+              Example Request:
+                $ref: '#/components/examples/ResourceSetRequest'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ResourceSet'
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/ResourceSetResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - ResourceSet
+  /api/v1/iam/resource-sets/{resourceSetId}:
+    parameters:
+      - $ref: '#/components/parameters/pathResourceSetId'
+    get:
+      summary: Retrieve a Resource Set
+      description: Retrieves a Resource Set by `resourceSetId`
+      operationId: getResourceSet
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ResourceSet'
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/ResourceSetResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - ResourceSet
+    put:
+      summary: Replace a Resource Set
+      description: Replaces a Resource Set by `resourceSetId`
+      operationId: replaceResourceSet
+      x-codegen-request-body-name: instance
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ResourceSet'
+            examples:
+              Example Request:
+                $ref: '#/components/examples/ResourceSetRequest'
+        required: true
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ResourceSet'
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/ResourceSetResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - ResourceSet
+    delete:
+      summary: Delete a Resource Set
+      description: Deletes a role by `resourceSetId`
+      operationId: deleteResourceSet
+      responses:
+        '204':
+          description: No Content
+        '403':
+          description: Forbidden
+          headers: {}
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - ResourceSet
+  /api/v1/iam/resource-sets/{resourceSetId}/bindings:
+    parameters:
+      - $ref: '#/components/parameters/pathResourceSetId'
+    get:
+      summary: List all Bindings
+      description: Lists all Resource Set bindings with pagination support
+      operationId: listBindings
+      parameters:
+        - $ref: '#/components/parameters/queryAfter'
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ResourceSetBindings'
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/ResourceSetBindingsResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - ResourceSet
+    post:
+      summary: Create a Resource Set Binding
+      description: Creates a new Resource Set binding
+      operationId: createResourceSetBinding
+      x-codegen-request-body-name: instance
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ResourceSetBindingCreateRequest'
+            examples:
+              Example Request:
+                $ref: '#/components/examples/ResourceSetBindingCreateRequestExample'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ResourceSetBindingResponse'
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/ResourceSetBindingResponseExample'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - ResourceSet
+  /api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}:
+    parameters:
+      - $ref: '#/components/parameters/pathResourceSetId'
+      - $ref: '#/components/parameters/pathRoleIdOrLabel'
+    get:
+      summary: Retrieve a Binding
+      description: Retrieves a Resource Set binding by `resourceSetId` and `roleIdOrLabel`
+      operationId: getBinding
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ResourceSetBindingResponse'
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/ResourceSetBindingResponseWithIdExample'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - ResourceSet
+    delete:
+      summary: Delete a Binding
+      description: Deletes a Resource Set binding by `resourceSetId` and `roleIdOrLabel`
+      operationId: deleteBinding
+      responses:
+        '204':
+          description: No Content
+        '403':
+          description: Forbidden
+          headers: {}
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - ResourceSet
+  /api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members:
+    parameters:
+      - $ref: '#/components/parameters/pathResourceSetId'
+      - $ref: '#/components/parameters/pathRoleIdOrLabel'
+    get:
+      summary: List all Members of a binding
+      description: Lists all members of a Resource Set binding with pagination support
+      operationId: listMembersOfBinding
+      parameters:
+        - $ref: '#/components/parameters/queryAfter'
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ResourceSetBindingMembers'
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/ResourceSetBindingMembersResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - ResourceSet
+    patch:
+      summary: Add more Members to a binding
+      description: Adds more members to a Resource Set binding
+      operationId: addMembersToBinding
+      x-codegen-request-body-name: instance
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ResourceSetBindingAddMembersRequest'
+            examples:
+              Example Request:
+                $ref: '#/components/examples/ResourceSetBindingAddMembersRequestExample'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ResourceSetBindingResponse'
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/ResourceSetBindingResponseExample'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - ResourceSet
+  /api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members/{memberId}:
+    parameters:
+      - $ref: '#/components/parameters/pathResourceSetId'
+      - $ref: '#/components/parameters/pathRoleIdOrLabel'
+      - $ref: '#/components/parameters/pathMemberId'
+    get:
+      summary: Retrieve a Member of a binding
+      description: Retrieves a member identified by `memberId` for a binding
+      operationId: getMemberOfBinding
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ResourceSetBindingMember'
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/ResourceSetBindingMemberResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - ResourceSet
+    delete:
+      summary: Unassign a Member from a binding
+      description: Unassigns a member identified by `memberId` from a binding
+      operationId: unassignMemberFromBinding
+      x-codegen-request-body-name: instance
+      responses:
+        '204':
+          description: No Content
+        '403':
+          description: Forbidden
+          headers: {}
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - ResourceSet
+  /api/v1/iam/resource-sets/{resourceSetId}/resources:
+    parameters:
+      - $ref: '#/components/parameters/pathResourceSetId'
+    get:
+      summary: List all Resources of a Resource Set
+      description: Lists all resources that make up the Resource Set
+      operationId: listResourceSetResources
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ResourceSetResources'
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/ResourceSetResourcesResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - ResourceSet
+    patch:
+      summary: Add more Resource to a Resource Set
+      description: Adds more resources to a Resource Set
+      operationId: addResourceSetResource
+      x-codegen-request-body-name: instance
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ResourceSetResourcePatchRequest'
+            examples:
+              Example Request:
+                $ref: '#/components/examples/ResourceSetResourcePatchRequestExample'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ResourceSet'
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/ResourceSetResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - ResourceSet
+  /api/v1/iam/resource-sets/{resourceSetId}/resources/{resourceId}:
+    parameters:
+      - $ref: '#/components/parameters/pathResourceSetId'
+      - $ref: '#/components/parameters/pathResourceId'
+    delete:
+      summary: Delete a Resource from a Resource Set
+      description: Deletes a resource identified by `resourceId` from a Resource Set
+      operationId: deleteResourceSetResource
+      responses:
+        '204':
+          description: No Content
+        '403':
+          description: Forbidden
+          headers: {}
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - ResourceSet
+  /api/v1/iam/roles:
+    get:
+      summary: List all Roles
+      description: Lists all roles with pagination support
+      operationId: listRoles
+      parameters:
+        - $ref: '#/components/parameters/queryAfter'
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/IamRoles'
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/RolesResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - Role
+    post:
+      summary: Create a Role
+      description: Creates a new role
+      operationId: createRole
+      x-codegen-request-body-name: instance
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CreateIamRoleRequest'
+            examples:
+              Example Request:
+                $ref: '#/components/examples/RoleRequest'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/IamRole'
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/RoleResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - Role
+  /api/v1/iam/roles/{roleIdOrLabel}:
+    parameters:
+      - $ref: '#/components/parameters/pathRoleIdOrLabel'
+    get:
+      summary: Retrieve a Role
+      description: Retrieves a role by `roleIdOrLabel`
+      operationId: getRole
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/IamRole'
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/RoleResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - Role
+    put:
+      summary: Replace a Role
+      description: Replaces a role by `roleIdOrLabel`
+      operationId: replaceRole
+      x-codegen-request-body-name: instance
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UpdateIamRoleRequest'
+            examples:
+              Example Request:
+                $ref: '#/components/examples/RoleRequest'
+        required: true
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/IamRole'
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/RoleResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - Role
+    delete:
+      summary: Delete a Role
+      description: Deletes a role by `roleIdOrLabel`
+      operationId: deleteRole
+      responses:
+        '204':
+          description: No Content
+        '403':
+          description: Forbidden
+          headers: {}
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - Role
+  /api/v1/iam/roles/{roleIdOrLabel}/permissions:
+    parameters:
+      - $ref: '#/components/parameters/pathRoleIdOrLabel'
+    get:
+      summary: List all Permissions
+      description: Lists all permissions of the role by `roleIdOrLabel`
+      operationId: listRolePermissions
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Permissions'
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/PermissionsResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - Role
+  /api/v1/iam/roles/{roleIdOrLabel}/permissions/{permissionType}:
+    parameters:
+      - $ref: '#/components/parameters/pathRoleIdOrLabel'
+      - $ref: '#/components/parameters/pathPermissionType'
+    get:
+      summary: Retrieve a Permission
+      description: Retrieves a permission by `permissionType`
+      operationId: getRolePermission
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Permission'
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/PermissionResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - Role
+    post:
+      summary: Create a Permission
+      description: Creates a permission specified by `permissionType` to the role
+      operationId: createRolePermission
+      x-codegen-request-body-name: instance
+      requestBody:
+        x-okta-lifecycle:
+          features:
+            - CUSTOM_ADMIN_ROLES_CONDITIONS
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CreateUpdateIamRolePermissionRequest'
+            examples:
+              Example Request:
+                $ref: '#/components/examples/CreateUpdateIamRolePermissionRequestExample'
+        required: false
+      responses:
+        '204':
+          description: No Content
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - Role
+    put:
+      x-okta-lifecycle:
+        features:
+          - CUSTOM_ADMIN_ROLES_CONDITIONS
+      summary: Replace a Permission
+      description: Replaces a permission specified by `permissionType` in the role
+      operationId: replaceRolePermission
+      x-codegen-request-body-name: instance
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CreateUpdateIamRolePermissionRequest'
+            examples:
+              Example Request:
+                $ref: '#/components/examples/CreateUpdateIamRolePermissionRequestExample'
+        required: false
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Permission'
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/PermissionResponseWithConditions'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - Role
+    delete:
+      summary: Delete a Permission
+      description: Deletes a permission from a role by `permissionType`
+      operationId: deleteRolePermission
+      responses:
+        '204':
+          description: No Content
+        '403':
+          description: Forbidden
+          headers: {}
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - Role
+  /api/v1/identity-sources/{identitySourceId}/sessions:
+    parameters:
+      - $ref: '#/components/parameters/pathIdentitySourceId'
+    get:
+      summary: List all Identity Source Sessions
+      description: Lists all identity source sessions for the given identity source instance
+      operationId: listIdentitySourceSessions
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/IdentitySourceSession'
+              examples:
+                sessionsList:
+                  $ref: '#/components/examples/ListSessionsResponseForGetSessions'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.identitySources.read
+      tags:
+        - IdentitySource
+    post:
+      summary: Create an Identity Source Session
+      description: Creates an identity source session for the given identity source instance
+      operationId: createIdentitySourceSession
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: object
+                items:
+                  $ref: '#/components/schemas/IdentitySourceSession'
+              examples:
+                sessionsList:
+                  $ref: '#/components/examples/ListSessionsResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.identitySources.manage
+      tags:
+        - IdentitySource
+  /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}:
+    parameters:
+      - $ref: '#/components/parameters/pathIdentitySourceId'
+      - $ref: '#/components/parameters/pathIdentitySourceSessionId'
+    get:
+      summary: Retrieve an Identity Source Session
+      description: Retrieves an identity source session for a given identity source id and session id
+      operationId: getIdentitySourceSession
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/IdentitySourceSession'
+              examples:
+                Session:
+                  $ref: '#/components/examples/ListSessionsResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.identitySources.read
+      tags:
+        - IdentitySource
+    delete:
+      summary: Delete an Identity Source Session
+      description: Deletes an identity source session for a given `identitySourceId` and `sessionId`
+      operationId: deleteIdentitySourceSession
+      responses:
+        '204':
+          description: No Content
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.identitySources.manage
+      tags:
+        - IdentitySource
+  /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/bulk-delete:
+    parameters:
+      - $ref: '#/components/parameters/pathIdentitySourceId'
+      - $ref: '#/components/parameters/pathIdentitySourceSessionId'
+    post:
+      summary: Upload the data to be deleted in Okta
+      description: Uploads entities that need to be deleted in Okta from the identity source for the given session
+      operationId: uploadIdentitySourceDataForDelete
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/BulkDeleteRequestBody'
+      responses:
+        '202':
+          description: Accepted
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.identitySources.manage
+      tags:
+        - IdentitySource
+  /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/bulk-upsert:
+    parameters:
+      - $ref: '#/components/parameters/pathIdentitySourceId'
+      - $ref: '#/components/parameters/pathIdentitySourceSessionId'
+    post:
+      summary: Upload the data to be upserted in Okta
+      description: Uploads entities that need to be upserted in Okta from the identity source for the given session
+      operationId: uploadIdentitySourceDataForUpsert
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/BulkUpsertRequestBody'
+      responses:
+        '202':
+          description: Accepted
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.identitySources.manage
+      tags:
+        - IdentitySource
+  /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/start-import:
+    parameters:
+      - $ref: '#/components/parameters/pathIdentitySourceId'
+      - $ref: '#/components/parameters/pathIdentitySourceSessionId'
+    post:
+      summary: Start the import from the Identity Source
+      description: Starts the import from the identity source described by the uploaded bulk operations
+      operationId: startImportFromIdentitySource
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: object
+                items:
+                  $ref: '#/components/schemas/IdentitySourceSession'
+              examples:
+                sessionsList:
+                  $ref: '#/components/examples/TriggerSessionResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.identitySources.manage
+      tags:
+        - IdentitySource
+  /api/v1/idps:
+    get:
+      summary: List all Identity Providers
+      description: Lists all identity provider integrations with pagination. A subset of IdPs can be returned that match a supported filter expression or query.
+      operationId: listIdentityProviders
+      parameters:
+        - name: q
+          in: query
+          description: Searches the name property of IdPs for matching value
+          schema:
+            type: string
+        - name: after
+          in: query
+          description: Specifies the pagination cursor for the next page of IdPs
+          schema:
+            type: string
+        - name: limit
+          in: query
+          description: Specifies the number of IdP results in a page
+          schema:
+            type: integer
+            format: int32
+            default: 20
+        - name: type
+          in: query
+          description: Filters IdPs by type
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/IdentityProvider'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.idps.read
+      tags:
+        - IdentityProvider
+    post:
+      summary: Create an Identity Provider
+      description: Creates a new identity provider integration
+      operationId: createIdentityProvider
+      x-codegen-request-body-name: identityProvider
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/IdentityProvider'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/IdentityProvider'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.idps.manage
+      tags:
+        - IdentityProvider
+  /api/v1/idps/credentials/keys:
+    get:
+      summary: List all Credential Keys
+      description: Lists all IdP key credentials
+      operationId: listIdentityProviderKeys
+      parameters:
+        - name: after
+          in: query
+          description: Specifies the pagination cursor for the next page of keys
+          schema:
+            type: string
+        - name: limit
+          in: query
+          description: Specifies the number of key results in a page
+          schema:
+            type: integer
+            format: int32
+            default: 20
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/JsonWebKey'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.idps.read
+      tags:
+        - IdentityProvider
+    post:
+      summary: Create an X.509 Certificate Public Key
+      description: Creates a new X.509 certificate credential to the IdP key store.
+      operationId: createIdentityProviderKey
+      x-codegen-request-body-name: jsonWebKey
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/JsonWebKey'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JsonWebKey'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.idps.manage
+      tags:
+        - IdentityProvider
+  /api/v1/idps/credentials/keys/{idpKeyId}:
+    parameters:
+      - $ref: '#/components/parameters/pathIdpKeyId'
+    get:
+      summary: Retrieve an Credential Key
+      description: Retrieves a specific IdP Key Credential by `kid`
+      operationId: getIdentityProviderKey
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JsonWebKey'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.idps.read
+      tags:
+        - IdentityProvider
+    delete:
+      summary: Delete a Signing Credential Key
+      description: Deletes a specific IdP Key Credential by `kid` if it is not currently being used by an Active or Inactive IdP
+      operationId: deleteIdentityProviderKey
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.idps.manage
+      tags:
+        - IdentityProvider
+  /api/v1/idps/{idpId}:
+    parameters:
+      - $ref: '#/components/parameters/pathIdpId'
+    get:
+      summary: Retrieve an Identity Provider
+      description: Retrieves an identity provider integration by `idpId`
+      operationId: getIdentityProvider
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/IdentityProvider'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.idps.read
+      tags:
+        - IdentityProvider
+    put:
+      summary: Replace an Identity Provider
+      description: Replaces an identity provider integration by `idpId`
+      operationId: replaceIdentityProvider
+      x-codegen-request-body-name: identityProvider
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/IdentityProvider'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/IdentityProvider'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.idps.manage
+      tags:
+        - IdentityProvider
+    delete:
+      summary: Delete an Identity Provider
+      description: Deletes an identity provider integration by `idpId`
+      operationId: deleteIdentityProvider
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.idps.manage
+      tags:
+        - IdentityProvider
+  /api/v1/idps/{idpId}/credentials/csrs:
+    parameters:
+      - $ref: '#/components/parameters/pathIdpId'
+    get:
+      summary: List all Certificate Signing Requests
+      description: Lists all Certificate Signing Requests for an IdP
+      operationId: listCsrsForIdentityProvider
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Csr'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.idps.read
+      tags:
+        - IdentityProvider
+    post:
+      summary: Generate a Certificate Signing Request
+      description: Generates a new key pair and returns a Certificate Signing Request for it
+      operationId: generateCsrForIdentityProvider
+      x-codegen-request-body-name: metadata
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CsrMetadata'
+        required: true
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Csr'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.idps.manage
+      tags:
+        - IdentityProvider
+  /api/v1/idps/{idpId}/credentials/csrs/{idpCsrId}:
+    parameters:
+      - $ref: '#/components/parameters/pathIdpId'
+      - $ref: '#/components/parameters/pathIdpCsrId'
+    get:
+      summary: Retrieve a Certificate Signing Request
+      description: Retrieves a specific Certificate Signing Request model by id
+      operationId: getCsrForIdentityProvider
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Csr'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.idps.read
+      tags:
+        - IdentityProvider
+    delete:
+      summary: Revoke a Certificate Signing Request
+      description: Revokes a certificate signing request and deletes the key pair from the IdP
+      operationId: revokeCsrForIdentityProvider
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.idps.manage
+      tags:
+        - IdentityProvider
+  /api/v1/idps/{idpId}/credentials/csrs/{idpCsrId}/lifecycle/publish:
+    parameters:
+      - $ref: '#/components/parameters/pathIdpId'
+      - $ref: '#/components/parameters/pathIdpCsrId'
+    post:
+      summary: Publish a Certificate Signing Request
+      description: Publishes a certificate signing request with a signed X.509 certificate and adds it into the signing key credentials for the IdP
+      operationId: publishCsrForIdentityProvider
+      requestBody:
+        required: true
+        content:
+          application/x-x509-ca-cert:
+            schema:
+              type: string
+              format: binary
+              x-okta-operationId: publishBinaryCerCertForIdentityProvider
+          application/pkix-cert:
+            schema:
+              type: string
+              format: binary
+              x-okta-operationId: publishBinaryDerCertForIdentityProvider
+          application/x-pem-file:
+            schema:
+              type: string
+              format: binary
+              x-okta-operationId: publishBinaryPemCertForIdentityProvider
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JsonWebKey'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.idps.manage
+      tags:
+        - IdentityProvider
+  /api/v1/idps/{idpId}/credentials/keys:
+    parameters:
+      - $ref: '#/components/parameters/pathIdpId'
+    get:
+      summary: List all Signing Credential Keys
+      description: Lists all signing key credentials for an IdP
+      operationId: listIdentityProviderSigningKeys
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/JsonWebKey'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.idps.read
+      tags:
+        - IdentityProvider
+  /api/v1/idps/{idpId}/credentials/keys/generate:
+    parameters:
+      - $ref: '#/components/parameters/pathIdpId'
+    post:
+      summary: Generate a new Signing Credential Key
+      description: Generates a new X.509 certificate for an IdP signing key credential to be used for signing assertions sent to the IdP
+      operationId: generateIdentityProviderSigningKey
+      parameters:
+        - name: validityYears
+          in: query
+          description: expiry of the IdP Key Credential
+          required: true
+          schema:
+            type: integer
+            format: int32
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JsonWebKey'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.idps.manage
+      tags:
+        - IdentityProvider
+  /api/v1/idps/{idpId}/credentials/keys/{idpKeyId}:
+    parameters:
+      - $ref: '#/components/parameters/pathIdpId'
+      - $ref: '#/components/parameters/pathIdpKeyId'
+    get:
+      summary: Retrieve a Signing Credential Key
+      description: Retrieves a specific IdP Key Credential by `kid`
+      operationId: getIdentityProviderSigningKey
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JsonWebKey'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.idps.read
+      tags:
+        - IdentityProvider
+  /api/v1/idps/{idpId}/credentials/keys/{idpKeyId}/clone:
+    parameters:
+      - $ref: '#/components/parameters/pathIdpId'
+      - $ref: '#/components/parameters/pathIdpKeyId'
+    post:
+      summary: Clone a Signing Credential Key
+      description: Clones a X.509 certificate for an IdP signing key credential from a source IdP to target IdP
+      operationId: cloneIdentityProviderKey
+      parameters:
+        - name: targetIdpId
+          in: query
+          required: true
+          schema:
+            type: string
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JsonWebKey'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.idps.manage
+      tags:
+        - IdentityProvider
+  /api/v1/idps/{idpId}/lifecycle/activate:
+    parameters:
+      - $ref: '#/components/parameters/pathIdpId'
+    post:
+      summary: Activate an Identity Provider
+      description: Activates an inactive IdP
+      operationId: activateIdentityProvider
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/IdentityProvider'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.idps.manage
+      tags:
+        - IdentityProvider
+  /api/v1/idps/{idpId}/lifecycle/deactivate:
+    parameters:
+      - $ref: '#/components/parameters/pathIdpId'
+    post:
+      summary: Deactivate an Identity Provider
+      description: Deactivates an active IdP
+      operationId: deactivateIdentityProvider
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/IdentityProvider'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.idps.manage
+      tags:
+        - IdentityProvider
+  /api/v1/idps/{idpId}/users:
+    parameters:
+      - $ref: '#/components/parameters/pathIdpId'
+    get:
+      summary: List all Users
+      description: Lists all users linked to the identity provider
+      operationId: listIdentityProviderApplicationUsers
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/IdentityProviderApplicationUser'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.idps.read
+      tags:
+        - IdentityProvider
+  /api/v1/idps/{idpId}/users/{userId}:
+    parameters:
+      - $ref: '#/components/parameters/pathIdpId'
+      - $ref: '#/components/parameters/pathUserId'
+    get:
+      summary: Retrieve a User
+      description: Retrieves a linked IdP user by ID
+      operationId: getIdentityProviderApplicationUser
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/IdentityProviderApplicationUser'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.idps.read
+      tags:
+        - IdentityProvider
+    post:
+      summary: Link a User to a Social IdP
+      description: Links an Okta user to an existing Social Identity Provider. This does not support the SAML2 Identity Provider Type
+      operationId: linkUserToIdentityProvider
+      x-codegen-request-body-name: userIdentityProviderLinkRequest
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UserIdentityProviderLinkRequest'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/IdentityProviderApplicationUser'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - IdentityProvider
+    delete:
+      summary: Unlink a User from IdP
+      description: Unlinks the link between the Okta user and the IdP user
+      operationId: unlinkUserFromIdentityProvider
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.idps.manage
+      tags:
+        - IdentityProvider
+  /api/v1/idps/{idpId}/users/{userId}/credentials/tokens:
+    parameters:
+      - $ref: '#/components/parameters/pathIdpId'
+      - $ref: '#/components/parameters/pathUserId'
+    get:
+      summary: List all Tokens from a OIDC Identity Provider
+      description: Lists the tokens minted by the Social Authentication Provider when the user authenticates with Okta via Social Auth
+      operationId: listSocialAuthTokens
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/SocialAuthToken'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.idps.read
+      tags:
+        - IdentityProvider
+  /api/v1/inlineHooks:
+    get:
+      summary: List all Inline Hooks
+      description: Lists all inline hooks
+      operationId: listInlineHooks
+      parameters:
+        - name: type
+          in: query
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/InlineHook'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.inlineHooks.read
+      tags:
+        - InlineHook
+    post:
+      summary: Create an Inline Hook
+      description: Creates an inline hook
+      operationId: createInlineHook
+      x-codegen-request-body-name: inlineHook
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/InlineHook'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/InlineHook'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.inlineHooks.manage
+      tags:
+        - InlineHook
+  /api/v1/inlineHooks/{inlineHookId}:
+    parameters:
+      - $ref: '#/components/parameters/pathInlineHookId'
+    get:
+      summary: Retrieve an Inline Hook
+      description: Retrieves an inline hook by `inlineHookId`
+      operationId: getInlineHook
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/InlineHook'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.inlineHooks.read
+      tags:
+        - InlineHook
+    put:
+      summary: Replace an Inline Hook
+      description: Replaces an inline hook by `inlineHookId`
+      operationId: replaceInlineHook
+      x-codegen-request-body-name: inlineHook
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/InlineHook'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/InlineHook'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.inlineHooks.manage
+      tags:
+        - InlineHook
+    delete:
+      summary: Delete an Inline Hook
+      description: Deletes an inline hook by `inlineHookId`. Once deleted, the Inline Hook is unrecoverable. As a safety precaution, only Inline Hooks with a status of INACTIVE are eligible for deletion.
+      operationId: deleteInlineHook
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.inlineHooks.manage
+      tags:
+        - InlineHook
+  /api/v1/inlineHooks/{inlineHookId}/execute:
+    parameters:
+      - $ref: '#/components/parameters/pathInlineHookId'
+    post:
+      summary: Execute an Inline Hook
+      description: Executes the inline hook by `inlineHookId` using the request body as the input. This will send the provided data through the Channel and return a response if it matches the correct data contract. This execution endpoint should only be used for testing purposes.
+      operationId: executeInlineHook
+      x-codegen-request-body-name: payloadData
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/InlineHookPayload'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/InlineHookResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.inlineHooks.manage
+      tags:
+        - InlineHook
+  /api/v1/inlineHooks/{inlineHookId}/lifecycle/activate:
+    parameters:
+      - $ref: '#/components/parameters/pathInlineHookId'
+    post:
+      summary: Activate an Inline Hook
+      description: Activates the inline hook by `inlineHookId`
+      operationId: activateInlineHook
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/InlineHook'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.inlineHooks.manage
+      tags:
+        - InlineHook
+  /api/v1/inlineHooks/{inlineHookId}/lifecycle/deactivate:
+    parameters:
+      - $ref: '#/components/parameters/pathInlineHookId'
+    post:
+      summary: Deactivate an Inline Hook
+      description: Deactivates the inline hook by `inlineHookId`
+      operationId: deactivateInlineHook
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/InlineHook'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.inlineHooks.manage
+      tags:
+        - InlineHook
+  /api/v1/logStreams:
+    get:
+      summary: List all Log Streams
+      description: Lists all Log Stream objects in your org. You can request a paginated list or a subset of Log Streams that match a supported filter expression.
+      operationId: listLogStreams
+      parameters:
+        - $ref: '#/components/parameters/queryAfter'
+        - $ref: '#/components/parameters/queryLimit'
+        - name: filter
+          in: query
+          description: An expression that [filters](/#filter) the returned objects. You can only use the `eq` operator on either the `status` or `type` properties in the filter expression.
+          schema:
+            type: string
+            example: type eq "aws_eventbridge"
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/LogStream'
+              examples:
+                ExampleGetAllResponse:
+                  $ref: '#/components/examples/LogStreamGetAllResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.logStreams.read
+      tags:
+        - LogStream
+    post:
+      summary: Create a Log Stream
+      description: Creates a new Log Stream object
+      operationId: createLogStream
+      x-codegen-request-body-name: instance
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/LogStream'
+            examples:
+              LogStreamPostRequestExample:
+                $ref: '#/components/examples/LogStreamPostRequest'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/LogStream'
+              examples:
+                LogStreamPostResponseExample:
+                  $ref: '#/components/examples/LogStreamPostResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.logStreams.manage
+      tags:
+        - LogStream
+  /api/v1/logStreams/{logStreamId}:
+    parameters:
+      - $ref: '#/components/parameters/pathLogStreamId'
+    get:
+      summary: Retrieve a Log Stream
+      description: Retrieves a Log Stream object by ID
+      operationId: getLogStream
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/LogStream'
+              examples:
+                LogStreamGetRequestExample:
+                  $ref: '#/components/examples/LogStreamPostResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.logStreams.read
+      tags:
+        - LogStream
+    put:
+      summary: Replace a Log Stream
+      description: |-
+        Replaces the Log Stream object properties for a given ID.
+
+        This operation is typically used to update the configuration of a Log Stream.
+        Depending on the type of Log Stream you want to update, certain properties can't be modified after the Log Stream is initially created.
+        Use the [Retrieve the Log Stream Schema for the schema type](/openapi/okta-management/management/tag/Schema/#tag/Schema/operation/getLogStreamSchema) request to determine which properties you can update for the specific Log Stream type.
+        Log Stream properties with the `"writeOnce" : true` attribute can't be updated after creation.
+        You must still specify these `writeOnce` properties in the request body with the original values in the PUT request.
+
+        > **Note:** You don't have to specify properties that have both the `"writeOnce": true` and the `"writeOnly": true` attributes in the PUT request body. These property values are ignored even if you add them in the PUT request body.
+      operationId: replaceLogStream
+      x-codegen-request-body-name: instance
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/LogStreamPutSchema'
+            examples:
+              LogStreamPutRequestExample:
+                $ref: '#/components/examples/LogStreamPutRequest'
+        required: true
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/LogStream'
+              examples:
+                LogStreamPostResponseExample:
+                  $ref: '#/components/examples/LogStreamPutResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.logStreams.manage
+      tags:
+        - LogStream
+    delete:
+      summary: Delete a Log Stream
+      description: Deletes a Log Stream object from your org by ID
+      operationId: deleteLogStream
+      responses:
+        '204':
+          description: No Content
+        '403':
+          description: Forbidden
+          headers: {}
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.logStreams.manage
+      tags:
+        - LogStream
+  /api/v1/logStreams/{logStreamId}/lifecycle/activate:
+    parameters:
+      - $ref: '#/components/parameters/pathLogStreamId'
+    post:
+      summary: Activate a Log Stream
+      description: Activates a log stream by `logStreamId`
+      operationId: activateLogStream
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/LogStream'
+              examples:
+                LogStreamActivateResponseExample:
+                  $ref: '#/components/examples/LogStreamActivateResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.logStreams.manage
+      tags:
+        - LogStream
+  /api/v1/logStreams/{logStreamId}/lifecycle/deactivate:
+    parameters:
+      - $ref: '#/components/parameters/pathLogStreamId'
+    post:
+      summary: Deactivate a Log Stream
+      description: Deactivates a log stream by `logStreamId`
+      operationId: deactivateLogStream
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/LogStream'
+              examples:
+                LogStreamDeactivateResponseExample:
+                  $ref: '#/components/examples/LogStreamDeactivateResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.logStreams.manage
+      tags:
+        - LogStream
+  /api/v1/logs:
+    get:
+      summary: List all System Log Events
+      description: Lists all system log events. The Okta System Log API provides read access to your organization’s system log. This API provides more functionality than the Events API
+      operationId: listLogEvents
+      parameters:
+        - name: since
+          in: query
+          schema:
+            type: string
+            format: date-time
+        - name: until
+          in: query
+          schema:
+            type: string
+            format: date-time
+        - name: filter
+          in: query
+          schema:
+            type: string
+        - name: q
+          in: query
+          schema:
+            type: string
+        - name: limit
+          in: query
+          schema:
+            type: integer
+            default: 100
+        - name: sortOrder
+          in: query
+          schema:
+            type: string
+            default: ASCENDING
+        - name: after
+          in: query
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/LogEvent'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.logs.read
+      tags:
+        - SystemLog
+  /api/v1/mappings:
+    get:
+      summary: List all Profile Mappings
+      description: |-
+        Lists all profile mappings in your organization with [pagination](https://developer.okta.com/docs/api/#pagination). You can return a subset of profile mappings that match a supported `sourceId` and/or `targetId`.
+        The results are [paginated](/#pagination) according to the limit parameter. If there are multiple pages of results, the Link header contains a `next` link that should be treated as an opaque value (follow it, don't parse it).
+
+        The response is a collection of profile mappings that include a subset of the profile mapping object's parameters. The profile mapping object describes
+        the properties mapping between an Okta User and an App User Profile using [JSON Schema Draft 4](https://datatracker.ietf.org/doc/html/draft-zyp-json-schema-04).
+      operationId: listProfileMappings
+      parameters:
+        - name: after
+          in: query
+          description: Mapping `id` that specifies the pagination cursor for the next page of mappings
+          schema:
+            type: string
+        - name: limit
+          in: query
+          description: Specifies the number of results per page (maximum 200)
+          schema:
+            type: integer
+            format: int32
+            default: 20
+        - name: sourceId
+          in: query
+          description: The UserType or App Instance `id` that acts as the source of expressions in a mapping. If this parameter is included, all returned mappings have this as their `source.id`.
+          schema:
+            type: string
+        - name: targetId
+          in: query
+          description: The UserType or App Instance `id` that acts as the target of expressions in a mapping. If this parameter is included, all returned mappings have this as their `target.id`.
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/ListProfileMappings'
+              examples:
+                MappingList:
+                  summary: List all Profile Mappings response
+                  $ref: '#/components/examples/ListMappingsResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.profileMappings.read
+      tags:
+        - ProfileMapping
+  /api/v1/mappings/{mappingId}:
+    parameters:
+      - $ref: '#/components/parameters/pathMappingId'
+    get:
+      summary: Retrieve a Profile Mapping
+      description: Retrieves a single Profile Mapping referenced by its ID
+      operationId: getProfileMapping
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ProfileMapping'
+              examples:
+                MappingRetrieve:
+                  summary: Retrieve a single Profile Mapping
+                  $ref: '#/components/examples/RetrieveMappingsResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.profileMappings.read
+      tags:
+        - ProfileMapping
+    post:
+      summary: Update a Profile Mapping
+      description: Updates an existing profile mapping by adding, updating, or removing one or many property mappings
+      operationId: updateProfileMapping
+      x-codegen-request-body-name: profileMapping
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ProfileMappingRequest'
+            examples:
+              Addpropertymapping:
+                $ref: '#/components/examples/AddMappingBody'
+              Updatepropertymapping:
+                $ref: '#/components/examples/UpdateMappingBody'
+              Removepropertymapping:
+                $ref: '#/components/examples/RemoveMappingBody'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ProfileMapping'
+              examples:
+                Addpropertymapping:
+                  summary: Update an existing profile mapping by adding one or more properties
+                  $ref: '#/components/examples/AddMappingResponse'
+                Updatepropertymapping:
+                  summary: Update an existing profile mapping by updating one or more properties
+                  $ref: '#/components/examples/UpdateMappingResponse'
+                Removepropertymapping:
+                  summary: Update an existing profile mapping by removing one or more properties
+                  $ref: '#/components/examples/RemoveMappingResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.profileMappings.manage
+      tags:
+        - ProfileMapping
+  /api/v1/meta/layouts/apps/{appName}:
+    parameters:
+      - $ref: '#/components/parameters/pathAppName'
+    get:
+      summary: Retrieve the links for UI schemas for an Application
+      description: Retrieves the links for UI schemas for an Application given `appName`
+      operationId: getAppUISchemaLinks
+      responses:
+        '200':
+          description: successful operation
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApplicationLayouts'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.schemas.read
+      tags:
+        - Schema
+  /api/v1/meta/layouts/apps/{appName}/sections/{section}/{operation}:
+    parameters:
+      - $ref: '#/components/parameters/pathAppName'
+      - $ref: '#/components/parameters/pathSection'
+      - $ref: '#/components/parameters/pathOperation'
+    get:
+      summary: Retrieve the UI schema for a section
+      description: Retrieves the UI schema for an Application given `appName`, `section` and `operation`
+      operationId: getAppUISchema
+      responses:
+        '200':
+          description: successful operation
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApplicationLayout'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.schemas.read
+      tags:
+        - Schema
+  /api/v1/meta/schemas/apps/{appId}/default:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+    get:
+      summary: Retrieve the default Application User Schema for an Application
+      description: Retrieves the Schema for an App User
+      operationId: getApplicationUserSchema
+      responses:
+        '200':
+          description: successful operation
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserSchema'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.schemas.read
+      tags:
+        - Schema
+    post:
+      summary: Update the default Application User Schema for an Application
+      description: Partially updates on the User Profile properties of the Application User Schema
+      operationId: updateApplicationUserProfile
+      x-codegen-request-body-name: body
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UserSchema'
+            examples:
+              Add a custom property to the app user schema:
+                $ref: '#/components/examples/AppUserSchemaAddRequest'
+        required: false
+      responses:
+        '200':
+          description: successful operation
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserSchema'
+              examples:
+                Response with a subset of properties for brevity:
+                  $ref: '#/components/examples/AppUserSchemaResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.schemas.manage
+      tags:
+        - Schema
+  /api/v1/meta/schemas/group/default:
+    get:
+      summary: Retrieve the default Group Schema
+      description: Retrieves the group schema
+      operationId: getGroupSchema
+      parameters: []
+      responses:
+        '200':
+          description: successful operation
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GroupSchema'
+              examples:
+                Response with a subset of properties for brevity:
+                  $ref: '#/components/examples/GroupSchemaResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.schemas.read
+      tags:
+        - Schema
+    post:
+      summary: Update the default Group Schema
+      description: Updates the default group schema. This updates, adds, or removes one or more custom Group Profile properties in the schema.
+      operationId: updateGroupSchema
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/GroupSchema'
+            examples:
+              Add a custom property to the group schema:
+                $ref: '#/components/examples/GroupSchemaAddRequest'
+      responses:
+        '200':
+          description: successful operation
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GroupSchema'
+              example:
+                Response with a subset of properties for brevity:
+                  $ref: '#/components/examples/GroupSchemaResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.schemas.manage
+      tags:
+        - Schema
+  /api/v1/meta/schemas/logStream:
+    get:
+      summary: List the Log Stream Schemas
+      description: Lists the schema for all log stream types visible for this org
+      operationId: listLogStreamSchemas
+      responses:
+        '200':
+          description: successful operation
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/LogStreamSchema'
+              examples:
+                All log stream schemas for your org:
+                  $ref: '#/components/examples/LogStreamSchemaList'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.logStreams.read
+      tags:
+        - Schema
+  /api/v1/meta/schemas/logStream/{logStreamType}:
+    parameters:
+      - $ref: '#/components/parameters/pathLogStreamType'
+    get:
+      summary: Retrieve the Log Stream Schema for the schema type
+      description: Retrieves the schema for a Log Stream type. The `logStreamType` element in the URL specifies the Log Stream type, which is either `aws_eventbridge` or `splunk_cloud_logstreaming`. Use the `aws_eventbridge` literal to retrieve the AWS EventBridge type schema, and use the `splunk_cloud_logstreaming` literal retrieve the Splunk Cloud type schema.
+      operationId: getLogStreamSchema
+      responses:
+        '200':
+          description: successful operation
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/LogStreamSchema'
+              examples:
+                Schema for type `aws_eventbridge`:
+                  $ref: '#/components/examples/LogStreamSchemaAws'
+                Schema for type `splunk_cloud_logstreaming`:
+                  $ref: '#/components/examples/LogStreamSchemaSplunk'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.logStreams.read
+      tags:
+        - Schema
+  /api/v1/meta/schemas/user/linkedObjects:
+    get:
+      summary: List all Linked Object Definitions
+      description: Lists all linked object definitions
+      operationId: listLinkedObjectDefinitions
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/LinkedObject'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.linkedObjects.read
+      tags:
+        - LinkedObject
+    post:
+      summary: Create a Linked Object Definition
+      description: Creates a linked object definition
+      operationId: createLinkedObjectDefinition
+      x-codegen-request-body-name: linkedObject
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/LinkedObject'
+        required: true
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/LinkedObject'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.linkedObjects.manage
+      tags:
+        - LinkedObject
+  /api/v1/meta/schemas/user/linkedObjects/{linkedObjectName}:
+    parameters:
+      - $ref: '#/components/parameters/pathLinkedObjectName'
+    get:
+      summary: Retrieve a Linked Object Definition
+      description: Retrieves a linked object definition
+      operationId: getLinkedObjectDefinition
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/LinkedObject'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.linkedObjects.read
+      tags:
+        - LinkedObject
+    delete:
+      summary: Delete a Linked Object Definition
+      description: Deletes a linked object definition
+      operationId: deleteLinkedObjectDefinition
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.linkedObjects.manage
+      tags:
+        - LinkedObject
+  /api/v1/meta/schemas/user/{schemaId}:
+    parameters:
+      - $ref: '#/components/parameters/pathSchemaId'
+    get:
+      summary: Retrieve a User Schema
+      description: Retrieves the schema for a Schema Id
+      operationId: getUserSchema
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserSchema'
+              examples:
+                Response with a subset of properties for brevity:
+                  $ref: '#/components/examples/UserSchemaResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.schemas.read
+      tags:
+        - Schema
+    post:
+      summary: Update a User Schema
+      description: Partially updates on the User Profile properties of the user schema
+      operationId: updateUserProfile
+      x-codegen-request-body-name: userSchema
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UserSchema'
+            examples:
+              Add a custom property to the user schema:
+                $ref: '#/components/examples/UserSchemaAddRequest'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserSchema'
+              examples:
+                Response with a subset of properties for brevity:
+                  $ref: '#/components/examples/UserSchemaResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.schemas.manage
+      tags:
+        - Schema
+  /api/v1/meta/types/user:
+    get:
+      summary: List all User Types
+      description: Lists all User Types in your org
+      operationId: listUserTypes
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/UserType'
+              examples:
+                ListsAllUserTypes:
+                  $ref: '#/components/examples/ListsAllUserTypes'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.userTypes.read
+      tags:
+        - UserType
+    post:
+      summary: Create a User Type
+      description: |-
+        Creates a new User Type. Okta automatically creates a `default` User Type for your org. You may add up to nine additional User Types.
+        > **Note**: New User Types are based on the current default schema template. Modifications to this schema do not automatically propagate to previously created User Types.
+      operationId: createUserType
+      x-codegen-request-body-name: userType
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UserType'
+            examples:
+              CreateUserRequest:
+                $ref: '#/components/examples/CreateUserRequest'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserType'
+              examples:
+                CreateUserResponse:
+                  $ref: '#/components/examples/CreateUserResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.userTypes.manage
+      tags:
+        - UserType
+  /api/v1/meta/types/user/{typeId}:
+    parameters:
+      - $ref: '#/components/parameters/pathTypeId'
+    get:
+      summary: Retrieve a User Type
+      description: Retrieves a User Type by ID. Use `default` to fetch the default User Type.
+      operationId: getUserType
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserType'
+              examples:
+                GetUserResponse:
+                  $ref: '#/components/examples/GetUserResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.userTypes.read
+      tags:
+        - UserType
+    post:
+      summary: Update a User Type
+      description: |-
+        Updates an existing User Type.
+        > **Note**: You can only update the `displayName` and `description` elements. The `name` of an existing User Type can't be changed.
+      operationId: updateUserType
+      x-codegen-request-body-name: userType
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UserTypePostRequest'
+            examples:
+              UpdateUserTypePostRequest:
+                $ref: '#/components/examples/UpdateUserTypePostRequest'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserType'
+              examples:
+                UpdateUserTypePutRequest:
+                  $ref: '#/components/examples/UpdateUserTypePostResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.userTypes.manage
+      tags:
+        - UserType
+    put:
+      summary: Replace a User Type
+      description: |-
+        Replaces an existing User Type.
+        > **Note**: The `name` of an existing User Type can't be changed, but must be part of the request body. You can only replace the `displayName` and `description` elements.
+      operationId: replaceUserType
+      x-codegen-request-body-name: userType
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UserTypePutRequest'
+            examples:
+              ReplaceUserTypePutRequest:
+                $ref: '#/components/examples/ReplaceUserTypePutRequest'
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserType'
+              examples:
+                ReplaceUserTypePutResponse:
+                  $ref: '#/components/examples/ReplaceUserTypePutResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.userTypes.manage
+      tags:
+        - UserType
+    delete:
+      summary: Delete a User Type
+      description: |-
+        Deletes a User Type permanently.
+        > **Note**: You can't delete the default User Type or a User Type that is currently assigned to users.
+      operationId: deleteUserType
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.userTypes.manage
+      tags:
+        - UserType
+  /api/v1/meta/uischemas:
+    get:
+      summary: List all UI Schemas
+      description: Lists all UI Schemas in your org
+      operationId: listUISchemas
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/UISchemasResponseObject'
+              examples:
+                UIISchemaList:
+                  summary: Lists all UI Schemas response
+                  $ref: '#/components/examples/ListUISchemaResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.uischemas.read
+      tags:
+        - UISchema
+    post:
+      summary: Create a UI Schema
+      description: Creates an input for an enrollment form
+      operationId: createUISchema
+      x-codegen-request-body-name: uischemabody
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CreateUISchema'
+            examples:
+              UISchemaCreate:
+                $ref: '#/components/examples/CreateUISchemaBody'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UISchemasResponseObject'
+              examples:
+                UISchemaCreate:
+                  $ref: '#/components/examples/CreateUISchemaResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.uischemas.manage
+      tags:
+        - UISchema
+  /api/v1/meta/uischemas/{id}:
+    parameters:
+      - $ref: '#/components/parameters/UISchemaId'
+    get:
+      summary: Retrieve a UI Schema
+      description: Retrieves a UI Schema by `id`
+      operationId: getUISchema
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UISchemasResponseObject'
+              examples:
+                UISchemaRetrieve:
+                  summary: Retrieves a UI Schema response
+                  $ref: '#/components/examples/RetrieveUISchemaResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.uischemas.read
+      tags:
+        - UISchema
+    put:
+      summary: Replace a UI Schema
+      description: Replaces a UI Schema by `id`
+      operationId: replaceUISchemas
+      x-codegen-request-body-name: updateUISchemaBody
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UpdateUISchema'
+            examples:
+              UISchemaPUT:
+                $ref: '#/components/examples/CreateUISchemaBody'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UISchemasResponseObject'
+              examples:
+                UISchemaUpdate:
+                  $ref: '#/components/examples/CreateUISchemaResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.uischemas.manage
+      tags:
+        - UISchema
+    delete:
+      summary: Delete a UI Schema
+      description: Deletes a UI Schema by `id`
+      operationId: deleteUISchemas
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.uischemas.manage
+      tags:
+        - UISchema
+  /api/v1/org:
+    get:
+      summary: Retrieve the Org Settings
+      description: Retrieves the org settings
+      operationId: getOrgSettings
+      parameters: []
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgSetting'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.orgs.read
+      tags:
+        - OrgSetting
+    post:
+      summary: Update the Org Settings
+      description: Partially updates the org settings depending on provided fields
+      operationId: updateOrgSettings
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/OrgSetting'
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgSetting'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.orgs.manage
+      tags:
+        - OrgSetting
+    put:
+      summary: Replace the Org Settings
+      description: Replaces the settings of your organization
+      operationId: replaceOrgSettings
+      x-codegen-request-body-name: orgSetting
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/OrgSetting'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgSetting'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.orgs.manage
+      tags:
+        - OrgSetting
+  /api/v1/org/captcha:
+    get:
+      summary: Retrieve the Org-wide CAPTCHA Settings
+      description: |-
+        Retrieves the CAPTCHA settings object for your organization.
+        > **Note**: If the current organization hasn't configured CAPTCHA Settings, the request returns an empty object.
+      operationId: getOrgCaptchaSettings
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgCAPTCHASettings'
+              examples:
+                configured:
+                  $ref: '#/components/examples/OrgCAPTCHASettingsConfigured'
+                empty:
+                  $ref: '#/components/examples/OrgCAPTCHASettingsEmpty'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.captchas.read
+      tags:
+        - CAPTCHA
+    put:
+      summary: Replace the Org-wide CAPTCHA Settings
+      description: |-
+        Replaces the CAPTCHA settings object for your organization.
+        > **Note**: You can disable CAPTCHA for your organization by setting `captchaId` and `enabledPages` to `null`.
+      operationId: replacesOrgCaptchaSettings
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/OrgCAPTCHASettings'
+            examples:
+              Update:
+                $ref: '#/components/examples/OrgCAPTCHASettingsUpdate'
+              Disable:
+                $ref: '#/components/examples/OrgCAPTCHASettingsDisable'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgCAPTCHASettings'
+              examples:
+                Update:
+                  $ref: '#/components/examples/OrgCAPTCHASettingsUpdated'
+                Disable:
+                  $ref: '#/components/examples/OrgCAPTCHASettingsDisabled'
+        '400':
+          description: Bad Request
+          headers: {}
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                NoDisable:
+                  $ref: '#/components/examples/ErrorCAPTCHAOrgWideSettingNull'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.captchas.manage
+      tags:
+        - CAPTCHA
+    delete:
+      summary: Delete the Org-wide CAPTCHA Settings
+      description: Deletes the CAPTCHA settings object for your organization
+      operationId: deleteOrgCaptchaSettings
+      responses:
+        '204':
+          description: No Content
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.captchas.manage
+      tags:
+        - CAPTCHA
+  /api/v1/org/contacts:
+    get:
+      summary: Retrieve the Org Contact Types
+      description: Retrieves Contact Types of your organization
+      operationId: getOrgContactTypes
+      parameters: []
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/OrgContactTypeObj'
+                type: array
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.orgs.read
+      tags:
+        - OrgSetting
+  /api/v1/org/contacts/{contactType}:
+    parameters:
+      - $ref: '#/components/parameters/pathContactType'
+    get:
+      summary: Retrieve the User of the Contact Type
+      description: Retrieves the URL of the User associated with the specified Contact Type
+      operationId: getOrgContactUser
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgContactUser'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.orgs.read
+      tags:
+        - OrgSetting
+    put:
+      summary: Replace the User of the Contact Type
+      description: Replaces the User associated with the specified Contact Type
+      operationId: replaceOrgContactUser
+      x-codegen-request-body-name: orgContactUser
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/OrgContactUser'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgContactUser'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.orgs.manage
+      tags:
+        - OrgSetting
+  /api/v1/org/email/bounces/remove-list:
+    post:
+      summary: Remove Emails from Email Provider Bounce List
+      description: Removes a list of email addresses to be removed from the set of email addresses that are bounced
+      operationId: bulkRemoveEmailAddressBounces
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/BouncesRemoveListObj'
+            examples:
+              example-1:
+                value:
+                  emailAddresses:
+                    - name@company.com
+                    - unknown.email@okta.com
+                    - name@okta@com
+      responses:
+        '200':
+          description: Deletes the provided list of emails from the set of email addresses that are bounced so that the provider resumes sending emails to those addresses.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/BouncesRemoveListResult'
+              examples:
+                example-1:
+                  value:
+                    errors:
+                      - emailAddress: unknown.email@okta.com
+                        reason: This email address does not belong to any user in your organization.
+                      - emailAddress: name@okta@com
+                        reason: Invalid email address. The provided email address failed validation against RFC 3696.
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.orgs.manage
+      tags:
+        - OrgSetting
+  /api/v1/org/logo:
+    post:
+      summary: Upload the Org Logo
+      description: Uploads and replaces the logo for your organization. The file must be in PNG, JPG, or GIF format and less than 100kB in size. For best results use landscape orientation, a transparent background, and a minimum size of 300px by 50px to prevent upscaling.
+      operationId: uploadOrgLogo
+      requestBody:
+        content:
+          multipart/form-data:
+            schema:
+              description: The file must be in PNG, JPG, or GIF format and less than 100kB in size. For best results use landscape orientation, a transparent background, and a minimum size of 300px by 50px to prevent upscaling.
+              type: object
+              properties:
+                file:
+                  type: string
+                  format: binary
+              required:
+                - file
+        description: logo file
+      responses:
+        '201':
+          description: Created
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - OrgSetting
+  /api/v1/org/preferences:
+    get:
+      summary: Retrieve the Org Preferences
+      description: Retrieves preferences of your organization
+      operationId: getOrgPreferences
+      parameters: []
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgPreferences'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.orgs.read
+      tags:
+        - OrgSetting
+  /api/v1/org/preferences/hideEndUserFooter:
+    post:
+      summary: Update the Preference to Hide the Okta Dashboard Footer
+      description: Updates the preference hide the Okta UI footer for all end users of your organization
+      operationId: updateOrgHideOktaUIFooter
+      parameters: []
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgPreferences'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.orgs.manage
+      tags:
+        - OrgSetting
+  /api/v1/org/preferences/showEndUserFooter:
+    post:
+      summary: Update the Preference to Show the Okta Dashboard Footer
+      description: Updates the preference to show the Okta UI footer for all end users of your organization
+      operationId: updateOrgShowOktaUIFooter
+      parameters: []
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgPreferences'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.orgs.manage
+      tags:
+        - OrgSetting
+  /api/v1/org/privacy/oktaCommunication:
+    get:
+      summary: Retrieve the Okta Communication Settings
+      description: Retrieves Okta Communication Settings of your organization
+      operationId: getOktaCommunicationSettings
+      parameters: []
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgOktaCommunicationSetting'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.orgs.read
+      tags:
+        - OrgSetting
+  /api/v1/org/privacy/oktaCommunication/optIn:
+    post:
+      summary: Opt in all Users to Okta Communication emails
+      description: Opts in all users of this org to Okta Communication emails
+      operationId: optInUsersToOktaCommunicationEmails
+      parameters: []
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgOktaCommunicationSetting'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.orgs.manage
+      tags:
+        - OrgSetting
+  /api/v1/org/privacy/oktaCommunication/optOut:
+    post:
+      summary: Opt out all Users from Okta Communication emails
+      description: Opts out all users of this org from Okta Communication emails
+      operationId: optOutUsersFromOktaCommunicationEmails
+      parameters: []
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgOktaCommunicationSetting'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.orgs.manage
+      tags:
+        - OrgSetting
+  /api/v1/org/privacy/oktaSupport:
+    get:
+      summary: Retrieve the Okta Support Settings
+      description: Retrieves Okta Support Settings of your organization
+      operationId: getOrgOktaSupportSettings
+      parameters: []
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgOktaSupportSettingsObj'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.orgs.read
+      tags:
+        - OrgSetting
+  /api/v1/org/privacy/oktaSupport/extend:
+    post:
+      summary: Extend Okta Support Access
+      description: Extends the length of time that Okta Support can access your org by 24 hours. This means that 24 hours are added to the remaining access time.
+      operationId: extendOktaSupport
+      parameters: []
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgOktaSupportSettingsObj'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.orgs.manage
+      tags:
+        - OrgSetting
+  /api/v1/org/privacy/oktaSupport/grant:
+    post:
+      summary: Grant Okta Support Access to your Org
+      description: Grants Okta Support temporary access your org as an administrator for eight hours
+      operationId: grantOktaSupport
+      parameters: []
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgOktaSupportSettingsObj'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.orgs.manage
+      tags:
+        - OrgSetting
+  /api/v1/org/privacy/oktaSupport/revoke:
+    post:
+      summary: Revoke Okta Support Access
+      description: Revokes Okta Support access to your organization
+      operationId: revokeOktaSupport
+      parameters: []
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgOktaSupportSettingsObj'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.orgs.manage
+      tags:
+        - OrgSetting
+# Policy Begin        
+  /api/v1/policies:
+    get:
+      summary: List all Policies
+      description: Lists all policies with the specified type
+      operationId: listPolicies
+      parameters:
+        - name: type
+          in: query
+          required: true
+          schema:
+            type: string
+        - name: status
+          in: query
+          schema:
+            type: string
+        - name: expand
+          in: query
+          schema:
+            type: string
+            default: ''
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Policy'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.policies.read
+      tags:
+        - Policy
+    post:
+      summary: Create a Policy
+      description: Creates a policy
+      operationId: createPolicy
+      parameters:
+        - name: activate
+          in: query
+          schema:
+            type: boolean
+            default: true
+      x-codegen-request-body-name: policy
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/Policy'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Policy'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.policies.manage
+      tags:
+        - Policy
+  /api/v1/policies/{policyId}:
+    parameters:
+      - $ref: '#/components/parameters/pathPolicyId'
+    get:
+      summary: Retrieve a Policy
+      description: Retrieves a policy
+      operationId: getPolicy
+      parameters:
+        - name: expand
+          in: query
+          schema:
+            type: string
+            default: ''
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Policy'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.policies.read
+      tags:
+        - Policy
+    put:
+      summary: Replace a Policy
+      description: Replaces the properties of a Policy identified by `policyId`
+      operationId: replacePolicy
+      x-codegen-request-body-name: policy
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/Policy'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Policy'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.policies.manage
+      tags:
+        - Policy
+    delete:
+      summary: Delete a Policy
+      description: Deletes a policy
+      operationId: deletePolicy
+      responses:
+        '204':
+          description: No Content
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.policies.manage
+      tags:
+        - Policy
+  /api/v1/policies/{policyId}/app:
+    parameters:
+      - $ref: '#/components/parameters/pathPolicyId'
+    get:
+      deprecated: true
+      summary: List all Applications mapped to a Policy
+      description: |-
+        Lists all applications mapped to a policy identified by `policyId`
+
+        > **Note:** Use [List all resources mapped to a Policy](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Policy/#tag/Policy/operation/listPolicyMappings) to list all applications mapped to a policy.
+      operationId: listPolicyApps
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Application'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.policies.read
+      tags:
+        - Policy
+  /api/v1/policies/{policyId}/clone:
+    parameters:
+      - $ref: '#/components/parameters/pathPolicyId'
+    post:
+      summary: Clone an existing Policy
+      description: Clones an existing policy
+      operationId: clonePolicy
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Policy'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.policies.manage
+      tags:
+        - Policy
+  /api/v1/policies/{policyId}/lifecycle/activate:
+    parameters:
+      - $ref: '#/components/parameters/pathPolicyId'
+    post:
+      summary: Activate a Policy
+      description: Activates a policy
+      operationId: activatePolicy
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.policies.manage
+      tags:
+        - Policy
+  /api/v1/policies/{policyId}/lifecycle/deactivate:
+    parameters:
+      - $ref: '#/components/parameters/pathPolicyId'
+    post:
+      summary: Deactivate a Policy
+      description: Deactivates a policy
+      operationId: deactivatePolicy
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.policies.manage
+      tags:
+        - Policy
+  /api/v1/policies/{policyId}/mappings:
+    parameters:
+      - $ref: '#/components/parameters/pathPolicyId'
+    get:
+      summary: List all resources mapped to a Policy
+      description: Lists all resources mapped to a Policy identified by `policyId`
+      operationId: listPolicyMappings
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/PolicyMapping'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.policies.read
+      tags:
+        - Policy
+    post:
+      summary: Map a resource to a Policy
+      description: Maps a resource to a Policy identified by `policyId`
+      operationId: mapResourceToPolicy
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/PolicyMappingRequest'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PolicyMapping'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.policies.manage
+      tags:
+        - Policy
+  /api/v1/policies/{policyId}/mappings/{mappingId}:
+    parameters:
+      - $ref: '#/components/parameters/pathPolicyId'
+      - $ref: '#/components/parameters/pathPolicyMappingId'
+    get:
+      summary: Retrieve a policy resource Mapping
+      description: Retrieves a resource Mapping for a Policy identified by `policyId` and `mappingId`
+      operationId: getPolicyMapping
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PolicyMapping'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.policies.read
+      tags:
+        - Policy
+    delete:
+      summary: Delete a policy resource Mapping
+      description: Deletes the resource Mapping for a Policy identified by  `policyId` and `mappingId`
+      operationId: deletePolicyResourceMapping
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.policies.manage
+      tags:
+        - Policy
+  /api/v1/policies/{policyId}/rules:
+    parameters:
+      - $ref: '#/components/parameters/pathPolicyId'
+    get:
+      summary: List all Policy Rules
+      description: Lists all policy rules
+      operationId: listPolicyRules
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/PolicyRule'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.policies.read
+      tags:
+        - Policy
+    post:
+      summary: Create a Policy Rule
+      description: Creates a policy rule
+      operationId: createPolicyRule
+      x-codegen-request-body-name: policyRule
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/PolicyRule'
+            examples:
+              EnableSsprSecurityQuestionStepUp:
+                $ref: '#/components/examples/sspr-enabled-sq-step-up'
+              EnableSsprSSOStepUp:
+                $ref: '#/components/examples/sspr-enabled-sso-step-up'
+              EnableSsprNoStepUp:
+                $ref: '#/components/examples/sspr-enabled-no-step-up'
+              Enable2FAPreciseAuth:
+                $ref: "#/components/examples/twofa-enabled-disallow-password-allow-phishing"
+              EnableSpecificRoutingRule:
+                $ref: "#/components/examples/idp-discovery-specific-routing-rule"
+              EnableDynamicRoutingRule:
+                $ref: "#/components/examples/idp-discovery-dynamic-routing-rule"
+            x-okta-feature-flag-amends:
+              IDX_SSPR_EXTENDED_PRIMARY_FACTORS:
+                examples:
+                  EnableSsprWithConstraints:
+                    $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PolicyRule'
+              examples:
+                EnableSsprSecurityQuestionStepUp:
+                  $ref: '#/components/examples/sspr-enabled-sq-step-up-response'
+                EnableSsprSSOStepUp:
+                  $ref: '#/components/examples/sspr-enabled-sso-step-up-response'
+                EnableSsprNoStepUp:
+                  $ref: '#/components/examples/sspr-enabled-no-step-up-response'
+                Enable2FAPreciseAuth:
+                  $ref: '#/components/examples/twofa-enabled-disallow-password-allow-phishing-response'
+                EnableSpecificRoutingRule:
+                  $ref: "#/components/examples/idp-discovery-specific-routing-rule-response"
+                EnableDynamicRoutingRule:
+                  $ref: "#/components/examples/idp-discovery-dynamic-routing-rule-response"
+              x-okta-feature-flag-amends:
+                IDX_SSPR_EXTENDED_PRIMARY_FACTORS:
+                  examples:
+                    EnableSsprWithConstraints:
+                      $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-response'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.policies.manage
+      tags:
+        - Policy
+  /api/v1/policies/{policyId}/rules/{ruleId}:
+    parameters:
+      - $ref: '#/components/parameters/pathPolicyId'
+      - $ref: '#/components/parameters/pathRuleId'
+    get:
+      summary: Retrieve a Policy Rule
+      description: Retrieves a policy rule
+      operationId: getPolicyRule
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PolicyRule'
+              examples:
+                EnableSsprSecurityQuestionStepUp:
+                  $ref: '#/components/examples/sspr-enabled-sq-step-up-update'
+                EnableSsprSSOStepUp:
+                  $ref: '#/components/examples/sspr-enabled-sso-step-up-update'
+                EnableSsprNoStepUp:
+                  $ref: '#/components/examples/sspr-enabled-no-step-up-update'
+              x-okta-feature-flag-amends:
+                IDX_SSPR_EXTENDED_PRIMARY_FACTORS:
+                  examples:
+                    EnableSsprWithConstraints:
+                      $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-update'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.policies.read
+      tags:
+        - Policy
+    put:
+      summary: Replace a Policy Rule
+      description: Replaces the properties for a Policy Rule identified by `policyId` and `ruleId`
+      operationId: replacePolicyRule
+      x-codegen-request-body-name: policyRule
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/PolicyRule'
+            examples:
+              EnableSsprSecurityQuestionStepUp:
+                $ref: '#/components/examples/sspr-enabled-sq-step-up-update'
+              EnableSsprSSOStepUp:
+                $ref: '#/components/examples/sspr-enabled-sso-step-up-update'
+              EnableSsprNoStepUp:
+                $ref: '#/components/examples/sspr-enabled-no-step-up-update'
+            x-okta-feature-flag-amends:
+              IDX_SSPR_EXTENDED_PRIMARY_FACTORS:
+                examples:
+                  EnableSsprWithConstraints:
+                    $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-update'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PolicyRule'
+              examples:
+                EnableSsprSecurityQuestionStepUp:
+                  $ref: '#/components/examples/sspr-enabled-sq-step-up-response'
+                EnableSsprSSOStepUp:
+                  $ref: '#/components/examples/sspr-enabled-sso-step-up-response'
+                EnableSsprNoStepUp:
+                  $ref: '#/components/examples/sspr-enabled-no-step-up-response'
+              x-okta-feature-flag-amends:
+                IDX_SSPR_EXTENDED_PRIMARY_FACTORS:
+                  examples:
+                    EnableSsprWithConstraints:
+                      $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-response'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.policies.manage
+      tags:
+        - Policy
+    delete:
+      summary: Delete a Policy Rule
+      description: Deletes a Policy Rule identified by `policyId` and `ruleId`
+      operationId: deletePolicyRule
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.policies.manage
+      tags:
+        - Policy
+  /api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate:
+    parameters:
+      - $ref: '#/components/parameters/pathPolicyId'
+      - $ref: '#/components/parameters/pathRuleId'
+    post:
+      summary: Activate a Policy Rule
+      description: Activates a Policy Rule identified by `policyId` and `ruleId`
+      operationId: activatePolicyRule
+      responses:
+        '204':
+          description: No Content
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.policies.manage
+      tags:
+        - Policy
+  /api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate:
+    parameters:
+      - $ref: '#/components/parameters/pathPolicyId'
+      - $ref: '#/components/parameters/pathRuleId'
+    post:
+      summary: Deactivate a Policy Rule
+      description: Deactivates a Policy Rule identified by `policyId` and `ruleId`
+      operationId: deactivatePolicyRule
+      responses:
+        '204':
+          description: No Content
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.policies.manage
+      tags:
+        - Policy
+  /api/v1/policies/simulate:
+    parameters:
+      - $ref: '#/components/parameters/simulateParameter'
+    post:
+      summary: Create a Policy Simulation
+      description: |-
+        Creates a policy or policy rule simulation. The access simulation evaluates policy and policy rules based on the existing policy rule configuration.
+        The evaluation result simulates what the real-world authentication flow is and what policy rules have been applied or matched to the authentication flow.
+      operationId: createPolicySimulation
+      x-codegen-request-body-name: simulatePolicy
+      requestBody:
+        content:
+          application/json:
+            schema:
+              type: array
+              items:
+                $ref: '#/components/schemas/SimulatePolicyBody'
+            examples:
+              SimulatePolicy:
+                $ref: '#/components/examples/SimulatePolicyBody'
+        required: true
+      responses:
+        '204':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SimulatePolicyResponse'
+              examples:
+                SimulatePolicy:
+                  $ref: '#/components/examples/SimulatePolicyResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.policies.read
+      tags:
+        - Policy
+  /api/v1/principal-rate-limits:
+    get:
+      summary: List all Principal Rate Limits
+      description: Lists all Principal Rate Limit entities considering the provided parameters
+      operationId: listPrincipalRateLimitEntities
+      parameters:
+        - name: filter
+          in: query
+          schema:
+            type: string
+        - name: after
+          in: query
+          schema:
+            type: string
+        - name: limit
+          in: query
+          schema:
+            type: integer
+            format: int32
+            default: 20
+            maximum: 50
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/PrincipalRateLimitEntity'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.principalRateLimits.read
+      tags:
+        - PrincipalRateLimit
+    post:
+      summary: Create a Principal Rate Limit
+      description: Creates a new Principal Rate Limit entity. In the current release, we only allow one Principal Rate Limit entity per org and principal.
+      operationId: createPrincipalRateLimitEntity
+      x-codegen-request-body-name: entity
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/PrincipalRateLimitEntity'
+            examples:
+              SSWSToken:
+                $ref: '#/components/examples/PrincipalRateLimitEntityRequestSSWSToken'
+              EmptyPercentages:
+                $ref: '#/components/examples/PrincipalRateLimitEntityRequestEmptyPercentages'
+        required: true
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PrincipalRateLimitEntity'
+              examples:
+                SSWSToken:
+                  $ref: '#/components/examples/PrincipalRateLimitEntityResponseSSWSToken'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.principalRateLimits.manage
+      tags:
+        - PrincipalRateLimit
+  /api/v1/principal-rate-limits/{principalRateLimitId}:
+    parameters:
+      - $ref: '#/components/parameters/pathPrincipalRateLimitId'
+    get:
+      summary: Retrieve a Principal Rate Limit
+      description: Retrieves a Principal Rate Limit entity by `principalRateLimitId`
+      operationId: getPrincipalRateLimitEntity
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PrincipalRateLimitEntity'
+              examples:
+                SSWSToken:
+                  $ref: '#/components/examples/PrincipalRateLimitEntityResponseSSWSToken'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.principalRateLimits.read
+      tags:
+        - PrincipalRateLimit
+    put:
+      summary: Replace a Principal Rate Limit
+      description: Replaces a principal rate limit entity by `principalRateLimitId`
+      operationId: replacePrincipalRateLimitEntity
+      x-codegen-request-body-name: entity
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/PrincipalRateLimitEntity'
+            examples:
+              SSWSToken:
+                $ref: '#/components/examples/PrincipalRateLimitEntityRequestSSWSToken'
+              EmptyPercentages:
+                $ref: '#/components/examples/PrincipalRateLimitEntityRequestEmptyPercentages'
+        required: true
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PrincipalRateLimitEntity'
+              examples:
+                SSWSToken:
+                  $ref: '#/components/examples/PrincipalRateLimitEntityResponseSSWSToken'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.principalRateLimits.manage
+      tags:
+        - PrincipalRateLimit
+  /api/v1/push-providers:
+    get:
+      summary: List all Push Providers
+      description: Lists all push providers
+      operationId: listPushProviders
+      parameters:
+        - name: type
+          in: query
+          description: Filters push providers by `providerType`
+          schema:
+            $ref: '#/components/schemas/ProviderType'
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/PushProvider'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.pushProviders.read
+      tags:
+        - PushProvider
+    post:
+      summary: Create a Push Provider
+      description: Creates a new push provider
+      operationId: createPushProvider
+      x-codegen-request-body-name: pushProvider
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/PushProvider'
+            examples:
+              APNs:
+                $ref: '#/components/examples/PushProviderAPNsRequest'
+              FCM:
+                $ref: '#/components/examples/PushProviderFCMRequest'
+        required: true
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PushProvider'
+              examples:
+                APNs:
+                  $ref: '#/components/examples/PushProviderAPNsResponse'
+                FCM:
+                  $ref: '#/components/examples/PushProviderFCMResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.pushProviders.manage
+      tags:
+        - PushProvider
+  /api/v1/push-providers/{pushProviderId}:
+    parameters:
+      - $ref: '#/components/parameters/pathPushProviderId'
+    get:
+      summary: Retrieve a Push Provider
+      description: Retrieves a push provider by `pushProviderId`
+      operationId: getPushProvider
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PushProvider'
+              examples:
+                APNs:
+                  $ref: '#/components/examples/PushProviderAPNsResponse'
+                FCM:
+                  $ref: '#/components/examples/PushProviderFCMResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.pushProviders.read
+      tags:
+        - PushProvider
+    put:
+      summary: Replace a Push Provider
+      description: Replaces a push provider by `pushProviderId`
+      operationId: replacePushProvider
+      x-codegen-request-body-name: pushProvider
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/PushProvider'
+            examples:
+              APNs:
+                $ref: '#/components/examples/PushProviderAPNsRequest'
+              FCM:
+                $ref: '#/components/examples/PushProviderFCMRequest'
+        required: true
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PushProvider'
+              examples:
+                APNs:
+                  $ref: '#/components/examples/PushProviderAPNsResponse'
+                FCM:
+                  $ref: '#/components/examples/PushProviderFCMResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.pushProviders.manage
+      tags:
+        - PushProvider
+    delete:
+      summary: Delete a Push Provider
+      description: Deletes a push provider by `pushProviderId`. If the push provider is currently being used in the org by a custom authenticator, the delete will not be allowed.
+      operationId: deletePushProvider
+      responses:
+        '204':
+          description: No Content
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '409':
+          description: Conflict
+          headers: {}
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Cannot remove push provider in use by a custom app authenticator:
+                  $ref: '#/components/examples/ErrorPushProviderUsedByCustomAppAuthenticator'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.pushProviders.manage
+      tags:
+        - PushProvider
+  /api/v1/rate-limit-settings/admin-notifications:
+    get:
+      summary: Retrieve the Rate Limit Admin Notification Settings
+      description: Retrieves the currently configured Rate Limit Admin Notification Settings
+      operationId: getRateLimitSettingsAdminNotifications
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RateLimitAdminNotifications'
+              examples:
+                Enabled:
+                  $ref: '#/components/examples/RateLimitAdminNotificationsEnabled'
+                Disabled:
+                  $ref: '#/components/examples/RateLimitAdminNotificationsDisabled'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.rateLimits.read
+      tags:
+        - RateLimitSettings
+    put:
+      summary: Replace the Rate Limit Admin Notification Settings
+      description: Replaces the Rate Limit Admin Notification Settings and returns the configured properties
+      operationId: replaceRateLimitSettingsAdminNotifications
+      x-codegen-request-body-name: RateLimitAdminNotifications
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/RateLimitAdminNotifications'
+            examples:
+              Enabled:
+                $ref: '#/components/examples/RateLimitAdminNotificationsEnabled'
+              Disabled:
+                $ref: '#/components/examples/RateLimitAdminNotificationsDisabled'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RateLimitAdminNotifications'
+              examples:
+                Enabled:
+                  $ref: '#/components/examples/RateLimitAdminNotificationsEnabled'
+                Disabled:
+                  $ref: '#/components/examples/RateLimitAdminNotificationsDisabled'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.rateLimits.manage
+      tags:
+        - RateLimitSettings
+  /api/v1/rate-limit-settings/per-client:
+    get:
+      summary: Retrieve the Per-Client Rate Limit Settings
+      description: Retrieves the currently configured Per-Client Rate Limit Settings
+      operationId: getRateLimitSettingsPerClient
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PerClientRateLimitSettings'
+              examples:
+                EnforceDefault:
+                  $ref: '#/components/examples/PerClientRateLimitSettingsEnforceDefault'
+                EnforceDefaultWithOverrides:
+                  $ref: '#/components/examples/PerClientRateLimitSettingsEnforceDefaultWithOverrides'
+                PreviewDefaultWithOverrides:
+                  $ref: '#/components/examples/PerClientRateLimitSettingsPreviewDefaultWithOverrides'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.rateLimits.read
+      tags:
+        - RateLimitSettings
+    put:
+      summary: Replace the Per-Client Rate Limit Settings
+      description: Replaces the Per-Client Rate Limit Settings and returns the configured properties
+      operationId: replaceRateLimitSettingsPerClient
+      x-codegen-request-body-name: perClientRateLimitSettings
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/PerClientRateLimitSettings'
+            examples:
+              EnforceDefault:
+                $ref: '#/components/examples/PerClientRateLimitSettingsEnforceDefault'
+              EnforceDefaultWithOverrides:
+                $ref: '#/components/examples/PerClientRateLimitSettingsEnforceDefaultWithOverrides'
+              PreviewDefaultWithOverrides:
+                $ref: '#/components/examples/PerClientRateLimitSettingsPreviewDefaultWithOverrides'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PerClientRateLimitSettings'
+              examples:
+                EnforceDefault:
+                  $ref: '#/components/examples/PerClientRateLimitSettingsEnforceDefault'
+                EnforceDefaultWithOverrides:
+                  $ref: '#/components/examples/PerClientRateLimitSettingsEnforceDefaultWithOverrides'
+                PreviewDefaultWithOverrides:
+                  $ref: '#/components/examples/PerClientRateLimitSettingsPreviewDefaultWithOverrides'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.rateLimits.manage
+      tags:
+        - RateLimitSettings
+  /api/v1/rate-limit-settings/warning-threshold:
+    get:
+      summary: Retrieve the Rate Limit Warning Threshold Percentage
+      description: Retrieves the currently configured threshold for warning notifications when the API's rate limit is exceeded
+      operationId: getRateLimitSettingsWarningThreshold
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RateLimitWarningThresholdResponse'
+              examples:
+                ExampleThreshold:
+                  $ref: '#/components/examples/RateLimitWarningThresholdValidExample'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.rateLimits.read
+      tags:
+        - RateLimitSettings
+    put:
+      summary: Replace the Rate Limit Warning Threshold Percentage
+      description: Replaces the Rate Limit Warning Threshold Percentage and returns the configured property
+      operationId: replaceRateLimitSettingsWarningThreshold
+      x-codegen-request-body-name: RateLimitWarningThreshold
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/RateLimitWarningThresholdRequest'
+            examples:
+              ExampleThreshold:
+                $ref: '#/components/examples/RateLimitWarningThresholdValidExample'
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RateLimitWarningThresholdResponse'
+              examples:
+                ExampleThreshold:
+                  $ref: '#/components/examples/RateLimitWarningThresholdValidExample'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.rateLimits.manage
+      tags:
+        - RateLimitSettings
+  /api/v1/realms:
+    get:
+      summary: List all Realms
+      description: Lists all Realms
+      operationId: listRealms
+      parameters:
+        - name: limit
+          in: query
+          description: Specifies the number of results returned. Defaults to 10 if `search` is provided.
+          schema:
+            type: integer
+            format: int32
+            default: 200
+        - $ref: '#/components/parameters/queryAfter'
+        - name: search
+          in: query
+          description: Searches for Realms with a supported filtering expression for most properties
+          schema:
+            type: string
+        - name: sortBy
+          in: query
+          description: Specifies field to sort by and can be any single property (for search queries only).
+          schema:
+            type: string
+            example: profile.name
+        - name: sortOrder
+          in: query
+          description: Specifies sort order `asc` or `desc` (for search queries only). This parameter is ignored if `sortBy` isn't present.
+          schema:
+            type: string
+            default: asc
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Realm'
+              examples:
+                Realm Lists:
+                  $ref: '#/components/examples/ListRealmsResponse'
+        '403':
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.realms.read
+      tags:
+        - Realm
+    post:
+      summary: Create a Realm
+      description: Creates a new Realm
+      operationId: createRealm
+      x-codegen-request-body-name: body
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/Realm'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Realm'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.realms.manage
+      tags:
+        - Realm
+  /api/v1/realms/{realmId}:
+    parameters:
+      - $ref: '#/components/parameters/pathRealmId'
+    get:
+      summary: Retrieve a Realm
+      description: Retrieves a Realm
+      operationId: getRealm
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Realm'
+              examples:
+                DefaultRealm:
+                  $ref: '#/components/examples/DefaultRealmResponse'
+                NonDefaultRealm:
+                  $ref: '#/components/examples/RealmResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.realms.read
+      tags:
+        - Realm
+    post:
+      summary: Update a Realm
+      description: Updates a Realm
+      operationId: updateRealm
+      x-codegen-request-body-name: body
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/Realm'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Realm'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.realms.manage
+      tags:
+        - Realm
+    delete:
+      summary: Delete a Realm
+      description: Deletes a Realm permanently. This operation can only be performed after disassociating other entities like Users and Identity Providers from a Realm.
+      operationId: deleteRealm
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '400':
+          description: Bad Request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '403':
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '404':
+          description: Not Found
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.realms.manage
+      tags:
+        - Realm
+  /api/v1/risk/events/ip:
+    post:
+      summary: Send multiple Risk Events
+      description: |-
+        Sends multiple IP risk events to Okta.
+        This request is used by a third-party risk provider to send IP risk events to Okta. The third-party risk provider needs to be registered with Okta before they can send events to Okta. See [Risk Providers](/openapi/okta-management/management/tag/RiskProvider/).
+        This API has a rate limit of 30 requests per minute. You can include multiple risk events (up to a maximum of 20 events) in a single payload to reduce the number of API calls. Prioritize sending high risk signals if you have a burst of signals to send that would exceed the maximum request limits.
+      operationId: sendRiskEvents
+      x-codegen-request-body-name: instance
+      requestBody:
+        content:
+          application/json:
+            schema:
+              type: array
+              items:
+                $ref: '#/components/schemas/RiskEvent'
+            examples:
+              RiskEventsRequestExample:
+                $ref: '#/components/examples/RiskEventsRequestExample'
+        required: true
+      responses:
+        '202':
+          description: Accepted
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.riskEvents.manage
+      tags:
+        - RiskEvent
+  /api/v1/risk/providers:
+    get:
+      summary: List all Risk Providers
+      description: Lists all Risk Provider objects
+      operationId: listRiskProviders
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/RiskProvider'
+              examples:
+                RiskProviderList:
+                  $ref: '#/components/examples/ListRiskProviderResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.riskProviders.read
+      tags:
+        - RiskProvider
+    post:
+      summary: Create a Risk Provider
+      description: Creates a Risk Provider object. A maximum of three Risk Provider objects can be created.
+      operationId: createRiskProvider
+      x-codegen-request-body-name: instance
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/RiskProvider'
+            examples:
+              RiskProviderRequestExample:
+                $ref: '#/components/examples/RiskProviderRequest'
+        required: true
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RiskProvider'
+              examples:
+                RiskProviderPostResponseExample:
+                  $ref: '#/components/examples/RiskProviderResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.riskProviders.manage
+      tags:
+        - RiskProvider
+  /api/v1/risk/providers/{riskProviderId}:
+    parameters:
+      - $ref: '#/components/parameters/pathRiskProviderId'
+    get:
+      summary: Retrieve a Risk Provider
+      description: Retrieves a Risk Provider object by ID
+      operationId: getRiskProvider
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RiskProvider'
+              examples:
+                RiskProviderGetResponseExample:
+                  $ref: '#/components/examples/RiskProviderResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.riskProviders.read
+      tags:
+        - RiskProvider
+    put:
+      summary: Replace a Risk Provider
+      description: Replaces the properties for a given Risk Provider object ID
+      operationId: replaceRiskProvider
+      x-codegen-request-body-name: instance
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/RiskProvider'
+            examples:
+              RiskProviderPutRequestExample:
+                $ref: '#/components/examples/RiskProviderPutRequest'
+        required: true
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RiskProvider'
+              examples:
+                RiskProviderPutResponseExample:
+                  $ref: '#/components/examples/RiskProviderPutResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.riskProviders.manage
+      tags:
+        - RiskProvider
+    delete:
+      summary: Delete a Risk Provider
+      description: Deletes a Risk Provider object by its ID
+      operationId: deleteRiskProvider
+      responses:
+        '204':
+          description: No Content
+        '403':
+          description: Forbidden
+          headers: {}
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.riskProviders.manage
+      tags:
+        - RiskProvider
+  /api/v1/roles/{roleRef}/subscriptions:
+    parameters:
+      - $ref: '#/components/parameters/pathRoleRef'
+    get:
+      summary: List all Subscriptions for a Role
+      description: Lists all subscriptions available to a specified Role
+      operationId: listSubscriptionsRole
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/Subscription'
+                type: array
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          description: Not Found
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - Subscription
+  /api/v1/roles/{roleRef}/subscriptions/{notificationType}:
+    parameters:
+      - $ref: '#/components/parameters/pathRoleRef'
+      - $ref: '#/components/parameters/pathNotificationType'
+    get:
+      summary: Retrieve a Subscription for a Role
+      description: Retrieves a subscription by `notificationType` for a specified Role
+      operationId: getSubscriptionsNotificationTypeRole
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Subscription'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          description: Not Found
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - Subscription
+  /api/v1/roles/{roleRef}/subscriptions/{notificationType}/subscribe:
+    parameters:
+      - $ref: '#/components/parameters/pathRoleRef'
+      - $ref: '#/components/parameters/pathNotificationType'
+    post:
+      summary: Subscribe a Role to a Specific Notification Type
+      description: Subscribes a Role to a specified notification type. Changes to Role subscriptions override the subscription status of any individual users with the Role.
+      operationId: subscribeByNotificationTypeRole
+      responses:
+        '200':
+          description: No Content
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          description: Not Found
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - Subscription
+  /api/v1/roles/{roleRef}/subscriptions/{notificationType}/unsubscribe:
+    parameters:
+      - $ref: '#/components/parameters/pathRoleRef'
+      - $ref: '#/components/parameters/pathNotificationType'
+    post:
+      summary: Unsubscribe a Role from a Specific Notification Type
+      description: Unsubscribes a Role from a specified notification type. Changes to Role subscriptions override the subscription status of any individual users with the Role.
+      operationId: unsubscribeByNotificationTypeRole
+      responses:
+        '200':
+          description: No Content
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          description: Not Found
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - Subscription
+  /api/v1/sessions:
+    post:
+      summary: Create a Session with session token
+      description: Creates a new Session for a user with a valid session token. Use this API if, for example, you want to set the session cookie yourself instead of allowing Okta to set it, or want to hold the session ID to delete a session through the API instead of visiting the logout URL.
+      operationId: createSession
+      x-codegen-request-body-name: createSessionRequest
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CreateSessionRequest'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Session'
+        '400':
+          description: Bad Request
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+      tags:
+        - Session
+  /api/v1/sessions/{sessionId}:
+    parameters:
+      - $ref: '#/components/parameters/pathSessionId'
+    get:
+      summary: Retrieve a Session
+      description: Retrieves information about the Session specified by the given session ID
+      operationId: getSession
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Session'
+        '400':
+          description: Bad Request
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          description: Not Found
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.sessions.read
+      tags:
+        - Session
+    delete:
+      summary: Revoke a Session
+      description: Revokes the specified Session
+      operationId: revokeSession
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.sessions.manage
+      tags:
+        - Session
+  /api/v1/sessions/{sessionId}/lifecycle/refresh:
+    parameters:
+      - $ref: '#/components/parameters/pathSessionId'
+    post:
+      summary: Refresh a Session
+      description: Refreshes an existing Session using the `id` for that Session. A successful response contains the refreshed Session with an updated `expiresAt` timestamp.
+      operationId: refreshSession
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Session'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          description: Not Found
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.sessions.manage
+      tags:
+        - Session
+  /api/v1/templates/sms:
+    get:
+      summary: List all SMS Templates
+      description: Lists all custom SMS templates. A subset of templates can be returned that match a template type.
+      operationId: listSmsTemplates
+      parameters:
+        - name: templateType
+          in: query
+          schema:
+            $ref: '#/components/schemas/SmsTemplateType'
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/SmsTemplate'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.read
+      tags:
+        - Template
+    post:
+      summary: Create an SMS Template
+      description: Creates a new custom SMS template
+      operationId: createSmsTemplate
+      x-codegen-request-body-name: smsTemplate
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SmsTemplate'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SmsTemplate'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.manage
+      tags:
+        - Template
+  /api/v1/templates/sms/{templateId}:
+    parameters:
+      - $ref: '#/components/parameters/pathTemplateId'
+    get:
+      summary: Retrieve an SMS Template
+      description: Retrieves a specific template by `id`
+      operationId: getSmsTemplate
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SmsTemplate'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.read
+      tags:
+        - Template
+    post:
+      summary: Update an SMS Template
+      description: Updates an SMS template
+      operationId: updateSmsTemplate
+      x-codegen-request-body-name: smsTemplate
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SmsTemplate'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SmsTemplate'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.manage
+      tags:
+        - Template
+    put:
+      summary: Replace an SMS Template
+      description: Replaces the SMS template
+      operationId: replaceSmsTemplate
+      x-codegen-request-body-name: smsTemplate
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SmsTemplate'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SmsTemplate'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.manage
+      tags:
+        - Template
+    delete:
+      summary: Delete an SMS Template
+      description: Deletes an SMS template
+      operationId: deleteSmsTemplate
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.manage
+      tags:
+        - Template
+  /api/v1/threats/configuration:
+    get:
+      summary: Retrieve the ThreatInsight Configuration
+      description: Retrieves the ThreatInsight configuration for the org
+      operationId: getCurrentConfiguration
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ThreatInsightConfiguration'
+              examples:
+                ThreatInsightResponseEx:
+                  $ref: '#/components/examples/ThreatInsightResponseExample'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.threatInsights.read
+      tags:
+        - ThreatInsight
+    post:
+      summary: Update the ThreatInsight Configuration
+      description: Updates the ThreatInsight configuration for the org
+      operationId: updateConfiguration
+      x-codegen-request-body-name: threatInsightConfiguration
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ThreatInsightConfiguration'
+            examples:
+              ThreatInsightUpdateEx:
+                $ref: '#/components/examples/ThreatInsightUpdateRequestExample'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ThreatInsightConfiguration'
+              examples:
+                ThreatInsightUpdateEx:
+                  $ref: '#/components/examples/ThreatInsightUpdateResponseExample'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.threatInsights.manage
+      tags:
+        - ThreatInsight
+  /api/v1/trustedOrigins:
+    get:
+      summary: List all Trusted Origins
+      description: Lists all trusted origins
+      operationId: listTrustedOrigins
+      parameters:
+        - name: q
+          in: query
+          schema:
+            type: string
+        - name: filter
+          in: query
+          schema:
+            type: string
+        - name: after
+          in: query
+          schema:
+            type: string
+        - name: limit
+          in: query
+          schema:
+            type: integer
+            format: int32
+            default: -1
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/TrustedOrigin'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.trustedOrigins.read
+      tags:
+        - TrustedOrigin
+    post:
+      summary: Create a Trusted Origin
+      description: Creates a trusted origin
+      operationId: createTrustedOrigin
+      x-codegen-request-body-name: trustedOrigin
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/TrustedOrigin'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/TrustedOrigin'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.trustedOrigins.manage
+      tags:
+        - TrustedOrigin
+  /api/v1/trustedOrigins/{trustedOriginId}:
+    parameters:
+      - $ref: '#/components/parameters/pathTrustedOriginId'
+    get:
+      summary: Retrieve a Trusted Origin
+      description: Retrieves a trusted origin
+      operationId: getTrustedOrigin
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/TrustedOrigin'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.trustedOrigins.read
+      tags:
+        - TrustedOrigin
+    put:
+      summary: Replace a Trusted Origin
+      description: Replaces a trusted origin
+      operationId: replaceTrustedOrigin
+      x-codegen-request-body-name: trustedOrigin
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/TrustedOrigin'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/TrustedOrigin'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.trustedOrigins.manage
+      tags:
+        - TrustedOrigin
+    delete:
+      summary: Delete a Trusted Origin
+      description: Deletes a trusted origin
+      operationId: deleteTrustedOrigin
+      responses:
+        '204':
+          description: Success
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.trustedOrigins.manage
+      tags:
+        - TrustedOrigin
+  /api/v1/trustedOrigins/{trustedOriginId}/lifecycle/activate:
+    parameters:
+      - $ref: '#/components/parameters/pathTrustedOriginId'
+    post:
+      summary: Activate a Trusted Origin
+      description: Activates a trusted origin
+      operationId: activateTrustedOrigin
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/TrustedOrigin'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.trustedOrigins.manage
+      tags:
+        - TrustedOrigin
+  /api/v1/trustedOrigins/{trustedOriginId}/lifecycle/deactivate:
+    parameters:
+      - $ref: '#/components/parameters/pathTrustedOriginId'
+    post:
+      summary: Deactivate a Trusted Origin
+      description: Deactivates a trusted origin
+      operationId: deactivateTrustedOrigin
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/TrustedOrigin'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.trustedOrigins.manage
+      tags:
+        - TrustedOrigin
+  /api/v1/users:
+    get:
+      summary: List all Users
+      description: Lists all users that do not have a status of 'DEPROVISIONED' (by default), up to the maximum (200 for most orgs), with pagination.  A subset of users can be returned that match a supported filter expression or search criteria.
+      operationId: listUsers
+      parameters:
+        - name: q
+          in: query
+          description: Finds a user that matches firstName, lastName, and email properties
+          schema:
+            type: string
+        - $ref: '#/components/parameters/queryAfter'
+        - name: limit
+          in: query
+          description: Specifies the number of results returned. Defaults to 10 if `q` is provided.
+          schema:
+            type: integer
+            format: int32
+            default: 200
+        - name: filter
+          in: query
+          description: Filters users with a supported expression for a subset of properties
+          schema:
+            type: string
+        - name: search
+          in: query
+          description: Searches for users with a supported filtering expression for most properties. Okta recommends using this parameter for search for best performance.
+          schema:
+            type: string
+        - name: sortBy
+          in: query
+          schema:
+            type: string
+        - name: sortOrder
+          in: query
+          description: Sorting is done in ASCII sort order (that is, by ASCII character value), but isn't case sensitive.
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/User'
+              examples:
+                UserList:
+                  $ref: '#/components/examples/ListUsersResponse'
+              x-okta-feature-flag-amends:
+                UD_REALMS:
+                  examples:
+                    UserList:
+                      $ref: '#/components/examples/ListRealmAwareUsersResponse'
+        '403':
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.read
+      tags:
+        - User
+    post:
+      summary: Create a User
+      description: |-
+        Creates a new user in your Okta organization with or without credentials<br>
+        > **Legal Disclaimer**<br>
+        After a user is added to the Okta directory, they receive an activation email. As part of signing up for this service,
+        you agreed not to use Okta's service/product to spam and/or send unsolicited messages.
+        Please refrain from adding unrelated accounts to the directory as Okta is not responsible for, and disclaims any and all
+        liability associated with, the activation email's content. You, and you alone, bear responsibility for the emails sent to any recipients.
+      operationId: createUser
+      parameters:
+        - name: activate
+          in: query
+          description: Executes activation lifecycle operation when creating the user
+          schema:
+            type: boolean
+            default: true
+        - name: provider
+          in: query
+          description: Indicates whether to create a user with a specified authentication provider
+          schema:
+            type: boolean
+            default: false
+        - name: nextLogin
+          in: query
+          description: With activate=true, set nextLogin to "changePassword" to have the password be EXPIRED, so user must change it the next time they log in.
+          schema:
+            $ref: '#/components/schemas/UserNextLogin'
+          x-okta-added-version: 0.14.0
+      x-codegen-request-body-name: body
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CreateUserRequest'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/User'
+        '400':
+          description: Bad Request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Create user with too many groups specified:
+                  $ref: '#/components/examples/ErrorCreateUserWithTooManyManyGroupsResponse'
+                Create user with expired password and activate set to `false`:
+                  $ref: '#/components/examples/ErrorCreateUserWithExpiredPasswordWithoutActivation'
+                Create user with expired password and `null` password:
+                  $ref: '#/components/examples/ErrorCreateUserWithExpiredPasswordWithNullPassword'
+        '403':
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+  /api/v1/users/{userId}:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    get:
+      summary: Retrieve a User
+      description: Retrieves a user from your Okta organization
+      operationId: getUser
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/User'
+        '403':
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '404':
+          description: Not Found
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.read
+      tags:
+        - User
+    post:
+      summary: Update a User
+      description: Updates a user partially determined by the request parameters
+      operationId: updateUser
+      parameters:
+        - name: strict
+          in: query
+          schema:
+            type: boolean
+      x-codegen-request-body-name: user
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UpdateUserRequest'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/User'
+        '400':
+          description: Bad Request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '403':
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '404':
+          description: Not Found
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+    put:
+      summary: Replace a User
+      description: Replaces a user's profile and/or credentials using strict-update semantics
+      operationId: replaceUser
+      parameters:
+        - name: strict
+          in: query
+          schema:
+            type: boolean
+          x-okta-added-version: 1.10.0
+      x-codegen-request-body-name: user
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/User'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/User'
+        '400':
+          description: Bad Request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '403':
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '404':
+          description: Not Found
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+    delete:
+      summary: Delete a User
+      description: Deletes a user permanently. This operation can only be performed on users that have a `DEPROVISIONED` status.  **This action cannot be recovered!**. Calling this on an `ACTIVE` user will transition the user to `DEPROVISIONED`.
+      operationId: deleteUser
+      parameters:
+        - name: sendEmail
+          in: query
+          schema:
+            type: boolean
+            default: false
+          x-okta-added-version: 1.5.0
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '400':
+          description: Bad Request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '403':
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '404':
+          description: Not Found
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+  /api/v1/users/{userId}/appLinks:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    get:
+      summary: List all Assigned Application Links
+      description: Lists all appLinks for all direct or indirect (via group membership) assigned applications
+      operationId: listAppLinks
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/AppLink'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.read
+      tags:
+        - User
+  /api/v1/users/{userId}/blocks:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    get:
+      summary: List all User Blocks
+      description: Lists information about how the user is blocked from accessing their account
+      operationId: listUserBlocks
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/UserBlock'
+              examples:
+                BlocksUnknownDevices:
+                  $ref: '#/components/examples/ListUserBlocksUnknownDevicesResponse'
+                BlocksAnyDevices:
+                  $ref: '#/components/examples/ListUserBlocksAnyDevicesResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.read
+      tags:
+        - User
+  /api/v1/users/{userId}/clients:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    get:
+      summary: List all Clients
+      description: Lists all client resources for which the specified user has grants or tokens
+      operationId: listUserClients
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/OAuth2Client'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.read
+      tags:
+        - User
+  /api/v1/users/{userId}/clients/{clientId}/grants:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+      - $ref: '#/components/parameters/pathClientId'
+    get:
+      summary: List all Grants for a Client
+      description: Lists all grants for a specified user and client
+      operationId: listGrantsForUserAndClient
+      parameters:
+        - name: expand
+          in: query
+          schema:
+            type: string
+        - name: after
+          in: query
+          schema:
+            type: string
+        - name: limit
+          in: query
+          schema:
+            type: integer
+            format: int32
+            default: 20
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.read
+      tags:
+        - User
+    delete:
+      summary: Revoke all Grants for a Client
+      description: Revokes all grants for the specified user and client
+      operationId: revokeGrantsForUserAndClient
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+  /api/v1/users/{userId}/clients/{clientId}/tokens:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+      - $ref: '#/components/parameters/pathClientId'
+    get:
+      summary: List all Refresh Tokens for a Client
+      description: Lists all refresh tokens issued for the specified User and Client
+      operationId: listRefreshTokensForUserAndClient
+      parameters:
+        - name: expand
+          in: query
+          schema:
+            type: string
+        - name: after
+          in: query
+          schema:
+            type: string
+        - name: limit
+          in: query
+          schema:
+            type: integer
+            format: int32
+            default: 20
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/OAuth2RefreshToken'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.read
+      tags:
+        - User
+    delete:
+      summary: Revoke all Refresh Tokens for a Client
+      description: Revokes all refresh tokens issued for the specified User and Client
+      operationId: revokeTokensForUserAndClient
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+  /api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId}:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+      - $ref: '#/components/parameters/pathClientId'
+      - $ref: '#/components/parameters/pathTokenId'
+    get:
+      summary: Retrieve a Refresh Token for a Client
+      description: Retrieves a refresh token issued for the specified User and Client
+      operationId: getRefreshTokenForUserAndClient
+      parameters:
+        - name: expand
+          in: query
+          schema:
+            type: string
+        - name: limit
+          in: query
+          schema:
+            type: integer
+            default: 20
+        - name: after
+          in: query
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OAuth2RefreshToken'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.read
+      tags:
+        - User
+    delete:
+      summary: Revoke a Token for a Client
+      description: Revokes the specified refresh token
+      operationId: revokeTokenForUserAndClient
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+  /api/v1/users/{userId}/credentials/change_password:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    post:
+      summary: Change Password
+      description: Changes a user's password by validating the user's current password. This operation can only be performed on users in `STAGED`, `ACTIVE`, `PASSWORD_EXPIRED`, or `RECOVERY` status that have a valid password credential
+      operationId: changePassword
+      parameters:
+        - name: strict
+          in: query
+          schema:
+            type: boolean
+          x-okta-added-version: 1.10.0
+      x-codegen-request-body-name: changePasswordRequest
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ChangePasswordRequest'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserCredentials'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+  /api/v1/users/{userId}/credentials/change_recovery_question:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    post:
+      summary: Change Recovery Question
+      description: Changes a user's recovery question & answer credential by validating the user's current password.  This operation can only be performed on users in **STAGED**, **ACTIVE** or **RECOVERY** `status` that have a valid password credential
+      operationId: changeRecoveryQuestion
+      x-codegen-request-body-name: userCredentials
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UserCredentials'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserCredentials'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+  /api/v1/users/{userId}/credentials/forgot_password:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    post:
+      summary: Initiate Forgot Password
+      description: Initiates the forgot password flow. Generates a one-time token (OTT) that can be used to reset a user's password.
+      operationId: forgotPassword
+      parameters:
+        - name: sendEmail
+          in: query
+          required: false
+          schema:
+            type: boolean
+            default: true
+      responses:
+        '200':
+          description: Reset url
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ForgotPasswordResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+  /api/v1/users/{userId}/credentials/forgot_password_recovery_question:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    post:
+      summary: Reset Password with Recovery Question
+      description: Resets the user's password to the specified password if the provided answer to the recovery question is correct
+      operationId: forgotPasswordSetNewPassword
+      parameters:
+        - name: sendEmail
+          in: query
+          required: false
+          schema:
+            type: boolean
+            default: true
+      x-codegen-request-body-name: userCredentials
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UserCredentials'
+        required: true
+      responses:
+        '200':
+          description: Credentials
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserCredentials'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+  /api/v1/users/{userId}/factors:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    get:
+      summary: List all Factors
+      description: Lists all the enrolled factors for the specified user
+      operationId: listFactors
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/UserFactor'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.read
+      tags:
+        - UserFactor
+    post:
+      summary: Enroll a Factor
+      description: Enrolls a user with a supported factor
+      operationId: enrollFactor
+      parameters:
+        - name: updatePhone
+          in: query
+          schema:
+            type: boolean
+            default: false
+        - name: templateId
+          in: query
+          description: id of SMS template (only for SMS factor)
+          schema:
+            type: string
+        - name: tokenLifetimeSeconds
+          in: query
+          schema:
+            type: integer
+            format: int32
+            default: 300
+          x-okta-added-version: 1.3.0
+        - name: activate
+          in: query
+          schema:
+            type: boolean
+            default: false
+          x-okta-added-version: 1.3.0
+      x-codegen-request-body-name: body
+      requestBody:
+        description: Factor
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UserFactor'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserFactor'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - UserFactor
+  /api/v1/users/{userId}/factors/catalog:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    get:
+      summary: List all Supported Factors
+      description: Lists all the supported factors that can be enrolled for the specified user
+      operationId: listSupportedFactors
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/UserFactor'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.read
+      tags:
+        - UserFactor
+  /api/v1/users/{userId}/factors/questions:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    get:
+      summary: List all Supported Security Questions
+      description: Lists all available security questions for a user's `question` factor
+      operationId: listSupportedSecurityQuestions
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/SecurityQuestion'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+      tags:
+        - UserFactor
+  /api/v1/users/{userId}/factors/{factorId}:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+      - $ref: '#/components/parameters/pathFactorId'
+    get:
+      summary: Retrieve a Factor
+      description: Retrieves a factor for the specified user
+      operationId: getFactor
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserFactor'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.read
+      tags:
+        - UserFactor
+    delete:
+      summary: Unenroll a Factor
+      description: Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor
+      operationId: unenrollFactor
+      parameters:
+        - name: removeRecoveryEnrollment
+          in: query
+          schema:
+            type: boolean
+            default: false
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - UserFactor
+  /api/v1/users/{userId}/factors/{factorId}/lifecycle/activate:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+      - $ref: '#/components/parameters/pathFactorId'
+    post:
+      summary: Activate a Factor
+      description: Activates a factor. The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.
+      operationId: activateFactor
+      x-codegen-request-body-name: body
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ActivateFactorRequest'
+        required: false
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserFactor'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - UserFactor
+  /api/v1/users/{userId}/factors/{factorId}/resend:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+      - $ref: '#/components/parameters/pathFactorId'
+    post:
+      summary: Resend a factor enrollment
+      description: Resends a factor challenge (SMS/call/email OTP) as part of an enrollment flow. The current rate limit is one OTP challenge (call or SMS) per device every 30 seconds. Okta round-robins between SMS providers with every resend request to help ensure delivery of an SMS OTP across different carriers.
+      operationId: resendEnrollFactor
+      parameters:
+        - name: templateId
+          in: query
+          description: ID of SMS template (only for SMS factor)
+          schema:
+            type: string
+      requestBody:
+        description: Factor
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UserFactor'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserFactor'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - UserFactor
+  /api/v1/users/{userId}/factors/{factorId}/transactions/{transactionId}:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+      - $ref: '#/components/parameters/pathFactorId'
+      - $ref: '#/components/parameters/pathTransactionId'
+    get:
+      summary: Retrieve a Factor Transaction Status
+      description: Retrieves the factors verification transaction status
+      operationId: getFactorTransactionStatus
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/VerifyUserFactorResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.read
+      tags:
+        - UserFactor
+  /api/v1/users/{userId}/factors/{factorId}/verify:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+      - $ref: '#/components/parameters/pathFactorId'
+    post:
+      summary: Verify an MFA Factor
+      description: Verifies an OTP for a `token` or `token:hardware` factor
+      operationId: verifyFactor
+      parameters:
+        - name: templateId
+          in: query
+          schema:
+            type: string
+        - name: tokenLifetimeSeconds
+          in: query
+          schema:
+            type: integer
+            format: int32
+            default: 300
+          x-okta-added-version: 1.3.0
+        - name: X-Forwarded-For
+          in: header
+          schema:
+            type: string
+          x-okta-added-version: 1.11.0
+        - name: User-Agent
+          in: header
+          schema:
+            type: string
+          x-okta-added-version: 1.11.0
+        - name: Accept-Language
+          in: header
+          schema:
+            type: string
+      x-codegen-request-body-name: body
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/VerifyFactorRequest'
+        required: false
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/VerifyUserFactorResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - UserFactor
+  /api/v1/users/{userId}/grants:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    get:
+      summary: List all User Grants
+      description: Lists all grants for the specified user
+      operationId: listUserGrants
+      parameters:
+        - name: scopeId
+          in: query
+          schema:
+            type: string
+        - name: expand
+          in: query
+          schema:
+            type: string
+        - name: after
+          in: query
+          schema:
+            type: string
+        - name: limit
+          in: query
+          schema:
+            type: integer
+            format: int32
+            default: 20
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.read
+      tags:
+        - User
+    delete:
+      summary: Revoke all User Grants
+      description: Revokes all grants for a specified user
+      operationId: revokeUserGrants
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+  /api/v1/users/{userId}/grants/{grantId}:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+      - $ref: '#/components/parameters/pathGrantId'
+    get:
+      summary: Retrieve a User Grant
+      description: Retrieves a grant for the specified user
+      operationId: getUserGrant
+      parameters:
+        - name: expand
+          in: query
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.read
+      tags:
+        - User
+    delete:
+      summary: Revoke a User Grant
+      description: Revokes one grant for a specified user
+      operationId: revokeUserGrant
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+  /api/v1/users/{userId}/groups:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    get:
+      summary: List all Groups
+      description: Lists all groups of which the user is a member
+      operationId: listUserGroups
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Group'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.read
+      tags:
+        - User
+  /api/v1/users/{userId}/idps:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    get:
+      summary: List all Identity Providers
+      description: Lists the IdPs associated with the user
+      operationId: listUserIdentityProviders
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/IdentityProvider'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.read
+      tags:
+        - User
+  /api/v1/users/{userId}/lifecycle/activate:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    post:
+      summary: Activate a User
+      description: |-
+        Activates a user. This operation can only be performed on users with a `STAGED` or `DEPROVISIONED` status.
+        Activation of a user is an asynchronous operation. The user will have the `transitioningToStatus`
+        property with a value of `ACTIVE` during activation to indicate that the user hasn't completed the asynchronous operation.
+        The user will have a status of `ACTIVE` when the activation process is complete.
+        > **Multibrand and User activation**<br>
+        If you want to send a branded User Activation email, change the subdomain of your request to the custom domain that's associated with the brand.
+        For example, change `subdomain.okta.com` to `custom.domain.one`. See [Multibrand and custom domains](https://developer.okta.com/docs/concepts/brands/#multibrand-and-custom-domains).
+        <br><br>
+        > **Legal disclaimer**<br>
+        After a user is added to the Okta directory, they receive an activation email. As part of signing up for this service,
+        you agreed not to use Okta's service/product to spam and/or send unsolicited messages.
+        Please refrain from adding unrelated accounts to the directory as Okta is not responsible for, and disclaims any and all
+        liability associated with, the activation email's content. You, and you alone, bear responsibility for the emails sent to any recipients.
+      operationId: activateUser
+      parameters:
+        - name: sendEmail
+          in: query
+          description: Sends an activation email to the user if true
+          required: true
+          schema:
+            type: boolean
+            default: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserActivationToken'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+  /api/v1/users/{userId}/lifecycle/deactivate:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    post:
+      summary: Deactivate a User
+      description: 'Deactivates a user. This operation can only be performed on users that do not have a `DEPROVISIONED` status. While the asynchronous operation (triggered by HTTP header `Prefer: respond-async`) is proceeding the user''s `transitioningToStatus` property is `DEPROVISIONED`. The user''s status is `DEPROVISIONED` when the deactivation process is complete.'
+      operationId: deactivateUser
+      parameters:
+        - name: sendEmail
+          in: query
+          schema:
+            type: boolean
+            default: false
+          x-okta-added-version: 1.5.0
+      responses:
+        '200':
+          description: OK
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+  /api/v1/users/{userId}/lifecycle/expire_password:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    post:
+      summary: Expire Password
+      description: Expires a user's password and transitions the user to the status of `PASSWORD_EXPIRED` so that the user is required to change their password at their next login
+      operationId: expirePassword
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/User'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+  /api/v1/users/{userId}/lifecycle/expire_password_with_temp_password:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    post:
+      summary: Expire Password and Set Temporary Password
+      description: Expires a user's password and transitions the user to the status of `PASSWORD_EXPIRED` so that the user is required to change their password at their next login, and also sets the user's password to a temporary password returned in the response
+      operationId: expirePasswordAndGetTemporaryPassword
+      parameters:
+        - name: revokeSessions
+          description: When set to `true` (and the session is a user session), all user sessions are revoked except the current session.
+          in: query
+          required: false
+          schema:
+            type: boolean
+            default: false
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/TempPassword'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+  /api/v1/users/{userId}/lifecycle/reactivate:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    post:
+      summary: Reactivate a User
+      description: Reactivates a user.  This operation can only be performed on users with a `PROVISIONED` status.  This operation restarts the activation workflow if for some reason the user activation was not completed when using the activationToken from [Activate User](#activate-user).
+      operationId: reactivateUser
+      parameters:
+        - name: sendEmail
+          in: query
+          description: Sends an activation email to the user if true
+          schema:
+            type: boolean
+            default: false
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserActivationToken'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+  /api/v1/users/{userId}/lifecycle/reset_factors:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    post:
+      summary: Reset all Factors
+      description: Resets all factors for the specified user. All MFA factor enrollments returned to the unenrolled state. The user's status remains ACTIVE. This link is present only if the user is currently enrolled in one or more MFA factors.
+      operationId: resetFactors
+      responses:
+        '200':
+          description: OK
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+  /api/v1/users/{userId}/lifecycle/reset_password:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    post:
+      summary: Generate a Reset Password Token
+      description: Generates a one-time token (OTT) that can be used to reset a user's password.  The OTT link can be automatically emailed to the user or returned to the API caller and distributed using a custom flow.
+      operationId: generateResetPasswordToken
+      parameters:
+        - name: sendEmail
+          in: query
+          required: true
+          schema:
+            type: boolean
+        - name: revokeSessions
+          description: When set to `true` (and the session is a user session), all user sessions are revoked except the current session.
+          in: query
+          required: false
+          schema:
+            type: boolean
+            default: false
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ResetPasswordToken'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+  /api/v1/users/{userId}/lifecycle/suspend:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    post:
+      summary: Suspend a User
+      description: Suspends a user.  This operation can only be performed on users with an `ACTIVE` status.  The user will have a status of `SUSPENDED` when the process is complete.
+      operationId: suspendUser
+      responses:
+        '200':
+          description: OK
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+  /api/v1/users/{userId}/lifecycle/unlock:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    post:
+      summary: Unlock a User
+      description: Unlocks a user with a `LOCKED_OUT` status or unlocks a user with an `ACTIVE` status that is blocked from unknown devices. Unlocked users have an `ACTIVE` status and can sign in with their current password.
+      operationId: unlockUser
+      responses:
+        '200':
+          description: Success
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+  /api/v1/users/{userId}/lifecycle/unsuspend:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    post:
+      summary: Unsuspend a User
+      description: Unsuspends a user and returns them to the `ACTIVE` state.  This operation can only be performed on users that have a `SUSPENDED` status.
+      operationId: unsuspendUser
+      responses:
+        '200':
+          description: Success
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+  /api/v1/users/{userId}/linkedObjects/{primaryRelationshipName}/{primaryUserId}:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+      - $ref: '#/components/parameters/pathPrimaryRelationshipName'
+      - $ref: '#/components/parameters/pathPrimaryUserId'
+    put:
+      summary: Create a Linked Object for two Users
+      description: Creates a Linked Object for two users
+      operationId: setLinkedObjectForUser
+      responses:
+        '204':
+          description: Success
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+  /api/v1/users/{userId}/linkedObjects/{relationshipName}:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+      - $ref: '#/components/parameters/pathRelationshipName'
+    get:
+      summary: List all Linked Objects
+      description: Lists all linked objects for a user, relationshipName can be a primary or associated relationship name
+      operationId: listLinkedObjectsForUser
+      parameters:
+        - name: after
+          in: query
+          schema:
+            type: string
+        - name: limit
+          in: query
+          schema:
+            type: integer
+            format: int32
+            default: -1
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/ResponseLinks'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.read
+      tags:
+        - User
+    delete:
+      summary: Delete a Linked Object
+      description: Deletes linked objects for a user, relationshipName can be ONLY a primary relationship name
+      operationId: deleteLinkedObjectForUser
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+  /api/v1/users/{userId}/roles:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    get:
+      summary: List all Roles assigned to a User
+      description: Lists all roles assigned to a user identified by `userId`
+      operationId: listAssignedRolesForUser
+      parameters:
+        - name: expand
+          in: query
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Role'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - RoleAssignment
+    post:
+      summary: Assign a Role to a User
+      description: Assigns a role to a user identified by `userId`
+      operationId: assignRoleToUser
+      parameters:
+        - name: disableNotifications
+          description: Setting this to `true` grants the user third-party admin status
+          in: query
+          schema:
+            type: boolean
+      x-codegen-request-body-name: assignRoleRequest
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AssignRoleRequest'
+        required: true
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Role'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - RoleAssignment
+  /api/v1/users/{userId}/roles/{roleId}:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+      - $ref: '#/components/parameters/pathRoleId'
+    get:
+      summary: Retrieve a Role assigned to a User
+      description: Retrieves a role identified by `roleId` assigned to a user identified by `userId`
+      operationId: getUserAssignedRole
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Role'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - RoleAssignment
+    delete:
+      summary: Unassign a Role from a User
+      description: Unassigns a role identified by `roleId` from a user identified by `userId`
+      operationId: unassignRoleFromUser
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - RoleAssignment
+  /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+      - $ref: '#/components/parameters/pathRoleId'
+    get:
+      summary: List all Application Targets for Application Administrator Role
+      description: Lists all App targets for an `APP_ADMIN` Role assigned to a User. This methods return list may include full Applications or Instances. The response for an instance will have an `ID` value, while Application will not have an ID.
+      operationId: listApplicationTargetsForApplicationAdministratorRoleForUser
+      parameters:
+        - name: after
+          in: query
+          schema:
+            type: string
+        - name: limit
+          in: query
+          schema:
+            type: integer
+            format: int32
+            default: 20
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/CatalogApplication'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - RoleTarget
+    put:
+      summary: Assign all Apps as Target to Role
+      description: Assigns all Apps as Target to Role
+      operationId: assignAllAppsAsTargetToRoleForUser
+      responses:
+        '200':
+          description: Success
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - RoleTarget
+  /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+      - $ref: '#/components/parameters/pathRoleId'
+      - $ref: '#/components/parameters/pathAppName'
+    put:
+      summary: Assign an Application Target to Administrator Role
+      description: Assigns an application target to administrator role
+      operationId: assignAppTargetToAdminRoleForUser
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - RoleTarget
+    delete:
+      summary: Unassign an Application Target from an Application Administrator Role
+      description: Unassigns an application target from application administrator role
+      operationId: unassignAppTargetFromAppAdminRoleForUser
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - RoleTarget
+  /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{appId}:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+      - $ref: '#/components/parameters/pathRoleId'
+      - $ref: '#/components/parameters/pathAppName'
+      - $ref: '#/components/parameters/pathAppId'
+    put:
+      summary: Assign an Application Instance Target to an Application Administrator Role
+      description: Assigns anapplication instance target to appplication administrator role
+      operationId: assignAppInstanceTargetToAppAdminRoleForUser
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - RoleTarget
+    delete:
+      summary: Unassign an Application Instance Target from an Application Administrator Role
+      description: Unassigns an application instance target from an application administrator role
+      operationId: unassignAppInstanceTargetFromAdminRoleForUser
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - RoleTarget
+  /api/v1/users/{userId}/roles/{roleId}/targets/groups:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+      - $ref: '#/components/parameters/pathRoleId'
+    get:
+      summary: List all Group Targets for Role
+      description: Lists all group targets for role
+      operationId: listGroupTargetsForRole
+      parameters:
+        - name: after
+          in: query
+          schema:
+            type: string
+        - name: limit
+          in: query
+          schema:
+            type: integer
+            format: int32
+            default: 20
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Group'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - RoleTarget
+  /api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+      - $ref: '#/components/parameters/pathRoleId'
+      - $ref: '#/components/parameters/pathGroupId'
+    put:
+      summary: Assign a Group Target to Role
+      description: Assigns a Group Target to Role
+      operationId: assignGroupTargetToUserRole
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - RoleTarget
+    delete:
+      summary: Unassign a Group Target from Role
+      description: Unassigns a Group Target from Role
+      operationId: unassignGroupTargetFromUserAdminRole
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - RoleTarget
+  /api/v1/users/{userId}/sessions:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    delete:
+      summary: Revoke all User Sessions
+      description: Revokes all active identity provider sessions of the user. This forces the user to authenticate on the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user.
+      operationId: revokeUserSessions
+      parameters:
+        - name: oauthTokens
+          in: query
+          description: Revoke issued OpenID Connect and OAuth refresh and access tokens
+          schema:
+            type: boolean
+            default: false
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+  /api/v1/users/{userId}/subscriptions:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+    get:
+      summary: List all Subscriptions for a User
+      description: Lists all subscriptions available to a specified User. Returns an `AccessDeniedException` message if requests are made for another user.
+      operationId: listSubscriptionsUser
+      parameters:
+        - in: path
+          name: userId
+          required: true
+          schema:
+            type: string
+            description: The unique ID of the user
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/Subscription'
+                type: array
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          description: Not Found
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.read
+      tags:
+        - Subscription
+  /api/v1/users/{userId}/subscriptions/{notificationType}:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+      - $ref: '#/components/parameters/pathNotificationType'
+    get:
+      summary: Retrieve a Subscription for a User
+      description: Retrieves a subscription by `notificationType` for a specified User. Returns an `AccessDeniedException` message if requests are made for another user.
+      operationId: getSubscriptionsNotificationTypeUser
+      parameters:
+        - in: path
+          name: userId
+          required: true
+          schema:
+            type: string
+            description: The unique ID of the user
+        - $ref: '#/components/parameters/pathNotificationType'
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Subscription'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          description: Not Found
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.read
+      tags:
+        - Subscription
+  /api/v1/users/{userId}/subscriptions/{notificationType}/subscribe:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+      - $ref: '#/components/parameters/pathNotificationType'
+    post:
+      summary: Subscribe a User to a Specific Notification Type
+      description: Subscribes the current user to a specified notification type. Returns an `AccessDeniedException` message if requests are made for another user.
+      operationId: subscribeByNotificationTypeUser
+      parameters:
+        - in: path
+          name: userId
+          required: true
+          schema:
+            type: string
+            description: The unique ID of the user
+        - $ref: '#/components/parameters/pathNotificationType'
+      responses:
+        '200':
+          description: No Content
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          description: Not Found
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - Subscription
+  /api/v1/users/{userId}/subscriptions/{notificationType}/unsubscribe:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+      - $ref: '#/components/parameters/pathNotificationType'
+    post:
+      summary: Unsubscribe a User from a Specific Notification Type
+      description: Unsubscribes the current user from a specified notification type. Returns an `AccessDeniedException` message if requests are made for another user.
+      operationId: unsubscribeByNotificationTypeUser
+      parameters:
+        - in: path
+          name: userId
+          required: true
+          schema:
+            type: string
+            description: The unique ID of the user
+        - $ref: '#/components/parameters/pathNotificationType'
+      responses:
+        '200':
+          description: No Content
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          description: Not Found
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - Subscription
+  /api/v1/zones:
+    get:
+      summary: List all Network Zones
+      description: |-
+        Lists all network zones with pagination. A subset of zones can be returned that match a supported filter expression or query.
+
+        This operation requires URL encoding. For example, `filter=(id eq "nzoul0wf9jyb8xwZm0g3" or id eq "nzoul1MxmGN18NDQT0g3")` is encoded as `filter=%28id+eq+%22nzoul0wf9jyb8xwZm0g3%22+or+id+eq+%22nzoul1MxmGN18NDQT0g3%22%29`.
+
+        Okta supports filtering on the `id` and `usage` properties. See [Filtering](https://developer.okta.com/docs/reference/core-okta-api/#filter) for more information on the expressions that are used in filtering.
+      operationId: listNetworkZones
+      parameters:
+        - name: after
+          in: query
+          description: Specifies the pagination cursor for the next page of network zones
+          example: 200u7yq5goxNFTiMjW1d7
+          schema:
+            type: string
+        - name: limit
+          in: query
+          description: Specifies the number of results for a page
+          example: 5
+          schema:
+            type: integer
+            format: int32
+            default: -1
+        - name: filter
+          in: query
+          description: Filters zones by usage or ID expression
+          example: filter=%28id+eq+%22nzowc1U5Jh5xuAK0o0g3%22%29
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/NetworkZone'
+              examples:
+                RetrieveAllZonesWithFilter:
+                  $ref: '#/components/examples/RetrieveAllZonesWithFilter'
+                RetrieveAllZones:
+                  $ref: '#/components/examples/RetrieveAllZones'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.networkZones.read
+      tags:
+        - NetworkZone
+    post:
+      summary: Create a Network Zone
+      description: |-
+        Creates a new network zone.
+        * At least one of either the `gateways` attribute or `proxies` attribute must be defined when creating a Network Zone.
+        * At least one of the following attributes must be defined: `proxyType`, `locations`, or `asns`.
+      operationId: createNetworkZone
+      x-codegen-request-body-name: zone
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/NetworkZone'
+            examples:
+              CreateIPPolicyNetworkZone:
+                $ref: '#/components/examples/CreateIPPolicyNetworkZone'
+              CreateIPPolicyBlocklistNetworkZone:
+                $ref: '#/components/examples/CreateIPPolicyBlockListNetworkZone'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/NetworkZone'
+              examples:
+                CreateIPPolicyNetworkZone:
+                  $ref: '#/components/examples/CreateIPPolicyNetworkZoneResponse'
+                CreateIPPolicyBlocklistNetworkZone:
+                  $ref: '#/components/examples/CreateIPPolicyBlockListNetworkZoneResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.networkZones.manage
+      tags:
+        - NetworkZone
+  /api/v1/zones/{zoneId}:
+    parameters:
+      - $ref: '#/components/parameters/pathZoneId'
+    get:
+      summary: Retrieve a Network Zone
+      description: Retrieves a network zone by `zoneId`
+      operationId: getNetworkZone
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/NetworkZone'
+              examples:
+                RetrieveNetworkZoneIP:
+                  $ref: '#/components/examples/RetrieveNetworkZoneIP'
+                RetrieveNetworkZoneDynamic:
+                  $ref: '#/components/examples/RetrieveNetworkZoneDynamic'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.networkZones.read
+      tags:
+        - NetworkZone
+    put:
+      summary: Replace a Network Zone
+      description: |-
+        Replaces a network zone by `zoneId`. The replaced network zone type must be the same as the existing type.
+        You may replace the usage (`POLICY`, `BLOCKLIST`) of a network zone by updating the `usage` attribute.
+      operationId: replaceNetworkZone
+      x-codegen-request-body-name: zone
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/NetworkZone'
+            examples:
+              ReplaceNetworkZone:
+                $ref: '#/components/examples/ReplaceNetworkZone'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/NetworkZone'
+              examples:
+                ReplaceNetworkZone:
+                  $ref: '#/components/examples/ReplaceNetworkZoneResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.networkZones.manage
+      tags:
+        - NetworkZone
+    delete:
+      summary: Delete a Network Zone
+      description: Deletes network zone by `zoneId`
+      operationId: deleteNetworkZone
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.networkZones.manage
+      tags:
+        - NetworkZone
+  /api/v1/zones/{zoneId}/lifecycle/activate:
+    parameters:
+      - $ref: '#/components/parameters/pathZoneId'
+    post:
+      summary: Activate a Network Zone
+      description: Activates a network zone by `zoneId`
+      operationId: activateNetworkZone
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/NetworkZone'
+              examples:
+                ActivateNetworkZone:
+                  $ref: '#/components/examples/ActivateNetworkZone'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.networkZones.manage
+      tags:
+        - NetworkZone
+  /api/v1/zones/{zoneId}/lifecycle/deactivate:
+    parameters:
+      - $ref: '#/components/parameters/pathZoneId'
+    post:
+      summary: Deactivate a Network Zone
+      description: Deactivates a network zone by `zoneId`
+      operationId: deactivateNetworkZone
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/NetworkZone'
+              examples:
+                DeactivateNetworkZone:
+                  $ref: '#/components/examples/DeactivateNetworkZone'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.networkZones.manage
+      tags:
+        - NetworkZone
+  /attack-protection/api/v1/user-lockout-settings:
+    get:
+      summary: Retrieve the User Lockout Settings
+      description: Retrieves the User Lockout Settings for an org
+      operationId: getUserLockoutSettings
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/UserLockoutSettings'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.orgs.read
+      tags:
+        - AttackProtection
+    put:
+      summary: Replace the User Lockout Settings
+      description: Replaces the User Lockout Settings for an org
+      operationId: replaceUserLockoutSettings
+      x-codegen-request-body-name: lockoutSettings
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UserLockoutSettings'
+        required: true
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserLockoutSettings'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.orgs.manage
+      tags:
+        - AttackProtection
+  /integrations/api/v1/api-services:
+    get:
+      summary: List all API Service Integration instances
+      description: Lists all API Service Integration instances with a pagination option
+      operationId: listApiServiceIntegrationInstances
+      parameters:
+        - $ref: '#/components/parameters/queryAfter'
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/APIServiceIntegrationInstance'
+              examples:
+                APIServiceIntegrationResponseExample:
+                  $ref: '#/components/examples/APIServiceIntegrationListResponse'
+        '401':
+          $ref: '#/components/responses/ErrorInvalidToken401'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.oauthIntegrations.read
+      tags:
+        - ApiServiceIntegrations
+    post:
+      summary: Create an API Service Integration instance
+      description: Creates and authorizes an API Service Integration instance
+      operationId: createApiServiceIntegrationInstance
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/postAPIServiceIntegrationInstanceRequest'
+            examples:
+              postAPIServiceIntegrationRequestExample:
+                $ref: '#/components/examples/postAPIServiceIntegrationRequest'
+        required: true
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/postAPIServiceIntegrationInstance'
+              examples:
+                APIServiceIntegrationResponseExample:
+                  $ref: '#/components/examples/postAPIServiceIntegrationResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '401':
+          $ref: '#/components/responses/ErrorInvalidToken401'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+      tags:
+        - ApiServiceIntegrations
+  /integrations/api/v1/api-services/{apiServiceId}:
+    parameters:
+      - $ref: '#/components/parameters/pathApiServiceId'
+    get:
+      summary: Retrieve an API Service Integration instance
+      description: Retrieves an API Service Integration instance by `id`
+      operationId: getApiServiceIntegrationInstance
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIServiceIntegrationInstance'
+              examples:
+                APIServiceIntegrationResponseExample:
+                  $ref: '#/components/examples/APIServiceIntegrationResponse'
+        '401':
+          $ref: '#/components/responses/ErrorInvalidToken401'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.oauthIntegrations.read
+      tags:
+        - ApiServiceIntegrations
+    delete:
+      summary: Delete an API Service Integration instance
+      description: Deletes an API Service Integration instance by `id`. This operation also revokes access to scopes that were previously granted to this API Service Integration instance.
+      operationId: deleteApiServiceIntegrationInstance
+      responses:
+        '204':
+          description: No Content
+        '401':
+          $ref: '#/components/responses/ErrorInvalidToken401'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.oauthIntegrations.manage
+      tags:
+        - ApiServiceIntegrations
+  /integrations/api/v1/api-services/{apiServiceId}/credentials/secrets:
+    parameters:
+      - $ref: '#/components/parameters/pathApiServiceId'
+    get:
+      summary: List all API Service Integration instance Secrets
+      description: Lists all client secrets for an API Service Integration instance by `apiServiceId`
+      operationId: listApiServiceIntegrationInstanceSecrets
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/APIServiceIntegrationInstanceSecret'
+              examples:
+                APIServiceIntegrationResponseExample:
+                  $ref: '#/components/examples/APIServiceIntegrationInstanceSecretListResponse'
+        '401':
+          $ref: '#/components/responses/ErrorInvalidToken401'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.oauthIntegrations.read
+      tags:
+        - ApiServiceIntegrations
+    post:
+      summary: Create an API Service Integration instance Secret
+      description: Creates an API Service Integration instance Secret object with a new active client secret. You can create up to two Secret objects. An error is returned if you attempt to create more than two Secret objects.
+      operationId: createApiServiceIntegrationInstanceSecret
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIServiceIntegrationInstanceSecret'
+              examples:
+                newAPIServiceIntegrationInstanceSecretResponse:
+                  $ref: '#/components/examples/newAPIServiceIntegrationInstanceSecretResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '401':
+          $ref: '#/components/responses/ErrorInvalidToken401'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.oauthIntegrations.manage
+      tags:
+        - ApiServiceIntegrations
+  /integrations/api/v1/api-services/{apiServiceId}/credentials/secrets/{secretId}:
+    parameters:
+      - $ref: '#/components/parameters/pathApiServiceId'
+      - $ref: '#/components/parameters/pathSecretId'
+    delete:
+      summary: Delete an API Service Integration instance Secret
+      description: Deletes an API Service Integration instance Secret by `secretId`. You can only delete an inactive Secret.
+      operationId: deleteApiServiceIntegrationInstanceSecret
+      responses:
+        '204':
+          description: No Content
+        '401':
+          $ref: '#/components/responses/ErrorInvalidToken401'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.oauthIntegrations.manage
+      tags:
+        - ApiServiceIntegrations
+  /integrations/api/v1/api-services/{apiServiceId}/credentials/secrets/{secretId}/lifecycle/activate:
+    parameters:
+      - $ref: '#/components/parameters/pathApiServiceId'
+      - $ref: '#/components/parameters/pathSecretId'
+    post:
+      summary: Activate an API Service Integration instance Secret
+      description: Activates an API Service Integration instance Secret by `secretId`
+      operationId: activateApiServiceIntegrationInstanceSecret
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIServiceIntegrationInstanceSecret'
+              examples:
+                activeAPIServiceIntegrationInstanceSecretResponse:
+                  $ref: '#/components/examples/activeAPIServiceIntegrationInstanceSecretResponse'
+        '401':
+          $ref: '#/components/responses/ErrorInvalidToken401'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.oauthIntegrations.manage
+      tags:
+        - ApiServiceIntegrations
+  /integrations/api/v1/api-services/{apiServiceId}/credentials/secrets/{secretId}/lifecycle/deactivate:
+    parameters:
+      - $ref: '#/components/parameters/pathApiServiceId'
+      - $ref: '#/components/parameters/pathSecretId'
+    post:
+      summary: Deactivate an API Service Integration instance Secret
+      description: Deactivates an API Service Integration instance Secret by `secretId`
+      operationId: deactivateApiServiceIntegrationInstanceSecret
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIServiceIntegrationInstanceSecret'
+              examples:
+                inactiveAPIServiceIntegrationInstanceSecretResponse:
+                  $ref: '#/components/examples/inactiveAPIServiceIntegrationInstanceSecretResponse'
+        '401':
+          $ref: '#/components/responses/ErrorInvalidToken401'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.oauthIntegrations.manage
+      tags:
+        - ApiServiceIntegrations
+components:
+  examples:
+    APIDevicesListAllResponse:
+      summary: Response example
+      value:
+        - id: guo4a5u7YAHhjXrMK0g4
+          status: CREATED
+          created: '2019-10-02T18:03:07.000Z'
+          lastUpdated: '2019-10-02T18:03:07.000Z'
+          profile:
+            displayName: Example Device name 1
+            platform: WINDOWS
+            serialNumber: XXDDRFCFRGF3M8MD6D
+            sid: S-1-11-111
+            registered: true
+            secureHardwarePresent: false
+            diskEncryptionType: ALL_INTERNAL_VOLUMES
+          resourceType: UDDevice
+          resourceDisplayName:
+            value: Example Device name 1
+            sensitive: false
+          resourceAlternateId: null
+          resourceId: guo4a5u7YAHhjXrMK0g4
+          _links:
+            activate:
+              href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4/lifecycle/activate
+              hints:
+                allow:
+                  - POST
+            self:
+              href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4
+              hints:
+                allow:
+                  - GET
+                  - PATCH
+                  - PUT
+            users:
+              href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4/users
+              hints:
+                allow:
+                  - GET
+        - id: guo4a5u7YAHhjXrMK0g5
+          status: ACTIVE
+          created: '2023-06-21T23:24:02.000Z'
+          lastUpdated: '2023-06-21T23:24:02.000Z'
+          profile:
+            displayName: Example Device name 2
+            platform: ANDROID
+            manufacturer: Google
+            model: Pixel 6
+            osVersion: 13:2023-05-05
+            registered: true
+            secureHardwarePresent: true
+            diskEncryptionType: USER
+          resourceType: UDDevice
+          resourceDisplayName:
+            value: Example Device name 2
+            sensitive: false
+          resourceAlternateId: null
+          resourceId: guo4a5u7YAHhjXrMK0g5
+          _links:
+            activate:
+              href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5/lifecycle/activate
+              hints:
+                allow:
+                  - POST
+            self:
+              href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5
+              hints:
+                allow:
+                  - GET
+                  - PATCH
+                  - PUT
+            users:
+              href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5/users
+              hints:
+                allow:
+                  - GET
+    APIDevicesListAllUsersResponse:
+      summary: Response example
+      value:
+        created: '2021-08-20T17:13:35.000Z'
+        managementStatus: NOT_MANAGED
+        screenLockType: BIOMETRIC
+        user:
+          id: 00u17vh0q8ov8IU881d7
+          status: ACTIVE
+          created: '2021-08-20T16:08:25.000Z'
+          activated: null
+          statusChanged: '2021-08-20T16:39:41.000Z'
+          lastLogin: '2023-04-18T17:54:12.000Z'
+          lastUpdated: '2021-12-20T18:27:30.000Z'
+          passwordChanged: '2021-12-20T18:27:30.000Z'
+          type:
+            id: oty17vh0n2EHVnbYF1d7
+          profile:
+            firstName: Bunk
+            lastName: Moreland
+            mobilePhone: null
+            secondEmail: null
+            login: bunk.moreland@example.com
+            email: bunk.moreland@example.com
+          credentials:
+            password: null
+            provider:
+              type: OKTA
+              name: OKTA
+          _links:
+            suspend:
+              href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/suspend
+              method: POST
+            schema:
+              href: https://{yourOktaDomain}/api/v1/meta/schemas/user/osc17vh0n2EHVnbYF1d7
+            resetPassword:
+              href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/reset_password
+              method: POST
+            forgotPassword:
+              href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/credentials/forgot_password
+              method: POST
+            expirePassword:
+              href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/expire_password
+              method: POST
+            changeRecoveryQuestion:
+              href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/credentials/change_recovery_question
+              method: POST
+            self:
+              href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7
+            resetFactors:
+              href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/reset_factors
+              method: POST
+            type:
+              href: https://{yourOktaDomain}/api/v1/meta/types/user/oty17vh0n2EHVnbYF1d7
+            changePassword:
+              href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/credentials/change_password
+              method: POST
+            deactivate:
+              href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/deactivate
+              method: POST
+    APIServiceIntegrationInstanceSecretListResponse:
+      summary: Secrets list response example
+      value:
+        - id: ocs2f4zrZbs8nUa7p0g4
+          status: INACTIVE
+          client_secret: '***DhOW'
+          secret_hash: yk4SVx4sUWVJVbHt6M-UPA
+          created: '2023-02-21T20:08:24.000Z'
+          lastUpdated: '2023-02-21T20:08:24.000Z'
+          _links:
+            activate:
+              href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f4zrZbs8nUa7p0g4/lifecycle/activate
+              hints:
+                allow:
+                  - POST
+            delete:
+              href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f4zrZbs8nUa7p0g4
+              hints:
+                allow:
+                  - DELETE
+        - id: ocs2f50kZB0cITmYU0g4
+          status: ACTIVE
+          client_secret: '***MQGQ'
+          secret_hash: 0WOOvBSzV9clc4Nr7Rbaug
+          created: '2023-04-06T21:32:33.000Z'
+          lastUpdated: '2023-04-06T21:32:33.000Z'
+          _links:
+            deactivate:
+              href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f50kZB0cITmYU0g4/lifecycle/deactivate
+              hints:
+                allow:
+                  - POST
+    APIServiceIntegrationListResponse:
+      summary: List response example
+      value:
+        - id: 0oa72lrepvp4WqEET1d9
+          type: my_app_cie
+          name: My App Cloud Identity Engine
+          createdAt: '2023-02-21T20:08:24.000Z'
+          createdBy: 00uu3u0ujW1P6AfZC2d5
+          configGuideUrl: https://{docDomain}/my-app-cie/configuration-guide
+          grantedScopes:
+            - okta.logs.read
+            - okta.groups.read
+            - okta.users.read
+          _links:
+            self:
+              href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa72lrepvp4WqEET1d9
+              hints:
+                allow:
+                  - GET
+                  - DELETE
+            client:
+              href: https://{yourOktaDomain}/oauth2/v1/clients/0oa72lrepvp4WqEET1d9
+              hints:
+                allow:
+                  - GET
+            logo:
+              name: small
+              href: https://{logoDomain}/{logoPath}/my_app_cie_small_logo
+    APIServiceIntegrationResponse:
+      summary: Response example
+      value:
+        id: 0oa72lrepvp4WqEET1d9
+        type: my_app_cie
+        name: My App Cloud Identity Engine
+        createdAt: '2023-02-21T20:08:24.000Z'
+        createdBy: 00uu3u0ujW1P6AfZC2d5
+        configGuideUrl: https://{docDomain}/my-app-cie/configuration-guide
+        grantedScopes:
+          - okta.logs.read
+          - okta.groups.read
+          - okta.users.read
+        _links:
+          self:
+            href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa72lrepvp4WqEET1d9
+            hints:
+              allow:
+                - GET
+                - DELETE
+          client:
+            href: https://{yourOktaDomain}/oauth2/v1/clients/0oa72lrepvp4WqEET1d9
+            hints:
+              allow:
+                - GET
+          logo:
+            name: small
+            href: https://{logoDomain}/{logoPath}/my_app_cie_small_logo
+    ActivateNetworkZone:
+      summary: Activated Network Zone response
+      value:
+        type: IP
+        id: nzowc1U5Jh5xuAK0o0g3
+        name: LegacyIpZone
+        status: ACTIVE
+        usage: POLICY
+        created: '2019-05-17T18:44:31.000Z'
+        lastUpdated: '2019-05-21T13:50:49.000Z'
+        system: true
+        gateways:
+          - type: CIDR
+            value: 1.2.3.4/24
+        proxies:
+          - type: RANGE
+            value: 3.3.4.5-3.3.4.15
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    AddMappingBody:
+      summary: Update an existing profile mapping by adding one or more properties
+      value:
+        properties:
+          additionalProperties:
+            fullName:
+              expression: user.firstName + user.lastName
+              pushStatus: PUSH
+            nickName:
+              expression: user.nickName
+              pushStatus: PUSH
+    AddMappingResponse:
+      summary: Update an existing profile mapping by adding one or more properties
+      value:
+        id: prm1k47ghydIQOTBW0g4
+        source:
+          id: otysbePhQ3yqt4cVv0g3
+          name: user
+          type: user
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/meta/types/user/otysbePhQ3yqt4cVv0g3
+            schema:
+              href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscsbePhQ3yqt4cVv0g3
+        target:
+          id: 0oa1qmn4LZQQEH0wZ0g4
+          name: okta_org2org
+          type: appuser
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/apps/0oa1qmn4LZQQEH0wZ0g4
+            schema:
+              href: https://{yourOktaDomain}/api/v1/meta/schemas/apps/0oa1qmn4LZQQEH0wZ0g4/default
+        properties:
+          fullName:
+            expression: user.firstName + user.lastName
+            pushStatus: PUSH
+          nickName:
+            expression: user.nickName
+            pushStatus: PUSH
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/mappings/prm1k48weFSOnEUnw0g4
+    ApiTokenListMetadataResponse:
+      value:
+        - name: My API Token
+          userId: 00uabcdefg1234567890
+          tokenWindow: P30D
+          id: 00Tabcdefg1234567890
+          clientName: Okta API
+          expiresAt: 2021-12-11T20:38:10.000Z
+          created: 2021-11-09T20:38:10.000Z
+          lastUpdated: 2021-11-11T20:38:10.000Z
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/api-tokens/00Tabcdefg1234567890
+              hints:
+                allow:
+                  - GET
+                  - DELETE
+            user:
+              href: https://{yourOktaDomain}/api/v1/users/00uabcdefg1234567890
+              hints:
+                allow:
+                  - GET
+        - name: Another API Token
+          userId: 00uabcdefg1234567890
+          tokenWindow: PT5M
+          id: 00T1234567890abcdefg
+          clientName: Okta API
+          expiresAt: 2021-11-11T20:43:10.000Z
+          created: 2021-11-09T20:38:10.000Z
+          lastUpdated: 2021-11-11T20:38:10.000Z
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/api-tokens/00T1234567890abcdefg
+              hints:
+                allow:
+                  - GET
+                  - DELETE
+            user:
+              href: https://{yourOktaDomain}/api/v1/users/00uabcdefg1234567890
+              hints:
+                allow:
+                  - GET
+    ApiTokenMetadataResponse:
+      value:
+        name: My API Token
+        userId: 00uXXXXXXXXXXXXXXXXX
+        tokenWindow: P30D
+        id: 00Tabcdefg1234567890
+        clientName: Okta API
+        expiresAt: 2021-12-11T20:38:10.000Z
+        created: 2021-11-09T20:38:10.000Z
+        lastUpdated: 2021-11-11T20:38:10.000Z
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/api-tokens/00Tabcdefg1234567890
+            hints:
+              allow:
+                - GET
+                - DELETE
+          user:
+            href: https://{yourOktaDomain}/api/v1/users/00uXXXXXXXXXXXXXXXXX
+            hints:
+              allow:
+                - GET
+    AppFeatureListResponseEx:
+      summary: List app Feature response
+      value:
+        - name: USER_PROVISIONING
+          status: ENABLED
+          description: User provisioning settings from Okta to a downstream application
+          capabilities:
+            create:
+              lifecycleCreate:
+                status: DISABLED
+            update:
+              profile:
+                status: DISABLED
+              lifecycleDeactivate:
+                status: DISABLED
+              password:
+                status: DISABLED
+                seed: RANDOM
+                change: KEEP_EXISTING
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/apps/${appId}/features/USER_PROVISIONING
+              hints:
+                allow:
+                  - GET
+                  - PUT
+    AppFeatureResponseEx:
+      summary: App Feature response
+      value:
+        name: USER_PROVISIONING
+        status: ENABLED
+        description: User provisioning settings from Okta to a downstream application
+        capabilities:
+          create:
+            lifecycleCreate:
+              status: DISABLED
+          update:
+            profile:
+              status: DISABLED
+            lifecycleDeactivate:
+              status: DISABLED
+            password:
+              status: DISABLED
+              seed: RANDOM
+              change: KEEP_EXISTING
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/apps/${appId}/features/USER_PROVISIONING
+            hints:
+              allow:
+                - GET
+                - PUT
+    AppUserSchemaAddRequest:
+      value:
+        definitions:
+          custom:
+            id: '#custom'
+            type: object
+            properties:
+              twitterUserName:
+                title: Twitter username
+                description: User's username for twitter.com
+                type: string
+                required: false
+                minLength: 1
+                maxLength: 20
+            required: []
+    AppUserSchemaResponse:
+      value:
+        id: https://{yourOktaDomain}/meta/schemas/apps/0oa25gejWwdXNnFH90g4/default
+        $schema: http://json-schema.org/draft-04/schema#
+        name: Example App
+        title: Example App User
+        lastUpdated: '2017-07-18T23:18:43.000Z'
+        created: '2017-07-18T22:35:30.000Z'
+        definitions:
+          base:
+            id: '#base'
+            type: object
+            properties:
+              userName:
+                title: Username
+                type: string
+                required: true
+                scope: NONE
+                maxLength: 100
+            required:
+              - userName
+          custom:
+            id: '#custom'
+            type: object
+            properties:
+              twitterUserName:
+                title: Twitter username
+                description: User's username for twitter.com
+                type: string
+                scope: NONE
+                minLength: 1
+                maxLength: 20
+            required: []
+        type: object
+        properties:
+          profile:
+            allOf:
+              - $ref: '#/definitions/base'
+              - $ref: '#/definitions/custom'
+    AssignGroupOwnerRequest:
+      summary: Assign a group owner request example
+      value:
+        id: 00u1cmc03xjzePoWD0h8
+        type: USER
+    AssignGroupOwnerResponse:
+      summary: Assign a group owner response example
+      value:
+        id: 00u1cmc03xjzePoWD0h8
+        type: USER
+        resolved: true
+        originId: null
+        originType: OKTA_DIRECTORY
+        displayName: Oliver Putnam
+        lastUpdated: Wed Mar 29 18:34:31 UTC 2023
+    AuthenticatorRequestDuo:
+      value:
+        key: duo
+        name: Duo Security
+        provider:
+          type: DUO
+          configuration:
+            userNameTemplate:
+              template: oktaId
+            integrationKey: testIntegrationKey
+            secretKey: testSecretKey
+            host: https://api-xxxxxxxx.duosecurity.com
+    AuthenticatorResponseDuo:
+      value:
+        type: app
+        id: aut9gnvcjUHIWb37J0g4
+        key: duo
+        status: ACTIVE
+        name: Duo Security
+        created: '2022-07-15T21:14:02.000Z'
+        lastUpdated: '2022-07-15T21:14:02.000Z'
+        settings: {}
+        provider:
+          type: DUO
+          configuration:
+            host: https://api-xxxxxxxx.duosecurity.com
+            userNameTemplate:
+              template: oktaId
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/authenticators/aut5gnvcjUHIWb25J0g4
+            hints:
+              allow:
+                - GET
+                - PUT
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/authenticators/aut5gnvcjUHIWb25J0g4/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+          methods:
+            href: https://{yourOktaDomain}/api/v1/authenticators/aut5gnvcjUHIWb25J0g4/methods
+            hints:
+              allow:
+                - GET
+    AuthenticatorResponseEmail: &ref_0
+      value:
+        type: email
+        id: aut1nbsPHh7jNjjyP0g4
+        key: okta_email
+        status: ACTIVE
+        name: Email
+        created: '2020-07-26T21:05:23.000Z'
+        lastUpdated: '2020-07-28T21:45:52.000Z'
+        settings:
+          allowedFor: any
+          tokenLifetimeInMinutes: 5
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4
+            hints:
+              allow:
+                - GET
+                - PUT
+          methods:
+            href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4/methods
+            hints:
+              allow:
+                - GET
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    AuthenticatorResponsePassword: &ref_1
+      value:
+        type: password
+        id: aut1nbtrJKKA9m45a0g4
+        key: okta_password
+        status: ACTIVE
+        name: Password
+        created: '2020-07-26T21:05:23.000Z'
+        lastUpdated: '2020-07-26T21:05:23.000Z'
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbtrJKKA9m45a0g4
+            hints:
+              allow:
+                - GET
+                - PUT
+          methods:
+            href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbtrJKKA9m45a0g4/methods
+            hints:
+              allow:
+                - GET
+    AuthenticatorResponsePhone: &ref_2
+      value:
+        type: phone
+        id: aut1nbuyD8m1ckAYc0g4
+        key: phone_number
+        status: INACTIVE
+        name: Phone
+        created: '2020-07-26T21:05:23.000Z'
+        lastUpdated: '2020-07-29T00:21:29.000Z'
+        settings:
+          allowedFor: none
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4
+            hints:
+              allow:
+                - GET
+                - PUT
+          methods:
+            href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4/methods
+            hints:
+              allow:
+                - GET
+          activate:
+            href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4/lifecycle/activate
+            hints:
+              allow:
+                - POST
+    AuthenticatorResponseSecurityQuestion:
+      summary: Security Question
+      value:
+        type: security_question
+        id: aut1nbvIgEenhwE6c0g4
+        key: security_question
+        status: ACTIVE
+        name: Security Question
+        created: '2020-07-26T21:05:23.000Z'
+        lastUpdated: '2020-07-26T21:05:23.000Z'
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbvIgEenhwE6c0g4
+            hints:
+              allow:
+                - GET
+          methods:
+            href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbvIgEenhwE6c0g4/methods
+            hints:
+              allow:
+                - GET
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbvIgEenhwE6c0g4/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    AuthenticatorResponseWebAuthn: &ref_3
+      value:
+        type: security_key
+        id: aut1nd8PQhGcQtSxB0g4
+        key: webauthn
+        status: ACTIVE
+        name: Security Key or Biometric
+        created: '2020-07-26T21:16:37.000Z'
+        lastUpdated: '2020-07-27T18:59:30.000Z'
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4
+            hints:
+              allow:
+                - GET
+                - PUT
+          methods:
+            href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods
+            hints:
+              allow:
+                - GET
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    AuthenticatorsResponse:
+      summary: Org Authenticators
+      value:
+        - *ref_0
+        - *ref_1
+        - *ref_2
+        - *ref_3
+    BehaviorRuleRequest:
+      value:
+        name: My Behavior Rule
+        type: VELOCITY
+    BehaviorRuleResponse:
+      value:
+        id: abcd1234
+        name: My Behavior Rule
+        type: VELOCITY
+        settings:
+          velocityKph: 805
+        status: ACTIVE
+        created: 2021-11-09T20:38:10.000Z
+        lastUpdated: 2021-11-11T20:38:10.000Z
+        _link:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/behaviors/abcd1234
+            hints:
+              allow:
+                - GET
+                - POST
+                - PUT
+                - DELETE
+    CAPTCHAInstanceRequestHCaptcha:
+      value:
+        name: myHCaptcha
+        secretKey: xxxxxxxxxxx
+        siteKey: xxxxxxxxxxx
+        type: HCAPTCHA
+    CAPTCHAInstanceRequestReCaptcha:
+      value:
+        name: myReCaptcha
+        secretKey: xxxxxxxxxxx
+        siteKey: yyyyyyyyyyyyyyy
+        type: RECAPTCHA_V2
+    CAPTCHAInstanceResponseHCaptcha:
+      value:
+        id: abcd1234
+        name: myHCaptcha
+        siteKey: xxxxxxxxxxx
+        type: HCAPTCHA
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/captchas/abcd1234
+            hints:
+              allow:
+                - GET
+                - POST
+                - PUT
+                - DELETE
+    CAPTCHAInstanceResponseReCaptcha:
+      value:
+        id: abcd4567
+        name: myReCaptcha
+        siteKey: yyyyyyyyyyyyyyy
+        type: RECAPTCHA_V2
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/captchas/abcd4567
+            hints:
+              allow:
+                - GET
+                - POST
+                - PUT
+                - DELETE
+    CreateBrandRequest:
+      value:
+        name: My Awesome Brand
+    CreateBrandResponse:
+      value:
+        id: bnd114iNkrcN6aR680g5
+        removePoweredByOkta: false
+        customPrivacyPolicyUrl: null
+        name: My Awesome Brand
+        locale: en
+        defaultApp:
+          appInstanceId: 0oa114iNkrcN6aR680g4
+          appLinkName: null
+          classicApplicationUri: null
+        isDefault: false
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g5
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          themes:
+            href: https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g5/themes
+            hints:
+              allow:
+                - GET
+    CreateEmailDomainRequest:
+      value:
+        displayName: Admin
+        userName: admin
+        domain: example.com
+        brandId: bnd100iSrkcN6aR680g1
+    CreateHookKeyResponse:
+      summary: Create a key response example
+      value:
+        id: HKY1p7jWLndGQV9M60g4
+        keyId: 7fbc27fd-e3df-4522-86bf-1930110256ad
+        name: My new key
+        created: '2022-08-31T18:09:58.000Z'
+        lastUpdated: '2022-08-31T18:09:58.000Z'
+        isUsed: 'false'
+        _embedded:
+          kty: RSA
+          alg: RSA
+          kid: 7fbc27fd-e3df-4522-86bf-1930110256ad
+          use: 'null'
+          e: AQAB
+          'n': 2naqCnv6r4xNQs7207lRtKQvdtnlVND-8k5iYBIiqoKGY3CqUmRm1jleoOniiQoMkFX8Wj2DmVqr002efF3vOQ7_gjtTatBTVUNbNIQLybun4dkVoUtfP7pRc5SLpcP3eGPRVar734ZrpQXzmCEdpqBt3jrVjwYjNE5DqOjbYXFJtMsy8CWE9LRJ3kyHEoHPzo22dG_vMrXH0_sAQoCk_4TgNCbvyzVmGVYXI_BkUnp0hv2pR4bQVRYzGB9dKJdctOh8zULqc_EJ8tiYsS05YnF7whrWEyARK0rH-e4d4W-OmBTga_zhY4kJ4NsoQ4PyvcatZkxjPO92QHQOFDnf3w`
+    CreateIPPolicyBlockListNetworkZone:
+      summary: Create an IP Policy Blocklist Network Zone
+      value:
+        type: IP
+        name: newBlockListNetworkZone
+        status: ACTIVE
+        usage: BLOCKLIST
+        gateways:
+          - type: CIDR
+            value: 1.2.3.4/24
+          - type: CIDR
+            value: 2.3.4.5/24
+        proxies: null
+    CreateIPPolicyBlockListNetworkZoneResponse:
+      summary: IP Policy Blocklist Network Zone Response
+      value:
+        type: IP
+        id: nzo1qasnPb1kqEq0e0g4
+        name: newBlockListNetworkzone
+        status: ACTIVE
+        usage: BLOCKLIST
+        created: '2020-10-12T18:58:02.000Z'
+        lastUpdated: '2020-10-12T18:58:02.000Z'
+        system: false
+        gateways:
+          - type: CIDR
+            value: 1.2.3.4/24
+          - type: CIDR
+            value: 2.3.4.5/24
+        proxies: null
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/zones/nzo1qasnPb1kqEq0e0g4
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/zones/nzo1qasnPb1kqEq0e0g4/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    CreateIPPolicyNetworkZone:
+      summary: Create an IP Policy Network Zone
+      value:
+        type: IP
+        name: newNetworkZone
+        gateways:
+          - type: CIDR
+            value: 1.2.3.4/24
+          - type: CIDR
+            value: 2.3.4.5/24
+        proxies:
+          - type: CIDR
+            value: 2.2.3.4/24
+          - type: CIDR
+            value: 3.3.4.5/24
+    CreateIPPolicyNetworkZoneResponse:
+      summary: IP Policy Network Zone Response
+      value:
+        type: IP
+        id: nzowc1U5Jh5xuAK0o0g3
+        name: newNetworkZone
+        status: ACTIVE
+        usage: POLICY
+        created: '2019-05-17T18:44:31.000Z'
+        lastUpdated: '2019-05-21T13:50:49.000Z'
+        system: false
+        gateways:
+          - type: CIDR
+            value: 1.2.3.4/24'
+          - type: CIDR
+            value: 2.3.4.5/24
+        proxies:
+          - type: CIDR
+            value: 2.2.3.4/24
+          - type: CIDR
+            value: 3.3.4.5/24
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    CreateUISchemaBody:
+      summary: UI Schema body request
+      value:
+        uiSchema:
+          type: Group
+          elements:
+            - type: Control
+              scope: '#/properties/firstName'
+              label: First Name
+              options:
+                format: text
+            - type: Control
+              scope: '#/properties/lastName'
+              label: Last Name
+              options:
+                format: text
+            - type: Control
+              scope: '#/properties/email'
+              label: Primary email
+              options:
+                format: text
+          buttonLabel: Submit
+          label: Sign in
+    CreateUISchemaResponse:
+      summary: Returns full UI Schema body
+      value:
+        id: uis4a7liocgcRgcxZ0g7
+        uiSchema:
+          type: Group
+          label: Sign in
+          buttonLabel: Submit
+          elements:
+            - type: Control
+              scope: '#/properties/firstName'
+              label: First name
+              options:
+                format: text
+            - type: Control
+              scope: '#/properties/lastName'
+              label: Last name
+              options:
+                format: text
+            - type: Control
+              scope: '#/properties/email'
+              label: Primary email
+              options:
+                format: text
+        created: '2022-07-25T12:56:31.000Z'
+        lastUpdated: '2022-07-26T11:53:59.000Z'
+        _links:
+          self:
+            href: https://exmaple.com/api/v1/meta/uischemas/uis4a7liocgcRgcxZ0g7
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+    CreateUpdateEmailCustomizationRequest:
+      value:
+        language: fr
+        subject: Bienvenue dans ${org.name}!
+        body: <!DOCTYPE html><html><body><p>Bonjour ${user.profile.firstName}. <a href="${activationLink}">Activer le compte</a></p></body></html>
+        isDefault: false
+    CreateUpdateEmailCustomizationResponse:
+      value:
+        language: fr
+        subject: Bienvenue dans ${org.name}!
+        body: <!DOCTYPE html><html><body><p>Bonjour ${user.profile.firstName}. <a href="${activationLink}">Activer le compte</a></p></body></html>
+        isDefault: false
+        id: oel11u6DqUiMbQkpl0g4
+        created: 2021-11-09T20:38:10.000Z
+        lastUpdated: 2021-11-11T20:38:10.000Z
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          template:
+            href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
+            hints:
+              allow:
+                - GET
+          preview:
+            href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4/preview
+            hints:
+              allow:
+                - GET
+          test:
+            href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test
+            hints:
+              allow:
+                - POST
+    CreateUpdateIamRolePermissionRequestExample:
+      value:
+        conditions:
+          include:
+            okta:ResourceAttribute/User/Profile:
+              - city
+              - state
+              - zipCode
+    CreateUserRequest:
+      summary: Create a user type request
+      value:
+        description: A new custom user type
+        displayName: New User Type
+        name: newUserType
+    CreateUserResponse:
+      summary: Create a user type response
+      value:
+        id: otyfnly5cQjJT9PnR0g4
+        displayName: New User Type
+        name: newUserType
+        description: A new custom user type
+        createdBy: sprz9fj1ycBcsgopy1d6
+        lastUpdatedBy: sprz9fj1ycBcsgopy1d6
+        created: '2021-07-05T20:40:38.000Z'
+        lastUpdated: '2021-07-05T20:40:38.000Z'
+        default: false
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+          schema:
+            href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+    DeactivateNetworkZone:
+      summary: Deactivated Network Zone response
+      value:
+        type: IP
+        id: nzowc1U5Jh5xuAK0o0g3
+        name: LegacyIpZone
+        status: INACTIVE
+        usage: POLICY
+        created: '2019-05-17T18:44:31.000Z'
+        lastUpdated: '2019-05-21T13:50:49.000Z'
+        system: true
+        gateways:
+          - type: CIDR
+            value: 1.2.3.4/24
+        proxies:
+          - type: RANGE
+            value: 3.3.4.5-3.3.4.15
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    DefaultRealmResponse:
+      value:
+        id: guox9jQ16k9V8IQWL0g3
+        created: 2022-04-04T15:56:05.000Z
+        lastUpdated: 2022-05-05T18:15:44.000Z
+        isDefault: true
+        profile:
+          name: Default Realm
+        _links:
+          self:
+            rel: self
+            href: http://your-subdomain.okta.com/api/v1/realms/guox9jQ16k9V8IQWL0g3
+            method: GET
+    DeviceAssuranceAndroidRequest:
+      summary: Android request
+      value:
+        name: Device Assurance Android
+        osVersion:
+          minimum: 12.4.5
+        diskEncryptionType:
+          include:
+            - USER
+            - FULL
+        jailbreak: false
+        platform: ANDROID
+        screenLockType:
+          include:
+            - BIOMETRIC
+        secureHardwarePresent: true
+    DeviceAssuranceAndroidResponse:
+      summary: Android response
+      value:
+        id: dae3m8o4rWhwReDeM1c5
+        name: Device Assurance Android
+        lastUpdate: '2022-01-01T00:00:00.000Z'
+        createdUpdate: '2022-01-01T00:00:00.000Z'
+        lastUpdatedBy: 00u217pyf72CdUrBt1c5
+        createdBy: 00u217pyf72CdUrBt1c5
+        osVersion:
+          minimum: 12.4.5
+        diskEncryptionType:
+          include:
+            - USER
+            - FULL
+        jailbreak: false
+        platform: ANDROID
+        screenLockType:
+          include:
+            - BIOMETRIC
+        secureHardwarePresent: true
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+            hints:
+              allow:
+                - DELETE
+                - GET
+                - PUT
+    DeviceAssuranceChromeOSWithThirdPartySignalProvidersRequest:
+      x-okta-lifecycle:
+        features:
+          - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+      summary: ChromeOS with third-party signal providers request
+      value:
+        name: Device Assurance ChromeOS
+        platform: CHROMEOS
+        thirdPartySignalProviders:
+          dtc:
+            osVersion:
+              minimum: 10.0.19041.1110
+            diskEncrypted: true
+            osFirewall: true
+            screenLockSecured: true
+            allowScreenLock: true
+            browserVersion:
+              minimum: 15393.27.0
+            deviceEnrollmentDomain: testDomain
+            builtInDnsClientEnabled: true
+            chromeRemoteDesktopAppBlocked: true
+            safeBrowsingProtectionLevel: ENHANCED_PROTECTION
+            siteIsolationEnabled: true
+            passwordProtectionWarningTrigger: PASSWORD_PROTECTION_OFF
+            realtimeUrlCheckMode: true
+            keyTrustLevel: CHROME_OS_VERIFIED_MODE
+    DeviceAssuranceChromeOSWithThirdPartySignalProvidersResponse:
+      x-okta-lifecycle:
+        features:
+          - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+      summary: ChromeOS with third-party signal providers response
+      value:
+        id: dae3m8o4rWhwReDeM1c5
+        name: Device Assurance ChromeOS
+        lastUpdate: '2022-01-01T00:00:00.000Z'
+        createdUpdate: '2022-01-01T00:00:00.000Z'
+        lastUpdatedBy: 00u217pyf72CdUrBt1c5
+        createdBy: 00u217pyf72CdUrBt1c5
+        platform: CHROMEOS
+        thirdPartySignalProviders:
+          dtc:
+            osVersion:
+              minimum: 10.0.19041.1110
+            diskEncrypted: true
+            osFirewall: true
+            screenLockSecured: true
+            allowScreenLock: true
+            browserVersion:
+              minimum: 15393.27.0
+            deviceEnrollmentDomain: testDomain
+            builtInDnsClientEnabled: true
+            chromeRemoteDesktopAppBlocked: true
+            safeBrowsingProtectionLevel: ENHANCED_PROTECTION
+            siteIsolationEnabled: true
+            passwordProtectionWarningTrigger: PASSWORD_PROTECTION_OFF
+            realtimeUrlCheckMode: true
+            keyTrustLevel: CHROME_OS_VERIFIED_MODE
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+            hints:
+              allow:
+                - DELETE
+                - GET
+                - PUT
+    DeviceAssuranceIosRequest:
+      summary: iOS request
+      value:
+        name: Device Assurance iOS
+        osVersion:
+          minimum: 12.4.5
+        jailbreak: false
+        platform: IOS
+        screenLockType:
+          include:
+            - BIOMETRIC
+    DeviceAssuranceIosResponse:
+      summary: iOS response
+      value:
+        id: dae3m8o4rWhwReDeM1c5
+        name: Device Assurance iOS
+        lastUpdate: '2022-01-01T00:00:00.000Z'
+        createdUpdate: '2022-01-01T00:00:00.000Z'
+        lastUpdatedBy: 00u217pyf72CdUrBt1c5
+        createdBy: 00u217pyf72CdUrBt1c5
+        osVersion:
+          minimum: 12.4.5.9
+        jailbroken: false
+        platform: IOS
+        screenLockType:
+          include:
+            - BIOMETRIC
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+            hints:
+              allow:
+                - DELETE
+                - GET
+                - PUT
+    DeviceAssuranceMacOSRequest:
+      summary: macOS request
+      value:
+        name: Device Assurance macOS
+        osVersion:
+          minimum: 12.4.5
+        diskEncryptionType:
+          include:
+            - ALL_INTERNAL_VOLUMES
+        platform: MACOS
+        screenLockType:
+          include:
+            - PASSCODE
+            - BIOMETRIC
+        secureHardwarePresent: true
+    DeviceAssuranceMacOSResponse:
+      summary: macOS response
+      value:
+        id: dae3m8o4rWhwReDeM1c5
+        name: Device Assurance macOS
+        lastUpdate: '2022-01-01T00:00:00.000Z'
+        createdUpdate: '2022-01-01T00:00:00.000Z'
+        lastUpdatedBy: 00u217pyf72CdUrBt1c5
+        createdBy: 00u217pyf72CdUrBt1c5
+        osVersion:
+          minimum: 12.4.5
+        diskEncryptionType:
+          include:
+            - ALL_INTERNAL_VOLUMES
+        platform: MACOS
+        screenLockType:
+          include:
+            - PASSCODE
+            - BIOMETRIC
+        secureHardwarePresent: true
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+            hints:
+              allow:
+                - DELETE
+                - GET
+                - PUT
+    DeviceAssuranceMacOSWithThirdPartySignalProvidersRequest:
+      x-okta-lifecycle:
+        features:
+          - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+      summary: macOS with third-party signal providers request
+      value:
+        name: Device Assurance macOS
+        osVersion:
+          minimum: 12.4.5
+        diskEncryptionType:
+          include:
+            - ALL_INTERNAL_VOLUMES
+        platform: MACOS
+        screenLockType:
+          include:
+            - PASSCODE
+            - BIOMETRIC
+        secureHardwarePresent: true
+        thirdPartySignalProviders:
+          dtc:
+            osVersion:
+              minimum: 10.0.19041.1110
+            diskEncrypted: true
+            osFirewall: true
+            screenLockSecured: true
+            browserVersion:
+              minimum: 15393.27.0
+            deviceEnrollmentDomain": testDomain
+            builtInDnsClientEnabled": true
+            chromeRemoteDesktopAppBlocked": true
+            safeBrowsingProtectionLevel": true
+            siteIsolationEnabled": true
+            passwordProtectionWarningTrigger": PASSWORD_PROTECTION_OFF
+            realtimeUrlCheckMode": true
+    DeviceAssuranceMacOSWithThirdPartySignalProvidersResponse:
+      x-okta-lifecycle:
+        features:
+          - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+      summary: macOS with third-party signal providers response
+      value:
+        id: dae3m8o4rWhwReDeM1c5
+        name: Device Assurance macOS
+        lastUpdate: '2022-01-01T00:00:00.000Z'
+        createdUpdate: '2022-01-01T00:00:00.000Z'
+        lastUpdatedBy: 00u217pyf72CdUrBt1c5
+        createdBy: 00u217pyf72CdUrBt1c5
+        osVersion:
+          minimum: 12.4.5.9
+        diskEncryptionType:
+          include:
+            - ALL_INTERNAL_VOLUMES
+        platform: MACOS
+        screenLockType:
+          include:
+            - PASSCODE
+            - BIOMETRIC
+        secureHardwarePresent: true
+        thirdPartySignalProviders:
+          dtc:
+            osVersion:
+              minimum: 10.0.19041.1110
+            diskEncrypted: true
+            osFirewall: true
+            screenLockSecured: true
+            browserVersion:
+              minimum: 15393.27.0
+            deviceEnrollmentDomain: testDomain
+            builtInDnsClientEnabled: true
+            chromeRemoteDesktopAppBlocked: true
+            safeBrowsingProtectionLevel: ENHANCED_PROTECTION
+            siteIsolationEnabled: true
+            passwordProtectionWarningTrigger: PASSWORD_PROTECTION_OFF
+            realtimeUrlCheckMode: true
+            keyTrustLevel: CHROME_BROWSER_HW_KEY
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+            hints:
+              allow:
+                - DELETE
+                - GET
+                - PUT
+    DeviceAssuranceWindowsRequest:
+      summary: Windows request
+      value:
+        name: Device Assurance Windows
+        osVersion:
+          minimum: 12.4.5.9
+        diskEncryptionType:
+          include:
+            - ALL_INTERNAL_VOLUMES
+        platform: WINDOWS
+        screenLockType:
+          include:
+            - PASSCODE
+            - BIOMETRIC
+        secureHardwarePresent: true
+    DeviceAssuranceWindowsResponse:
+      summary: Windows response
+      value:
+        id: dae3m8o4rWhwReDeM1c5
+        name: Device Assurance Windows
+        lastUpdate: '2022-01-01T00:00:00.000Z'
+        createdUpdate: '2022-01-01T00:00:00.000Z'
+        lastUpdatedBy: 00u217pyf72CdUrBt1c5
+        createdBy: 00u217pyf72CdUrBt1c5
+        osVersion:
+          minimum: 12.4.5.9
+        diskEncryptionType:
+          include:
+            - ALL_INTERNAL_VOLUMES
+        platform: WINDOWS
+        screenLockType:
+          include:
+            - PASSCODE
+            - BIOMETRIC
+        secureHardwarePresent: true
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+            hints:
+              allow:
+                - DELETE
+                - GET
+                - PUT
+    DeviceAssuranceWindowsWithThirdPartySignalProvidersRequest:
+      x-okta-lifecycle:
+        features:
+          - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+      summary: Windows with third-party signal providers request
+      value:
+        name: Device Assurance Windows
+        osVersion:
+          minimum: 12.4.5.9
+        diskEncryptionType:
+          include:
+            - ALL_INTERNAL_VOLUMES
+        platform: WINDOWS
+        screenLockType:
+          include:
+            - PASSCODE
+            - BIOMETRIC
+        secureHardwarePresent: true
+        thirdPartySignalProviders:
+          dtc:
+            osVersion:
+              minimum: 10.0.19041.1110
+            diskEncrypted: true
+            osFirewall: true
+            screenLockSecured: true
+            browserVersion:
+              minimum: 15393.27.0
+            deviceEnrollmentDomain: testDomain
+            builtInDnsClientEnabled: true
+            chromeRemoteDesktopAppBlocked: true
+            safeBrowsingProtectionLevel: ENHANCED_PROTECTION
+            siteIsolationEnabled: true
+            passwordProtectionWarningTrigger: PASSWORD_PROTECTION_OFF
+            realtimeUrlCheckMode: true
+            secureBootEnabled: true
+            windowsMachineDomain: testMachineDomain
+            windowsUserDomain: testUserDomain
+            thirdPartyBlockingEnabled: true
+            crowdStrikeCustomerId: testCustomerId
+            crowdStrikeAgentId": testAgentId
+            keyTrustLevel: CHROME_BROWSER_HW_KEY
+    DeviceAssuranceWindowsWithThirdPartySignalProvidersResponse:
+      x-okta-lifecycle:
+        features:
+          - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+      summary: Windows with third-party signal providers response
+      value:
+        id: dae3m8o4rWhwReDeM1c5
+        name: Device Assurance Windows
+        lastUpdate: '2022-01-01T00:00:00.000Z'
+        createdUpdate: '2022-01-01T00:00:00.000Z'
+        lastUpdatedBy: 00u217pyf72CdUrBt1c5
+        createdBy: 00u217pyf72CdUrBt1c5
+        osVersion:
+          minimum: 12.4.5.9
+        diskEncryptionType:
+          include:
+            - ALL_INTERNAL_VOLUMES
+        platform: WINDOWS
+        screenLockType:
+          include:
+            - PASSCODE
+            - BIOMETRIC
+        secureHardwarePresent: true
+        thirdPartySignalProviders:
+          dtc:
+            osVersion:
+              minimum: 10.0.19041.1110
+            diskEncrypted: true
+            osFirewall: true
+            screenLockSecured: true
+            browserVersion:
+              minimum: 15393.27.0
+            deviceEnrollmentDomain: testDomain
+            builtInDnsClientEnabled: true
+            chromeRemoteDesktopAppBlocked: true
+            safeBrowsingProtectionLevel: ENHANCED_PROTECTION
+            siteIsolationEnabled: true
+            passwordProtectionWarningTrigger: PASSWORD_PROTECTION_OFF
+            realtimeUrlCheckMode: true
+            secureBootEnabled: true
+            windowsMachineDomain: testMachineDomain
+            windowsUserDomain: testUserDomain
+            thirdPartyBlockingEnabled: true
+            crowdStrikeCustomerId: testCustomerId
+            crowdStrikeAgentId": testAgentId
+            keyTrustLevel: CHROME_BROWSER_HW_KEY
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+            hints:
+              allow:
+                - DELETE
+                - GET
+                - PUT
+    DeviceResponse:
+      value:
+        id: guo8jx5vVoxfvJeLb0w4
+        status: ACTIVE
+        created: '2020-11-03T21:47:01.000Z'
+        lastUpdated: '2020-11-03T23:46:27.000Z'
+        profile:
+          displayName: DESKTOP-EHAD3IE
+          platform: WINDOWS
+          manufacturer: International Corp
+          model: VMware7,1
+          osVersion: 10.0.18362
+          serialNumber: 56 4d 4f 95 74 c5 d3 e7-fc 3a 57 9c c2 f8 5d ce
+          udid: 954F4D56-C574-E7D3-FC3A-579CC2F85DCE
+          sid: S-1-5-21-3992267483-1860856704-2413701314-500
+          registered: true
+          secureHardwarePresent: false
+          diskEncryptionType: NONE
+        resourceId: guo8jx5vVoxfvJeLb0w4
+        resourceDisplayName:
+          value: DESKTOP-EHAD3IE
+          sensitive: false
+        resourceType: UDDevice
+        resourceAlternateId: null
+        _links:
+          suspend:
+            href: https://{yourOktaDomain}/api/v1/devices/guo8jx5vVoxfvJeLb0w4/lifecycle/suspend
+            hints:
+              allow:
+                - POST
+          self:
+            href: https://{yourOktaDomain}/api/v1/devices/guo8jx5vVoxfvJeLb0w4
+            hints:
+              allow:
+                - GET
+                - PATCH
+                - PUT
+          users:
+            href: https://{yourOktaDomain}/api/v1/devices/guo8jx5vVoxfvJeLb0w4/users
+            hints:
+              allow:
+                - GET
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/devices/guo8jx5vVoxfvJeLb0w4/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    EmailCustomizationResponse:
+      value:
+        language: en
+        isDefault: true
+        subject: Welcome to ${org.name}!
+        body: <!DOCTYPE html><html><body><p>Hello, ${user.profile.firstName}. Click <a href="${activationLink}">here</a> to activate your account.</body></html>
+        id: oel11u6DqUiMbQkpl0g4
+        created: 2021-11-09T20:38:10.000Z
+        lastUpdated: 2021-11-11T20:38:10.000Z
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          template:
+            href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
+            hints:
+              allow:
+                - GET
+          preview:
+            href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4/preview
+            hints:
+              allow:
+                - GET
+          test:
+            href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test
+            hints:
+              allow:
+                - POST
+    EmailDomainResponse:
+      value:
+        id: OeD114iNkrcN6aR680g4
+        validationStatus: NOT_STARTED
+        displayName: Admin
+        userName: admin
+        domain: example.com
+        dnsValidationRecords:
+          - recordType: TXT
+            fqdn: _oktaverification.example.com
+            verificationValue: 759080212bda43e3bc825a7d73b4bb64
+          - recordType: CNAME
+            fqdn: mail.example.com
+            verificationValue: u22224444.wl024.sendgrid.net
+          - recordType: CNAME
+            fqdn: t02._domainkey.example.com
+            verificationValue: t02.domainkey.u22224444.wl024.sendgrid.net
+          - recordType: CNAME
+            fqdn: t022._domainkey.example.com
+            verificationValue: t02.domainkey.u22224444.wl024.sendgrid.net
+    EmailSettingsResponse:
+      value:
+        recipients: ALL_USERS
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/settings
+            hints:
+              allow:
+                - GET
+                - PUT
+          template:
+            href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
+            hints:
+              allow:
+                - GET
+    EmailTemplateDefaultContentResponse:
+      value:
+        subject: Welcome to ${org.name}!
+        body: <!DOCTYPE html><html><body><p>Hello, ${user.profile.firstName}. Click <a href="${activationLink}">here</a> to activate your account.</body></html>
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/default-content
+            hints:
+              allow:
+                - GET
+          template:
+            href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
+            hints:
+              allow:
+                - GET
+          preview:
+            href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/default-content/preview
+            hints:
+              allow:
+                - GET
+    ErrorAccessDenied:
+      summary: Access Denied
+      value:
+        errorCode: E0000006
+        errorSummary: You do not have permission to perform the requested action
+        errorLink: E0000006
+        errorId: sampleNUSD_8fdkFd8fs8SDBK
+        errorCauses: []
+    ErrorApiValidationFailed:
+      summary: API Validation Failed
+      value:
+        errorCode: E0000001
+        errorSummary: 'Api validation failed: {0}'
+        errorLink: E0000001
+        errorId: sampleiCF-8D5rLW6myqiPItW
+        errorCauses: []
+    ErrorAppFeatureAPIValidationFailed:
+      summary: API Validation Failed
+      value:
+        errorCode: E0000001
+        errorSummary: 'Api validation failed: feature'
+        errorLink: E0000001
+        errorId: oaeZLxeiHUUQomPkM8xOqvu1A
+        errorCauses:
+          - errorSummary: Provisioning is not enabled for the app instance.
+    ErrorCAPTCHALimitOfOne:
+      value:
+        errorCode: E0000165
+        errorSummary: CAPTCHA count limit reached. At most one CAPTCHA instance is allowed per Org.
+        errorLink: E0000165
+        errorId: oaejrB1fWL1S7mc-2KcG-SOtw
+        errorCauses: []
+    ErrorCAPTCHAOrgWideSetting:
+      value:
+        errorCode: E0000149
+        errorSummary: Current CAPTCHA is associated with org-wide settings, cannot be removed.
+        errorLink: E0000149
+        errorId: samplezsusshPdiTWiITwqBt8
+        errorCauses: []
+    ErrorCAPTCHAOrgWideSettingNull:
+      summary: captchaId is null, but enabledPages is defined
+      value:
+        errorCode: E0000001
+        errorSummary: 'Api validation failed: captchaId'
+        errorLink: E0000001
+        errorId: oae-hk3rssXQmOWDRsaFfxe8A
+        errorCauses:
+          errorSummary: 'captchaId: Invalid CAPTCHA ID. The value of captchaId cannot be blank when enabledPages is not empty. Please resubmit with an existing CAPTCHA ID or disable CAPTCHA support on all supported pages.'
+    ErrorCreateUserWithExpiredPasswordWithNullPassword:
+      value:
+        errorCode: E0000124
+        errorSummary: Could not create user. To create a user and expire their password immediately, a password must be specified
+        errorLink: E0000124
+        errorId: oaeXxuZgXBySvqi1FvtkwoYCA
+        errorCauses:
+          - errorSummary: Could not create user. To create a user and expire their password immediately, a password must be specified
+    ErrorCreateUserWithExpiredPasswordWithoutActivation:
+      value:
+        errorCode: E0000125
+        errorSummary: Could not create user. To create a user and expire their password immediately, "activate" must be true
+        errorLink: E0000125
+        errorId: oaeDd77L9R-TJaD7j_rXsQ31w
+        errorCauses:
+          - errorSummary: Could not create user. To create a user and expire their password immediately, "activate" must be true
+    ErrorCreateUserWithTooManyManyGroupsResponse:
+      value:
+        errorCode: E0000093
+        errorSummary: Target count limit exceeded
+        errorLink: E0000093
+        errorId: oaePVSLIYnIQsC0B-ptBIllVA
+        errorCauses:
+          - errorSummary: The number of group targets is too large.
+    ErrorDeleteBrandAssociatedWithDomain:
+      value:
+        errorCode: E0000201
+        errorSummary: A brand associated with a domain cannot be deleted
+        errorLink: E0000201
+        errorId: oaeAdRqprFuTyKokyYPbURJkA
+        errorCauses: []
+    ErrorDeleteDefaultBrand:
+      value:
+        errorCode: E0000200
+        errorSummary: A default brand cannot be deleted
+        errorLink: E0000200
+        errorId: oaeAdRqprFuTyKokyYPbURJkA
+        errorCauses: []
+    ErrorDeviceAssuranceInUse:
+      summary: Cannot delete device assurance policy in use by authentication policies
+      value:
+        errorSummary: Device assurance is in use and cannot be deleted.
+        errorId: oaenwA1ra80S9W-pvbh4m6haA
+        errorCauses: []
+    ErrorEmailCustomizationCannotClearDefault:
+      value:
+        errorCode: E0000185
+        errorSummary: The isDefault parameter of the default email template customization can't be set to false.
+        errorLink: E0000185
+        errorId: oaejrB1fWL1S7mc-2KcG-SOtw
+        errorCauses: []
+    ErrorEmailCustomizationCannotDeleteDefault:
+      value:
+        errorCode: E0000184
+        errorSummary: A default email template customization can't be deleted.
+        errorLink: E0000184
+        errorId: oaeAdRqprFuTyKokyYPbURJkA
+        errorCauses: []
+    ErrorEmailCustomizationDefaultAlreadyExists:
+      value:
+        errorCode: E0000182
+        errorSummary: A default email template customization already exists.
+        errorLink: E0000182
+        errorId: oaeXYwTiMvASsC3O4HCzjFaCA
+        errorCauses: []
+    ErrorEmailCustomizationLanguageAlreadyExists:
+      value:
+        errorCode: E0000183
+        errorSummary: An email template customization for that language already exists.
+        errorLink: E0000183
+        errorId: oaeUcGELffqRay0u1OPdnPypw
+        errorCauses: []
+    ErrorEmailDomainAlreadyExists:
+      value:
+        errorCode: E0000197
+        errorSummary: Email domain already exists.
+        errorLink: E0000197
+        errorId: oaeEdRqprFuTyKokyYPbURJkA
+        errorCauses: []
+    ErrorEmailDomainInUse:
+      value:
+        errorCode: E0000216
+        errorSummary: Email domain can't be deleted due to mail provider restrictions.
+        errorLink: E0000216
+        errorId: oaeEdRqprFuTyKokyYPbURJkB
+        errorCauses: []
+    ErrorEmailDomainInvalidStatus:
+      value:
+        errorCode: E0000217
+        errorSummary: Invalid status. Can't validate email domain with current status.
+        errorLink: E0000217
+        errorId: oaeEdRqprFuTyKokyYPbURJkD
+        errorCauses: []
+    ErrorEmailDomainNotVerified:
+      value:
+        errorCode: E0000218
+        errorSummary: Email domain couldn't be verified by mail provider.
+        errorLink: E0000218
+        errorId: oaeEdRqprFuTyKokyYPbURJkC
+        errorCauses: []
+    ErrorInvalidEmailTemplateRecipients:
+      value:
+        errorCode: E0000189
+        errorSummary: This template does not support the recipients value.
+        errorLink: E0000189
+        errorId: oae8L1-UkcNTeGi5xVQ28_lww
+        errorCauses: []
+    ErrorInvalidTokenProvided:
+      summary: Invalid Token Provided
+      value:
+        errorCode: E0000011
+        errorSummary: Invalid token provided
+        errorLink: E0000011
+        errorId: sampleQPivGUj_ND5v78vbYWW
+        errorCauses: []
+    ErrorMissingRequiredParameter:
+      summary: Missing Required Parameter
+      value:
+        errorCode: E0000028
+        errorSummary: The request is missing a required parameter.
+        errorLink: E0000028
+        errorId: sampleiCF-l7mr9XqM1NQ
+        errorCauses: []
+    ErrorPushProviderUsedByCustomAppAuthenticator:
+      value:
+        errorCode: E0000187
+        errorSummary: Cannot delete push provider because it is being used by a custom app authenticator.
+        errorLink: E0000187
+        errorId: oaenwA1ra80S9W-pvbh4m6haA
+        errorCauses: []
+    ErrorResourceNotFound:
+      summary: Resource Not Found
+      value:
+        errorCode: E0000007
+        errorSummary: 'Not found: {0}'
+        errorLink: E0000007
+        errorId: sampleMlLvGUj_YD5v16vkYWY
+        errorCauses: []
+    ErrorTooManyRequests:
+      summary: Too Many Requests
+      value:
+        errorCode: E0000047
+        errorSummary: You exceeded the maximum number of requests. Try again in a while.
+        errorLink: E0000047
+        errorId: sampleQPivGUj_ND5v78vbYWW
+        errorCauses: []
+    GetBrandResponse:
+      value:
+        id: bnd114iNkrcN6aR680g4
+        removePoweredByOkta: false
+        customPrivacyPolicyUrl: null
+        name: Okta Default
+        isDefault: true
+        locale: en
+        emailDomainId: OeD114iNkrcN6aR680g4
+        defaultApp:
+          appInstanceId: 0oa114iNkrcN6aR680g4
+          appLinkName: null
+          classicApplicationUri: null
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          themes:
+            href: https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4/themes
+            hints:
+              allow:
+                - GET
+    GetEmailTemplateResponse:
+      value:
+        name: UserActivation
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
+            hints:
+              allow:
+                - GET
+          settings:
+            href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/settings
+            hints:
+              allow:
+                - GET
+                - PUT
+          defaultContent:
+            href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/default-content
+            hints:
+              allow:
+                - GET
+          customizations:
+            href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations
+            hints:
+              allow:
+                - GET
+                - POST
+                - DELETE
+          test:
+            href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test
+            hints:
+              allow:
+                - POST
+    GetUserResponse:
+      summary: Retrieve a user type response
+      value:
+        id: otyfnly5cQjJT9PnR0g4
+        displayName: New User Type
+        name: newUserType
+        description: A new custom user type
+        createdBy: sprz9fj1ycBcsgopy1d6
+        lastUpdatedBy: sprz9fj1ycBcsgopy1d6
+        created: '2021-07-05T20:40:38.000Z'
+        lastUpdated: '2021-07-05T20:40:38.000Z'
+        default: false
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+          schema:
+            href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+    GroupSchemaAddRequest:
+      value:
+        definitions:
+          custom:
+            id: '#custom'
+            type: object
+            properties:
+              groupContact:
+                title: Group administrative contact
+                description: Group administrative contact
+                type: string
+                required: false
+                minLength: 1
+                maxLength: 20
+                permissions:
+                  - principal: SELF
+                    action: READ_WRITE
+            required: []
+    GroupSchemaResponse:
+      value:
+        $schema: http://json-schema.org/draft-04/schema#
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/meta/schemas/group/default
+            method: GET
+            rel: self
+        created: '2021-01-30T00:18:24.000Z'
+        definitions:
+          base:
+            id: '#base'
+            properties: {}
+            required:
+              - name
+            type: object
+          custom:
+            id: '#custom'
+            properties:
+              groupContact:
+                description: Group administrative contact
+                master:
+                  type: PROFILE_MASTER
+                mutability: READ_WRITE
+                permissions:
+                  - action: READ_WRITE
+                    principal: SELF
+                scope: NONE
+                title: Group administrative contact
+                type: string
+            required: []
+            type: object
+        description: Okta group profile template
+        id: https://{yourOktaDomain}/meta/schemas/group/default
+        lastUpdated: '2021-02-25T23:05:31.000Z'
+        name: group
+        properties:
+          profile:
+            allOf:
+              - $ref: '#/definitions/custom'
+              - $ref: '#/definitions/base'
+        title: Okta group
+        type: object
+    ListAllKeysResponse:
+      summary: List All Keys response example
+      value:
+        - id: HKY1i2htmXF5UNQhL0g4
+          keyId: bb5bed7d-6e4d-488f-9c86-59b93a2bb3fb
+          name: My new key
+          created: '2022-08-22T16:34:33.000Z'
+          lastUpdated: '2022-08-22T16:34:33.000Z'
+          isUsed: 'true'
+        - id: HKY1p7jWLndGQV9M60g4
+          keyId: 7fbc27fd-e3df-4522-86bf-1930110256ad
+          name: Test key
+          created: '2022-08-31T18:09:58.000Z'
+          lastUpdated: '2022-08-31T18:09:58.000Z'
+          isUsed: 'false'
+    ListBrandsResponse:
+      value:
+        - id: bnd114iNkrcN6aR680g4
+          name: Okta Default
+          isDefault: true
+          removePoweredByOkta: false
+          customPrivacyPolicyUrl: null
+          locale: en
+          emailDomainId: OeD114iNkrcN6aR680g4
+          defaultApp:
+            appInstanceId: 0oa114iNkrcN6aR680g4
+            appLinkName: null
+            classicApplicationUri: null
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4
+              hints:
+                allow:
+                  - GET
+                  - PUT
+                  - DELETE
+            themes:
+              href: https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4/themes
+              hints:
+                allow:
+                  - GET
+    ListEmailCustomizationResponse:
+      value:
+        - language: en
+          isDefault: true
+          subject: Welcome to ${org.name}!
+          body: <!DOCTYPE html><html><body><p>Hello, ${user.profile.firstName}. Click <a href="${activationLink}">here</a> to activate your account.</body></html>
+          id: oel11u6DqUiMbQkpl0g4
+          created: 2021-11-09T20:38:10.000Z
+          lastUpdated: 2021-11-11T20:38:10.000Z
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4
+              hints:
+                allow:
+                  - GET
+                  - PUT
+                  - DELETE
+            template:
+              href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
+              hints:
+                allow:
+                  - GET
+            preview:
+              href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4/preview
+              hints:
+                allow:
+                  - GET
+            test:
+              href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test
+              hints:
+                allow:
+                  - POST
+    ListEmailTemplateResponse:
+      value:
+        - name: UserActivation
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
+              hints:
+                allow:
+                  - GET
+            settings:
+              href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/settings
+              hints:
+                allow:
+                  - GET
+                  - PUT
+            defaultContent:
+              href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/default-content
+              hints:
+                allow:
+                  - GET
+            customizations:
+              href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations
+              hints:
+                allow:
+                  - GET
+                  - POST
+                  - DELETE
+            test:
+              href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test
+              hints:
+                allow:
+                  - POST
+    ListMappingsResponse:
+      summary: List all Profile Mappings response
+      value:
+        - id: prm1k47ghydIQOTBW0g4
+          source:
+            id: otysbePhQ3yqt4cVv0g3
+            name: user
+            type: user
+            _links:
+              self:
+                href: https://{yourOktaDomain}/api/v1/meta/types/user/otysbePhQ3yqt4cVv0g3
+              schema:
+                href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscsbePhQ3yqt4cVv0g3
+          target:
+            id: 0oa1qmn4LZQQEH0wZ0g4
+            name: okta_org2org
+            type: appuser
+            _links:
+              self:
+                href: https://{yourOktaDomain}/api/v1/apps/0oa1qmn4LZQQEH0wZ0g4
+              schema:
+                href: https://{yourOktaDomain}/api/v1/meta/schemas/apps/0oa1qmn4LZQQEH0wZ0g4/default
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/mappings/prm1k48weFSOnEUnw0g4
+    ListRealmAwareUsersResponse:
+      summary: List all Users
+      value:
+        - id: 00u118oQYT4TBGuay0g4
+          status: ACTIVE
+          created: 2022-04-04T15:56:05.000Z
+          activated: null
+          statusChanged: null
+          lastLogin: 2022-05-04T19:50:52.000Z
+          lastUpdated: 2022-05-05T18:15:44.000Z
+          passwordChanged: 2022-04-04T16:00:22.000Z
+          type:
+            id: oty1162QAr8hJjTaq0g4
+          profile:
+            firstName: Alice
+            lastName: Smith
+            mobilePhone: null
+            secondEmail: null
+            login: alice.smith@example.com
+            email: alice.smith@example.com
+          realmId: guo1afiNtSnZYILxO0g4
+          credentials:
+            password: {}
+            provider:
+              type: OKTA
+              name: OKTA
+          _links:
+            self:
+              href: http://your-subdomain.okta.com/api/v1/users/00u118oQYT4TBGuay0g4
+    ListRealmsResponse:
+      value:
+        - id: guox9jQ16k9V8IFEL0g3
+          created: 2022-04-04T15:56:05.000Z
+          lastUpdated: 2022-05-05T18:15:44.000Z
+          isDefault: false
+          profile:
+            name: Car Co
+          _links:
+            self:
+              rel: self
+              href: http://your-subdomain.okta.com/api/v1/realms/guox9jQ16k9V8IFEL0g3
+              method: GET
+    ListRiskProviderResponse:
+      summary: List Risk Provider response example
+      value:
+        - id: 00rp12r4skkjkjgsn
+          action: log_only
+          name: Risk-Partner-X
+          clientId: 00ckjsfgjkdkjdkkljjsd
+          created: '2021-01-05 22:18:30'
+          lastUpdated: '2021-01-05 22:18:30'
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/risk/providers/00rp12r4skkjkjgsn
+              hints:
+                allow:
+                  - GET
+                  - PUT
+    ListSessionsResponse:
+      value:
+        - id: uij4ri8ZLk0ywyqxB0g1
+          identitySourceId: 0oa3l6l6WK6h0R0QW0g4
+          status: CREATED
+          importType: INCREMENTAL
+          created: 2022-04-04T15:56:05.000Z
+          lastUpdated: 2022-05-05T16:15:44.000Z
+    ListSessionsResponseForGetSessions:
+      value:
+        - id: uij4ri8ZLk0ywyqxB0g1
+          identitySourceId: 0oa3l6l6WK6h0R0QW0g4
+          status: CREATED
+          importType: INCREMENTAL
+          created: 2022-04-04T15:56:05.000Z
+          lastUpdated: 2022-05-05T16:15:44.000Z
+        - id: uij4ri8ZLk0ywyqxB0g2
+          identitySourceId: 0oa3l6l6WK6h0R0QW0g4
+          status: TRIGGERED
+          importType: INCREMENTAL
+          created: 2022-04-04T16:56:05.000Z
+          lastUpdated: 2022-05-05T17:15:44.000Z
+        - id: uij4ri8ZLk0ywyqxB0g3
+          identitySourceId: 0oa3l6l6WK6h0R0QW0g4
+          status: IN_PROGRESS
+          importType: INCREMENTAL
+          created: 2022-04-04T17:56:05.000Z
+          lastUpdated: 2022-05-05T18:15:44.000Z
+        - id: uij4ri8ZLk0ywyqxB0g4
+          identitySourceId: 0oa3l6l6WK6h0R0QW0g4
+          status: EXPIRED
+          importType: INCREMENTAL
+          created: 2022-04-04T18:56:05.000Z
+          lastUpdated: 2022-05-05T19:15:44.000Z
+        - id: uij4ri8ZLk0ywyqxB0g5
+          identitySourceId: 0oa3l6l6WK6h0R0QW0g4
+          status: CLOSED
+          importType: INCREMENTAL
+          created: 2022-04-04T19:56:05.000Z
+          lastUpdated: 2022-05-05T20:15:44.000Z
+    ListUISchemaResponse:
+      summary: Lists all UI Schemas response
+      value:
+        - id: uis4a7liocgcRgcxZ0g7
+          uiSchema:
+            type: Group
+            label: Sign in
+            buttonLabel: Submit
+            elements:
+              - type: Control
+                scope: '#/properties/firstName'
+                label: First name
+                options:
+                  format: text
+              - type: Control
+                scope: '#/properties/lastName'
+                label: Last name
+                options:
+                  format: text
+              - type: Control
+                scope: '#/properties/email'
+                label: Email
+                options:
+                  format: text
+              - type: Control
+                scope: '#/properties/countryCode'
+                label: Country code
+                options:
+                  format: select
+              - type: Control
+                scope: '#/properties/bool2'
+                label: bool2
+                options:
+                  format: checkbox
+              - type: Control
+                scope: '#/properties/date'
+                label: date
+                options:
+                  format: text
+              - type: Control
+                scope: '#/properties/enum'
+                label: enum
+                options:
+                  format: radio
+          created: '2022-07-25T12:56:31.000Z'
+          lastUpdated: '2022-07-26T11:53:59.000Z'
+          _links:
+            self:
+              href: https://example.com/api/v1/meta/uischemas/uis4a7liocgcRgcxZ0g7
+              hints:
+                allow:
+                  - GET
+                  - PUT
+                  - DELETE
+        - id: uis4abjqkkKXVPGAU0g7
+          uiSchema:
+            type: Group
+            label: Sign in 2
+            buttonLabel: Submit
+            elements:
+              - type: Control
+                scope: '#/properties/firstName'
+                label: First name
+                options:
+                  format: text
+              - type: Control
+                scope: '#/properties/lastName'
+                label: Last name
+                options:
+                  format: text
+              - type: Control
+                scope: '#/properties/email'
+                label: Email
+                options:
+                  format: text
+              - type: Control
+                scope: '#/properties/countryCode'
+                label: Country code
+                options:
+                  format: select
+              - type: Control
+                scope: '#/properties/bool2'
+                label: bool2
+                options:
+                  format: checkbox
+              - type: Control
+                scope: '#/properties/date'
+                label: date
+              - type: Control
+                scope: '#/properties/enum'
+                label: enum
+                options:
+                  format: radio
+          created: '2022-07-25T12:56:31.000Z'
+          lastUpdated: '2022-07-26T11:53:59.000Z'
+          _links:
+            self:
+              href: https://example.com/api/v1/meta/uischemas/uis4abjqkkKXVPGAU0g7
+              hints:
+                allow:
+                  - GET
+                  - PUT
+                  - DELETE
+    ListUserBlocksAnyDevicesResponse:
+      value:
+        - type: DEVICE_BASED
+          appliesTo: ANY_DEVICES
+    ListUserBlocksUnknownDevicesResponse:
+      value:
+        - type: DEVICE_BASED
+          appliesTo: UNKNOWN_DEVICES
+    ListUsersResponse:
+      summary: List all Users
+      value:
+        - id: 00u118oQYT4TBTemp0g4
+          status: ACTIVE
+          created: 2022-04-04T15:56:05.000Z
+          activated: null
+          statusChanged: null
+          lastLogin: 2022-05-04T19:50:52.000Z
+          lastUpdated: 2022-05-05T18:15:44.000Z
+          passwordChanged: 2022-04-04T16:00:22.000Z
+          type:
+            id: oty1162QAr8hJjTaq0g4
+          profile:
+            firstName: Alice
+            lastName: Smith
+            mobilePhone: null
+            secondEmail: null
+            login: alice.smith@example.com
+            email: alice.smith@example.com
+          credentials:
+            password: {}
+            provider:
+              type: OKTA
+              name: OKTA
+          _links:
+            self:
+              href: http://your-subdomain.okta.com/api/v1/users/00u118oQYT4TBGuay0g4
+    ListsAllUserTypes:
+      summary: Lists all user types
+      value:
+        - id: otyfnly5cQjJT9PnR0g4
+          displayName: New User Type
+          name: newUserType
+          description: A new custom user type
+          createdBy: sprz9fj1ycBcsgopy1d6
+          lastUpdatedBy: sprz9fj1ycBcsgopy1d6
+          created: '2021-07-05T20:40:38.000Z'
+          lastUpdated: '2021-07-05T20:40:38.000Z'
+          default: false
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+            schema:
+              href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+        - id: otyz9fj2jMiRBC1ZT1d6
+          displayName: User
+          name: user
+          description: Okta user profile template with default permission settings
+          createdBy: sprz9fj1ycBcsgopy1d6
+          lastUpdatedBy: sprz9fj1ycBcsgopy1d6
+          created: '2021-07-05T20:40:38.000Z'
+          lastUpdated: '2021-07-05T20:40:38.000Z'
+          default: true
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+            schema:
+              href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+    ListsOwnerOneResponse:
+      summary: Lists a response with one owner
+      value:
+        - id: 00g1gae1k0znUcLuU0h8
+          type: GROUP
+          resolved: true
+          originId: 'null'
+          originType: OKTA_DIRECTORY
+          displayName: Product & Engineering
+          lastUpdated: '2023-03-29 18:18:37.0'
+    ListsOwnersMultipleResponse:
+      summary: Lists a response with multiple owners
+      value:
+        - id: 00u1cmbqjkkmFXeqb0h8
+          type: USER
+          resolved: true
+          originId: 'null'
+          originType: OKTA_DIRECTORY
+          displayName: Mabel Mora
+          lastUpdated: 2023-03-29T18:30:58.000Z
+        - id: 00u1cmc52x5B86cnZ0h8
+          type: USER
+          resolved: true
+          originId: 'null'
+          originType: OKTA_DIRECTORY
+          displayName: Cinda Canning
+          lastUpdated: 2023-03-29T18:30:55.000Z
+    LogStreamActivateResponse:
+      summary: Activate Log Stream response
+      value:
+        id: 0oa1orqUGCIoCGNxf0g4
+        type: aws_eventbridge
+        name: Example AWS EventBridge
+        lastUpdated: '2023-03-24T21:22:43.000Z'
+        created: '2023-03-24T21:02:43.000Z'
+        status: ACTIVE
+        settings:
+          accountId: '123456789012'
+          eventSourceName: your-event-source-name
+          region: us-east-2
+        _links:
+          self:
+            href: http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4
+            method: GET
+          deactivate:
+            href: http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4/lifecycle/deactivate
+            method: POST
+    LogStreamDeactivateResponse:
+      summary: Deactivate Log Stream response
+      value:
+        id: 0oa7agphh5FT7H521d7
+        type: splunk_cloud_logstreaming
+        name: Splunk Cloud Example
+        lastUpdated: '2023-03-24T21:23:00.000Z'
+        created: '2023-03-24T21:15:13.000Z'
+        status: INACTIVE
+        settings:
+          edition: aws
+          host: okexample.splunkcloud.com
+        _links:
+          self:
+            href: http://{yourOktaDomain}/api/v1/logStreams/0oa7agphh5FT7H521d7
+            method: GET
+          activate:
+            href: http://{yourOktaDomain}/api/v1/logStreams/0oa7agphh5FT7H521d7/lifecycle/activate
+            method: POST
+    LogStreamGetAllResponse:
+      summary: Lists all Log Streams
+      value:
+        - id: 0oa1orqUGCIoCGNxf0g4
+          type: aws_eventbridge
+          name: Example AWS EventBridge
+          lastUpdated: '2023-03-24T21:02:43.000Z'
+          created: '2023-03-24T21:02:43.000Z'
+          status: ACTIVE
+          settings:
+            accountId: '123456789012'
+            eventSourceName: your-event-source-name
+            region: us-east-2
+          _links:
+            self:
+              href: http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4
+              method: GET
+            deactivate:
+              href: http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4/lifecycle/deactivate
+              method: POST
+    LogStreamPostRequest:
+      summary: Create an AWS EventBridge Log Stream
+      value:
+        type: aws_eventbridge
+        name: Example AWS EventBridge
+        settings:
+          eventSourceName: your-event-source-name
+          accountId: '123456789012'
+          region: us-east-2
+    LogStreamPostResponse:
+      summary: AWS EventBridge Log Stream response
+      value:
+        id: 0oa1orqUGCIoCGNxf0g4
+        type: aws_eventbridge
+        name: Example AWS EventBridge
+        lastUpdated: '2023-03-24T21:02:43.000Z'
+        created: '2023-03-24T21:02:43.000Z'
+        status: ACTIVE
+        settings:
+          accountId: '123456789012'
+          eventSourceName: your-event-source-name
+          region: us-east-2
+        _links:
+          self:
+            href: http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4
+            method: GET
+          deactivate:
+            href: http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4/lifecycle/deactivate
+            method: POST
+    LogStreamPutRequest:
+      summary: Replace AWS EventBridge name
+      value:
+        type: aws_eventbridge
+        name: Updated AWS EventBridge
+        settings:
+          eventSourceName: your-event-source-name
+          accountId: '123456789012'
+          region: us-east-2
+    LogStreamPutResponse:
+      summary: Replace AWS EventBridge name response
+      value:
+        id: 0oa1orqUGCIoCGNxf0g4
+        type: aws_eventbridge
+        name: Updated AWS EventBridge
+        lastUpdated: '2023-03-24T21:12:43.000Z'
+        created: '2023-03-24T21:02:43.000Z'
+        status: ACTIVE
+        settings:
+          accountId: '123456789012'
+          eventSourceName: your-event-source-name
+          region: us-east-2
+        _links:
+          self:
+            href: http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4
+            method: GET
+          deactivate:
+            href: http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4/lifecycle/deactivate
+            method: POST
+    LogStreamSchemaAws:
+      value: &ref_4
+        $schema: https://json-schema.org/draft/2020-12/schema
+        $id: http://{yourOktaDomain}/api/v1/meta/schemas/logStream/aws_eventbridge
+        title: AWS EventBridge
+        type: object
+        properties:
+          settings:
+            description: Configuration properties specific to AWS EventBridge
+            type: object
+            properties:
+              accountId:
+                title: AWS Account ID
+                description: Your Amazon AWS Account ID.
+                type: string
+                writeOnce: true
+                pattern: ^\d{12}$
+              eventSourceName:
+                title: AWS Event Source Name
+                description: An alphanumeric name (no spaces) to identify this event source in AWS EventBridge.
+                type: string
+                writeOnce: true
+                pattern: ^[\.\-_A-Za-z0-9]{1,75}$
+              region:
+                title: AWS Region
+                description: The destination AWS region for your system log events.
+                type: string
+                writeOnce: true
+                oneOf:
+                  - title: US East (Ohio)
+                    const: us-east-2
+                  - title: US East (N. Virginia)
+                    const: us-east-1
+                  - title: US West (N. California)
+                    const: us-west-1
+                  - title: US West (Oregon)
+                    const: us-west-2
+                  - title: Canada (Central)
+                    const: ca-central-1
+                  - title: Europe (Frankfurt)
+                    const: eu-central-1
+                  - title: Europe (Ireland)
+                    const: eu-west-1
+                  - title: Europe (London)
+                    const: eu-west-2
+                  - title: Europe (Paris)
+                    const: eu-west-3
+                  - title: Europe (Milan)
+                    const: eu-south-1
+                  - title: Europe (Stockholm)
+                    const: eu-north-1
+            required:
+              - eventSourceName
+              - accountId
+              - region
+            errorMessage:
+              properties:
+                accountId: Account number must be 12 digits.
+                eventSourceName: Event source name can use numbers, letters, the symbols ".", "-" or "_". It must use fewer than 76 characters.
+          name:
+            title: Name
+            description: A name for this log stream in Okta
+            type: string
+            writeOnce: false
+            pattern: ^.{1,100}$
+        required:
+          - name
+          - settings
+        errorMessage:
+          properties:
+            name: Name can't exceed 100 characters.
+    LogStreamSchemaList:
+      value:
+        - *ref_4
+        - &ref_5
+          $schema: https://json-schema.org/draft/2020-12/schema
+          $id: http://{yourOktaDomain}/api/v1/meta/schemas/logStream/splunk_cloud_logstreaming
+          title: Splunk Cloud
+          type: object
+          properties:
+            settings:
+              description: Configuration properties specific to Splunk Cloud
+              type: object
+              properties:
+                host:
+                  title: Host
+                  description: 'The domain for your Splunk Cloud instance without http or https. For example: acme.splunkcloud.com'
+                  type: string
+                  writeOnce: false
+                  pattern: ^([a-z0-9]+(-[a-z0-9]+)*){1,100}\.splunkcloud(gc|fed)?\.com$
+                token:
+                  title: HEC Token
+                  description: The token from your Splunk Cloud HTTP Event Collector (HEC).
+                  type: string
+                  writeOnce: false
+                  pattern: '[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}'
+              required:
+                - host
+                - token
+              errorMessage:
+                properties:
+                  host: 'Host should be a domain without http or https. For example: acme.splunkcloud.com'
+            name:
+              title: Name
+              description: A name for this log stream in Okta
+              type: string
+              writeOnce: false
+              pattern: ^.{1,100}$
+          required:
+            - name
+            - settings
+          errorMessage:
+            properties:
+              name: Name can't exceed 100 characters.
+    LogStreamSchemaSplunk:
+      value: *ref_5
+    OrgCAPTCHASettingsConfigured:
+      summary: Org-wide Captcha Settings are configured
+      value:
+        captchaId: abcd4567
+        enabledPages:
+          - SSR
+          - SIGN_IN
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/captchas/abcd4567
+            hints:
+              allow:
+                - GET
+                - POST
+                - PUT
+                - DELETE
+    OrgCAPTCHASettingsDisable:
+      summary: Disable Org-wide Captcha Settings
+      value:
+        captchaId: 'null'
+        enabledPages: 'null'
+    OrgCAPTCHASettingsDisabled:
+      summary: Disabled Org-wide Captcha Settings
+      value:
+        captchaId: 'null'
+        enabledPages: '[]'
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/captchas/
+            hints:
+              allow:
+                - GET
+                - PUT
+    OrgCAPTCHASettingsEmpty:
+      summary: Org-wide Captcha Settings aren't configured
+      value:
+        captchaId: null
+        enabledPages: []
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/captchas
+            hints:
+              allow:
+                - GET
+                - POST
+                - PUT
+                - DELETE
+    OrgCAPTCHASettingsUpdate:
+      summary: Update Org-wide Captcha Settings
+      value:
+        captchaId: abcd4567
+        enabledPages:
+          - SSR
+          - SIGN_IN
+    OrgCAPTCHASettingsUpdated:
+      summary: Updated Org-wide Captcha Settings
+      value:
+        captchaId: abcd4567
+        enabledPages:
+          - SSR
+          - SIGN_IN
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/captchas/abcd4567
+            hints:
+              allow:
+                - GET
+                - POST
+                - PUT
+                - DELETE
+    PerClientRateLimitSettingsEnforceDefault:
+      value:
+        defaultMode: ENFORCE
+    PerClientRateLimitSettingsEnforceDefaultWithOverrides:
+      value:
+        defaultMode: ENFORCE
+        useCaseModeOverrides:
+          OAUTH2_AUTHORIZE: PREVIEW
+          OIE_APP_INTENT: DISABLE
+    PerClientRateLimitSettingsPreviewDefaultWithOverrides:
+      value:
+        defaultMode: PREVIEW
+        useCaseModeOverrides:
+          LOGIN_PAGE: ENFORCE
+    PermissionResponse:
+      value:
+        label: okta.users.manage
+        created: '2021-02-06T16:20:57.000Z'
+        lastUpdated: '2021-02-06T16:20:57.000Z'
+        _links:
+          role:
+            href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3
+          self:
+            href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.users.manage
+    PermissionResponseWithConditions:
+      value:
+        label: okta.users.read
+        conditions:
+          include:
+            okta:ResourceAttribute/User/Profile:
+              - city
+              - state
+              - zipCode
+        created: '2021-02-06T16:20:57.000Z'
+        lastUpdated: '2021-02-06T16:20:57.000Z'
+        _links:
+          role:
+            href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3
+          self:
+            href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.users.read
+    PermissionsResponse:
+      value:
+        permissions:
+          - label: okta.users.create
+            created: '2021-02-06T16:20:57.000Z'
+            lastUpdated: '2021-02-06T16:20:57.000Z'
+            _links:
+              role:
+                href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3
+              self:
+                href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.users.create
+          - label: okta.users.read
+            created: '2021-02-06T16:20:57.000Z'
+            lastUpdated: '2021-02-06T16:20:57.000Z'
+            _links:
+              role:
+                href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3
+              self:
+                href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.users.read
+          - label: okta.groups.read
+            created: '2021-02-06T16:20:57.000Z'
+            lastUpdated: '2021-02-06T16:20:57.000Z'
+            _links:
+              role:
+                href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3
+              self:
+                href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.groups.read
+          - label: okta.users.userprofile.manage
+            created: '2021-02-06T16:20:57.000Z'
+            lastUpdated: '2021-02-06T16:20:57.000Z'
+            _links:
+              role:
+                href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3
+              self:
+                href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.users.userprofile.manage
+    PreviewEmailCustomizationResponse:
+      value:
+        subject: Welcome to Okta!
+        body: <!DOCTYPE html><html><body><p>Hello, John. Click <a href="https://{yourOktaDomain}/...">here</a> to activate your account.</body></html>
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel2kk1zYJBJbeaGo0g4/preview
+            hints:
+              allow:
+                - GET
+          template:
+            href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
+            hints:
+              allow:
+                - GET
+          test:
+            href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test
+            hints:
+              allow:
+                - POST
+    PreviewEmailTemplateDefaultContentResponse:
+      value:
+        subject: Welcome to Okta!
+        body: <!DOCTYPE html><html><body><p>Hello, John. Click <a href="https://{yourOktaDomain}/...">here</a> to activate your account.</body></html>
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/default-content/preview
+            hints:
+              allow:
+                - GET
+          template:
+            href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
+            hints:
+              allow:
+                - GET
+          defaultContent:
+            href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test/default-content
+            hints:
+              allow:
+                - POST
+    PrincipalRateLimitEntityRequestEmptyPercentages:
+      value:
+        principalId: token1234
+        principalType: SSWS_TOKEN
+    PrincipalRateLimitEntityRequestSSWSToken:
+      value:
+        principalId: token1234
+        principalType: SSWS_TOKEN
+        defaultPercentage: 50
+        defaultConcurrencyPercentage: 75
+    PrincipalRateLimitEntityResponseSSWSToken:
+      value:
+        id: abcd1234
+        orgId: org1234
+        principalId: token1234
+        principalType: SSWS_TOKEN
+        defaultPercentage: 50
+        defaultConcurrencyPercentage: 75
+        createdDate: '2022-05-19T20:05:32.720Z'
+        createdBy: user1234
+        lastUpdate: '2022-05-20T21:13:07.410Z'
+        lastUpdatedBy: user4321
+    ProvisioningConnectionOauthRequestEx:
+      summary: Provisioning Connection with OAuth 2.0
+      value:
+        profile:
+          authScheme: OAUTH2
+          clientId: 0oa2h6su6bVFyJzIf1d7
+    ProvisioningConnectionOauthResponseEx:
+      summary: Provisioning Connection with OAuth 2.0
+      value:
+        authScheme: OAUTH2
+        status: ENABLED
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/apps/${appId}/connections/default
+            hints:
+              allow:
+                - GET
+                - POST
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/apps/${appId}/connections/default/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    ProvisioningConnectionTokenRequestEx:
+      summary: Provisioning Connection with token
+      value:
+        profile:
+          authScheme: TOKEN
+          token: 00NgAPZqUVy8cX9ehNzzahEE5b-On9sImTcInvWp-x
+    ProvisioningConnectionTokenResponseEx:
+      summary: Provisioning Connection with token
+      value:
+        authScheme: TOKEN
+        status: ENABLED
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/apps/${appId}/connections/default
+            hints:
+              allow:
+                - GET
+                - POST
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/apps/${appId}/connections/default/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    PushProviderAPNsRequest:
+      value:
+        name: APNs Example
+        providerType: APNS
+        configuration:
+          keyId: KEY_ID
+          teamId: TEAM_ID
+          tokenSigningKey: '-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n'
+          fileName: fileName.p8
+    PushProviderAPNsResponse:
+      value:
+        id: ppctekcmngGaqeiBxB0g4
+        name: APNs Example
+        providerType: APNS
+        lastUpdatedDate: 2022-01-01T00:00:00.000Z
+        configuration:
+          keyId: KEY_ID
+          teamId: TEAM_ID
+          fileName: fileName.p8
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/push-providers/ppctekcmngGaqeiBxB0g4
+            hints:
+              allow:
+                - DELETE
+                - GET
+                - PUT
+    PushProviderFCMRequest:
+      value:
+        name: FCM Example
+        providerType: FCM
+        configuration:
+          serviceAccountJson:
+            type: service_account
+            project_id: PROJECT_ID
+            private_key_id: KEY_ID
+            private_key: '-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n'
+            client_email: SERVICE_ACCOUNT_EMAIL
+            client_id: CLIENT_ID
+            auth_uri: https://accounts.google.com/o/oauth2/auth
+            token_uri: https://accounts.google.com/o/oauth2/token
+            auth_provider_x509_cert_url: https://www.googleapis.com/oauth2/v1/certs
+            client_x509_cert_url: https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL
+          fileName: fileName.json
+    PushProviderFCMResponse:
+      value:
+        id: ppctekcmngGaqeiBxB0g4
+        name: FCM Example
+        providerType: FCM
+        lastUpdatedDate: 2022-01-01T00:00:00.000Z
+        configuration:
+          projectId: PROJECT_ID
+          fileName: fileName.p8
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/push-providers/ppctekcmngGaqeiBxB0g4
+            hints:
+              allow:
+                - DELETE
+                - GET
+                - PUT
+    RateLimitAdminNotificationsDisabled:
+      value:
+        notificationsEnabled: false
+    RateLimitAdminNotificationsEnabled:
+      value:
+        notificationsEnabled: true
+    RateLimitWarningThresholdValidExample:
+      value:
+        warningThreshold: 66
+    RealmResponse:
+      value:
+        id: guox9jQ16k9V8IFEL0g3
+        created: 2022-04-04T15:56:05.000Z
+        lastUpdated: 2022-05-05T18:15:44.000Z
+        isDefault: false
+        profile:
+          name: Car Co
+        _links:
+          self:
+            rel: self
+            href: http://your-subdomain.okta.com/api/v1/realms/guox9jQ16k9V8IFEL0g3
+            method: GET
+    RemoveMappingBody:
+      summary: Update an existing profile mapping by removing one or more properties
+      value:
+        properties:
+          nickName:
+            expression: null
+            pushStatus: null
+    RemoveMappingResponse:
+      summary: Update an existing profile mapping by removing one or more properties
+      value:
+        id: prm1k47ghydIQOTBW0g4
+        source:
+          id: otysbePhQ3yqt4cVv0g3
+          name: user
+          type: user
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/meta/types/user/otysbePhQ3yqt4cVv0g3
+            schema:
+              href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscsbePhQ3yqt4cVv0g3
+        target:
+          id: 0oa1qmn4LZQQEH0wZ0g4
+          name: okta_org2org
+          type: appuser
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/apps/0oa1qmn4LZQQEH0wZ0g4
+            schema:
+              href: https://{yourOktaDomain}/api/v1/meta/schemas/apps/0oa1qmn4LZQQEH0wZ0g4/default
+        properties:
+          fullName:
+            expression: user.firstName + user.lastName
+            pushStatus: PUSH
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/mappings/prm1k48weFSOnEUnw0g4
+    ReplaceKeyResponse:
+      summary: Replace a key response example
+      value:
+        id: HKY1p7jWLndGQV9M60g4
+        keyId: 7fbc27fd-e3df-4522-86bf-1930110256ad
+        name: My updated new key
+        created: '2022-08-31T18:09:58.000Z'
+        lastUpdated: '2022-08-31T18:16:59.000Z'
+        isUsed: 'false'
+    ReplaceNetworkZone:
+      summary: Replace a Network Zone
+      value:
+        type: IP
+        id: nzovw2rFz2YoqmvwZ0g9
+        name: UpdatedNetZone
+        status: ACTIVE
+        usage: POLICY
+        gateways:
+          - type: CIDR
+            value: 10.2.3.4/24
+          - type: CIDR
+            value: 12.2.3.4/24
+          - type: RANGE
+            value: 13.4.5.6-13.4.5.8
+          - type: CIDR
+            value: 14.2.3.4/24
+        proxies:
+          - type: CIDR
+            value: 12.2.3.4/24
+          - type: CIDR
+            value: 13.3.4.5/24
+          - type: RANGE
+            value: 14.4.5.6-14.4.5.8
+          - type: RANGE
+            value: 15.5.6.7/24-15.5.6.9
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/zones/nzovw2rFz2YoqmvwZ0g9
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/zones/nzovw2rFz2YoqmvwZ0g9/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    ReplaceNetworkZoneResponse:
+      summary: Replace Network Zone response
+      value:
+        type: IP
+        id: nzovw2rFz2YoqmvwZ0g3
+        name: UpdatedNetZone
+        status: ACTIVE
+        usage: POLICY
+        created: '2019-01-24T19:53:28.000Z'
+        lastUpdated: '2019-02-24T19:53:28.000Z'
+        system: false
+        gateways:
+          - type: CIDR
+            value: 10.2.3.4/24
+          - type: CIDR
+            value: 12.2.3.4/24
+          - type: RANGE
+            value: 13.4.5.6-13.4.5.8
+          - type: CIDR
+            value: 14.2.3.4/24
+        proxies:
+          - type: CIDR
+            value: 12.2.3.4/24
+          - type: CIDR
+            value: 13.3.4.5/24
+          - type: RANGE
+            value: 14.4.5.6-14.4.5.8
+          - type: RANGE
+            value: 15.5.6.7/24-15.5.6.9
+    ReplaceUserTypePutRequest:
+      summary: Replace user type request
+      value:
+        displayName: Replacement Display Name
+        description: Replacement description
+        name: newUserType
+    ReplaceUserTypePutResponse:
+      summary: Replace user type response
+      value:
+        id: otyfnly5cQjJT9PnR0g4
+        displayName: Replacement Display Name
+        name: newUserType
+        description: Replacement description
+        createdBy: sprz9fj1ycBcsgopy1d6
+        lastUpdatedBy: sprz9fj1ycBcsgopy1d6
+        created: '2021-07-05T20:40:38.000Z'
+        lastUpdated: '2021-07-05T20:40:38.000Z'
+        default: false
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+          schema:
+            href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+    ResourceSetBindingAddMembersRequestExample:
+      value:
+        additions:
+          - https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3
+          - https://{yourOktaDomain}/api/v1/users/00u67DU2qNCjNZYO0g3
+    ResourceSetBindingCreateRequestExample:
+      value:
+        role: cr0Yq6IJxGIr0ouum0g3
+        members:
+          - https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3
+    ResourceSetBindingMemberResponse:
+      value:
+        id: irb1qe6PGuMc7Oh8N0g4
+        created: '2021-02-06T16:20:57.000Z'
+        lastUpdated: '2021-02-06T16:20:57.000Z'
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/users/00uuk41Hjga5qGfQ30g3
+    ResourceSetBindingMembersResponse:
+      value:
+        members:
+          - id: irb1qe6PGuMc7Oh8N0g4
+            created: '2021-02-06T16:20:57.000Z'
+            lastUpdated: '2021-02-06T16:20:57.000Z'
+            _links:
+              self:
+                href: https://{yourOktaDomain}/api/v1/users/00uuk41Hjga5qGfQ30g3
+          - id: irb1q92TFAHzySt3x0g4
+            created: '2021-02-06T16:20:57.000Z'
+            lastUpdated: '2021-02-06T16:20:57.000Z'
+            _links:
+              self:
+                href: https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3
+        _links:
+          binding:
+            href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3
+          next:
+            href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3/members?after=0ouRq6IJmGIr3ouum0g3
+    ResourceSetBindingResponseExample:
+      value:
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3
+          bindings:
+            href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings
+          resource-set:
+            href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g
+    ResourceSetBindingResponseWithIdExample:
+      value:
+        id: cr0Yq6IJxGIr0ouum0g3
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3
+          bindings:
+            href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings
+          resource-set:
+            href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g
+    ResourceSetBindingsResponse:
+      value:
+        roles:
+          - id: cr0WxyzJxGIr0ouum0g4
+            _links:
+              self:
+                href: https://{yourOktaDomain}/api/v1/iam/roles/cr0WxyzJxGIr0ouum0g4
+              members:
+                href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0WxyzJxGIr0ouum0g4/members
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings
+          resource-set:
+            href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g
+          next:
+            href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings?after=cr0WxyzJxGIr0ouum0g4
+    ResourceSetRequest:
+      value:
+        label: SF-IT-People
+        description: People in the IT department of San Francisco
+        resources:
+          - https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3
+          - https://{yourOktaDomain}/api/v1/groups/00gu67DU2qNCjNZYO0g3/users
+          - https://{yourOktaDomain}/api/v1/users
+    ResourceSetResourcePatchRequestExample:
+      value:
+        additions:
+          - https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3
+          - https://{yourOktaDomain}/api/v1/groups/00gu67DU2qNCjNZYO0g3/users
+    ResourceSetResourcesResponse:
+      value:
+        resources:
+          - id: ire106sQKoHoXXsAe0g4
+            created: '2021-02-06T16:20:57.000Z'
+            lastUpdated: '2021-02-06T16:20:57.000Z'
+            _links:
+              self:
+                href: https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3
+          - id: ire106riDrTYl4qA70g4
+            created: '2021-02-06T16:20:57.000Z'
+            lastUpdated: '2021-02-06T16:20:57.000Z'
+            _links:
+              self:
+                href: https://{yourOktaDomain}/api/v1/groups/00gu67DU2qNCjNZYO0g3/users
+          - id: irezvo4AwE2ngpMw40g3
+            created: '2021-02-06T16:20:57.000Z'
+            lastUpdated: '2021-02-06T16:20:57.000Z'
+            _links:
+              users:
+                href: https://{yourOktaDomain}/api/v1/users
+              groups:
+                href: https://{yourOktaDomain}/api/v1/groups
+        _links:
+          next:
+            href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/resources?after=irezvn1ZZxLSIBM2J0g3
+          resource-set:
+            href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g
+    ResourceSetResponse:
+      value:
+        id: iamoJDFKaJxGIr0oamd9g
+        label: SF-IT-People
+        description: People in the IT department of San Francisco
+        created: '2021-02-06T16:20:57.000Z'
+        lastUpdated: '2021-02-06T16:20:57.000Z'
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g
+          resources:
+            href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/resources
+          bindings:
+            href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings
+    ResourceSetsResponse:
+      value:
+        resource-sets:
+          - id: iamoJDFKaJxGIr0oamd9g
+            label: SF-IT-1
+            description: First San Francisco IT Resource Set
+            created: '2021-02-06T16:20:57.000Z'
+            lastUpdated: '2021-02-06T16:20:57.000Z'
+            _links:
+              self:
+                href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g
+              resources:
+                href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/resources
+              bindings:
+                href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings
+          - id: iamoJDFKaJxGIr0oamd0q
+            label: SF-IT-2
+            description: Second San Francisco IT Resource Set
+            created: '2021-02-06T16:20:57.000Z'
+            lastUpdated: '2021-02-06T16:20:57.000Z'
+            _links:
+              self:
+                href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd0q
+              resources:
+                href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd0q/resources
+              bindings:
+                href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd0q/bindings
+        _links:
+          next:
+            href: https://{yourOktaDomain}/api/v1/iam/resource-sets?after=iamoJDFKaJxGIr0oamd0q
+    RetrieveAllZones:
+      summary: Retrieves all Network Zones
+      value:
+        - type: IP
+          id: nzowc1U5Jh5xuAK0o0g3
+          name: LegacyIpZone
+          status: ACTIVE
+          usage: POLICY
+          created: 2019-05-17T18:44:31.000Z
+          lastUpdated: 2019-05-21T13:50:49.000Z
+          system: true
+          gateways:
+            - type: CIDR
+              value: 1.2.3.4/24
+          proxies:
+            - type: RANGE
+              value: 3.3.4.5-3.3.4.15
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3
+              hints:
+                allow:
+                  - GET
+                  - PUT
+                  - DELETE
+            deactivate:
+              href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate
+              hints:
+                allow:
+                  - POST
+        - type: DYNAMIC
+          id: nzowc1U5Jh5xuAK0o0g3
+          name: test
+          status: ACTIVE
+          usage: POLICY
+          created: 2019-05-17T18:44:31.000Z
+          lastUpdated: 2019-05-21T13:50:49.000Z
+          system: false
+          locations:
+            - country: AF
+              region: AF-BGL
+          proxyType: ANY
+          asns:
+            - '23457'
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3
+              hints:
+                allow:
+                  - GET
+                  - PUT
+                  - DELETE
+            deactivate:
+              href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate
+              hints:
+                allow:
+                  - POST
+    RetrieveAllZonesWithFilter:
+      summary: Retrieves Network Zones with filter
+      value:
+        - type: IP
+          id: nzowc1U5Jh5xuAK0o0g3
+          name: LegacyIpZone
+          status: ACTIVE
+          usage: POLICY
+          created: 2019-05-17T18:44:31.000Z
+          lastUpdated: 2019-05-21T13:50:49.000Z
+          system: true
+          gateways:
+            - type: CIDR
+              value: 1.2.3.4/24
+          proxies:
+            - type: RANGE
+              value: 3.3.4.5-3.3.4.15
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3
+              hints:
+                allow:
+                  - GET
+                  - PUT
+                  - DELETE
+            deactivate:
+              href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate
+              hints:
+                allow:
+                  - POST
+    RetrieveKeyResponse:
+      summary: Retrieve a key by hookKeyId response example
+      value:
+        id: HKY1p7jWLndGQV9M60g4
+        keyId: 7fbc27fd-e3df-4522-86bf-1930110256ad
+        name: My new key
+        created: '2022-08-31T18:09:58.000Z'
+        lastUpdated: '2022-08-31T18:09:58.000Z'
+        isUsed: 'false'
+    RetrieveMappingsResponse:
+      summary: Retrieve a single Profile Mapping
+      value:
+        id: prm1k47ghydIQOTBW0g4
+        source:
+          id: otysbePhQ3yqt4cVv0g3
+          name: user
+          type: user
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/meta/types/user/otysbePhQ3yqt4cVv0g3
+            schema:
+              href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscsbePhQ3yqt4cVv0g3
+        target:
+          id: 0oa1qmn4LZQQEH0wZ0g4
+          name: okta_org2org
+          type: appuser
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/apps/0oa1qmn4LZQQEH0wZ0g4
+            schema:
+              href: https://{yourOktaDomain}/api/v1/meta/schemas/apps/0oa1qmn4LZQQEH0wZ0g4/default
+        properties:
+          firstName:
+            expression: user.firstName
+            pushStatus: PUSH
+          lastName:
+            expression: user.lastName
+            pushStatus: PUSH
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/mappings/prm1k48weFSOnEUnw0g4
+    RetrieveNetworkZoneDynamic:
+      summary: Dynamic Network Zone response
+      value:
+        type: DYNAMIC
+        id: nzowc1U5Jh5xuAK0o0g3
+        name: test
+        status: ACTIVE
+        usage: POLICY
+        created: '2019-05-17T18:44:31.000Z'
+        lastUpdated: '2019-05-21T13:50:49.000Z'
+        system: false
+        locations:
+          - country: AF
+            region: AF-BGL
+        proxyType: ANY
+        asns:
+          - '23457'
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    RetrieveNetworkZoneIP:
+      summary: IP Network Zone response
+      value:
+        type: IP
+        id: nzowc1U5Jh5xuAK0o0g3
+        name: LegacyIpZone
+        status: ACTIVE
+        usage: POLICY
+        created: 2019-05-17T18:44:31.000Z
+        lastUpdated: 2019-05-21T13:50:49.000Z
+        system: true
+        gateways:
+          - type: CIDR
+            value: 1.2.3.4/24
+        proxies:
+          - type: RANGE
+            value: 3.3.4.5-3.3.4.15
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    RetrievePublicKeyResponse:
+      summary: Retrieve Public Key response example
+      value:
+        _embedded:
+          kty: RSA
+          alg: RSA
+          kid: 7fbc27fd-e3df-4522-86bf-1930110256ad
+          use: null
+          e: AQAB
+          'n': 2naqCnv6r4xNQs7207lRtKQvdtnlVND-8k5iYBIiqoKGY3CqUmRm1jleoOniiQoMkFX8Wj2DmVqr002efF3vOQ7_gjtTatBTVUNbNIQLybun4dkVoUtfP7pRc5SLpcP3eGPRVar734ZrpQXzmCEdpqBt3jrVjwYjNE5DqOjbYXFJtMsy8CWE9LRJ3kyHEoHPzo22dG_vMrXH0_sAQoCk_4TgNCbvyzVmGVYXI_BkUnp0hv2pR4bQVRYzGB9dKJdctOh8zULqc_EJ8tiYsS05YnF7whrWEyARK0rH-e4d4W-OmBTga_zhY4kJ4NsoQ4PyvcatZkxjPO92QHQOFDnf3w`
+    RetrieveUISchemaResponse:
+      summary: Retrieves a UI Schema response
+      value:
+        id: uis4a7liocgcRgcxZ0g7
+        uiSchema:
+          type: Group
+          label: Sign in
+          buttonLabel: Submit
+          elements:
+            - type: Control
+              scope: '#/properties/firstName'
+              label: First name
+              options:
+                format: text
+            - type: Control
+              scope: '#/properties/lastName'
+              label: Last name
+              options:
+                format: text
+            - type: Control
+              scope: '#/properties/email'
+              label: Email
+              options:
+                format: text
+            - type: Control
+              scope: '#/properties/countryCode'
+              label: Country code
+              options:
+                format: select
+            - type: Control
+              scope: '#/properties/bool2'
+              label: bool2
+              options:
+                format: checkbox
+            - type: Control
+              scope: '#/properties/date'
+              label: date
+            - type: Control
+              scope: '#/properties/enum'
+              label: enum
+              options:
+                format: radio
+        created: '2022-07-25T12:56:31.000Z'
+        lastUpdated: '2022-07-26T11:53:59.000Z'
+        _links:
+          self:
+            href: https://exmaple.com/api/v1/meta/uischemas/uis4a7liocgcRgcxZ0g7
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+    RiskEventsRequestExample:
+      summary: Risk Events payload example
+      value:
+        - timestamp: '2021-01-20T00:00:00.001Z'
+          subjects:
+            - ip: 6.7.6.7
+              riskLevel: MEDIUM
+            - ip: 1.1.1.1
+              riskLevel: HIGH
+              message: Detected Attack tooling and suspicious activity
+        - timestamp: '2021-01-20T01:00:00.001Z'
+          subjects:
+            - ip: 6.7.6.7
+              riskLevel: LOW
+            - ip: 2.2.2.2
+              riskLevel: HIGH
+    RiskProviderPutRequest:
+      summary: Replace Risk Provider request example
+      value:
+        name: Risk-Partner-Y
+        action: enforce_and_log
+        clientId: 00ckjsfgjkdkjdkkljjsd
+    RiskProviderPutResponse:
+      summary: Replace Risk Provider response example
+      value:
+        id: 00rp12r4skkjkjgsn
+        action: enforce_and_log
+        name: Risk-Partner-Y
+        clientId: 00ckjsfgjkdkjdkkljjsd
+        created: '2021-01-05 22:18:30'
+        lastUpdated: '2021-01-05 23:18:30'
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/risk/providers/00rp12r4skkjkjgsn
+            hints:
+              allow:
+                - GET
+                - PUT
+    RiskProviderRequest:
+      summary: Risk Provider payload example
+      value:
+        name: Risk-Partner-X
+        action: log_only
+        clientId: 00ckjsfgjkdkjdkkljjsd
+    RiskProviderResponse:
+      summary: Risk Provider response example
+      value:
+        id: 00rp12r4skkjkjgsn
+        action: log_only
+        name: Risk-Partner-X
+        clientId: 00ckjsfgjkdkjdkkljjsd
+        created: '2021-01-05 22:18:30'
+        lastUpdated: '2021-01-05 22:18:30'
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/risk/providers/00rp12r4skkjkjgsn
+            hints:
+              allow:
+                - GET
+                - PUT
+    RoleAssignedUsersResponseExample:
+      value:
+        value:
+          - id: 00u118oQYT4TBGuay0g4
+            orn: orn:okta:00o5rb5mt2H3d1TJd0h7:users:00u118oQYT4TBGuay0g4
+            _links:
+              self:
+                href: http://your-subdomain.okta.com/api/v1/users/00u118oQYT4TBGuay0g4
+              roles:
+                href: http://your-subdomain.okta.com/api/v1/users/00u118oQYT4TBGuay0g4/roles
+        _links:
+          next:
+            href: http://your-subdomain.okta.com/api/v1/iam/assignees/users?after=00u118oQYT4TBGuay0g4&limit=1
+    RoleRequest:
+      value:
+        label: UserCreator
+        description: Create users
+        permissions:
+          - okta.users.create
+          - okta.users.read
+          - okta.groups.read
+          - okta.users.userprofile.manage
+    RoleResponse:
+      value:
+        id: cr0Yq6IJxGIr0ouum0g3
+        label: UserCreator
+        description: Create users
+        created: '2021-02-06T16:20:57.000Z'
+        lastUpdated: '2021-02-06T16:20:57.000Z'
+        _links:
+          permissions:
+            href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions
+          self:
+            href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3
+    RolesResponse:
+      value:
+        roles:
+          - id: cr0Yq6IJxGIr0ouum0g3
+            label: UserCreator
+            description: Create users
+            created: '2021-02-06T16:20:57.000Z'
+            lastUpdated: '2021-02-06T16:20:57.000Z'
+            _links:
+              permissions:
+                href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions
+              self:
+                href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3
+          - id: cr0Fw7HKcWIroo88m3r1
+            label: GroupMembershipManager
+            description: Manage group membership
+            created: '2021-02-06T16:20:57.000Z'
+            lastUpdated: '2021-02-06T16:20:57.000Z'
+            _links:
+              permissions:
+                href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Fw7HKcWIroo88m3r1/permissions
+              self:
+                href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Fw7HKcWIroo88m3r1
+        _links:
+          next:
+            href: https://{yourOktaDomain}/api/v1/iam/roles?after=cr0Fw7HKcWIroo88m3r1
+    SimulatePolicyBody:
+      summary: Simulate policy request body
+      description: Simulate policy request body
+      value:
+        policyType:
+          - OKTA_SIGN_ON
+          - MFA_ENROLL
+        appInstance: 0oa4eroj3nYCIJIW70g7
+        policyContext:
+          groups:
+            ids:
+              - 00g4eralvekR5RLuS0g7
+              - 00g4eralvekR5RLuS0g8
+        risk:
+          level: LOW
+        zones:
+          ids:
+            - nzo4eralxcRnbIHYJ0g7
+        device:
+          platform: IOS
+          registered: true
+          managed: true
+    SimulatePolicyResponse:
+      summary: Simulate policy response body
+      description: Simulate policy response body
+      value:
+        evaluation:
+          - status: null
+            policyType: OkTA_SIGN_ON
+            result:
+              policies:
+                - id: 00p4eromwukk6qUku0g7
+                - name: test policy
+                - status: MATCH
+                - conditions: []
+                - rules:
+                    - id: 0pr4erof85nGcyC7Y0g7
+                    - name: test rule
+                    - status: MATCH
+                    - conditions:
+                        - type: people.groups.include
+                        - status: MATCH
+            undefined:
+              policies: null
+            evaluated:
+              policies: null
+          - status: null
+            policyType: ACCESS_POLICY
+            result:
+              policies:
+                - id: rst4eram06ZKZewEe0g7
+                - name: Any two factors
+                - status: MATCH
+                - conditions: []
+                - rules:
+                    - id: rul4eram07VsWgybo0g7
+                    - name: Catch-all rule
+                    - status: MATCH
+                    - conditions: []
+            undefined:
+              policies: null
+            evaluated:
+              policies: null
+          - status: null
+            policyType: PROFILE_ENROLLMENT
+            result:
+              policies:
+                - id: rst4eram08ZSjPTOl0g7
+                - name: Default Policy
+                - status: MATCH
+                - conditions: []
+                - rules:
+                    - id: rul4eram094PrQ2BX0g7
+                    - name: Catch-all rule
+                    - status: MATCH
+                    - conditions: []
+            undefined:
+              policies: null
+            evaluated:
+              policies: null
+    ThreatInsightResponseExample:
+      summary: ThreatInsight response
+      value:
+        action: none
+        excludeZones: []
+        created: '2020-08-05T22:18:30.629Z'
+        lastUpdated: '2020-08-05T22:18:30.629Z'
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/threats/configuration
+            hints:
+              allow:
+                - GET
+                - POST
+    ThreatInsightUpdateRequestExample:
+      summary: ThreatInsight update request
+      value:
+        action: audit
+        excludeZones:
+          - nzo1q7jEOsoCnoKcj0g4
+          - nzouagptWUz5DlLfM0g3
+    ThreatInsightUpdateResponseExample:
+      summary: ThreatInsight update response
+      value:
+        action: audit
+        excludeZones:
+          - nzo1q7jEOsoCnoKcj0g4
+          - nzouagptWUz5DlLfM0g3
+        created: '2020-08-05T22:18:30.629Z'
+        lastUpdated: '2020-10-13T21:23:10.178Z'
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/threats/configuration
+            hints:
+              allow:
+                - GET
+                - POST
+    TriggerSessionResponse:
+      value:
+        - id: uij4ri8ZLk0ywyqxB0g4
+          identitySourceId: 0oa3l6l6WK6h0R0QW0g4
+          status: TRIGGERED
+          importType: INCREMENTAL
+          created: 2022-04-04T15:56:05.000Z
+          lastUpdated: 2022-05-05T18:15:44.000Z
+    UpdateAppFeatureRequestEx:
+      summary: Update app Feature request
+      value:
+        create:
+          lifecycleCreate:
+            status: ENABLED
+        update:
+          lifecycleDeactivate:
+            status: ENABLED
+          profile:
+            status: ENABLED
+          password:
+            status: ENABLED
+            seed: RANDOM
+            change: CHANGE
+    UpdateAppFeatureResponseEx:
+      summary: Update app Feature response
+      value:
+        name: USER_PROVISIONING
+        status: ENABLED
+        description: User provisioning settings from Okta to a downstream application
+        capabilities:
+          create:
+            lifecycleCreate:
+              status: ENABLED
+          update:
+            lifecycleDeactivate:
+              status: ENABLED
+            profile:
+              status: ENABLED
+            password:
+              status: ENABLED
+              seed: RANDOM
+              change: CHANGE
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/apps/${appId}/features/USER_PROVISIONING
+            hints:
+              allow:
+                - GET
+                - PUT
+    UpdateBrandRequest:
+      value:
+        customPrivacyPolicyUrl: https://www.someHost.com/privacy-policy
+        agreeToCustomPrivacyPolicy: true
+        removePoweredByOkta: true
+        name: New Name For Brand
+        emailDomainId: OeD114iNkrcN6aR680g4
+        locale: en
+        defaultApp:
+          appInstanceId: 0oa114iNkrcN6aR680g4
+          appLinkName: null
+          classicApplicationUri: null
+    UpdateBrandResponse:
+      value:
+        id: bnd114iNkrcN6aR680g4
+        removePoweredByOkta: true
+        agreeToCustomPrivacyPolicy: true
+        name: New Name For Brand
+        isDefault: true
+        customPrivacyPolicyUrl: https://www.someHost.com/privacy-policy
+        emailDomainId: OeD114iNkrcN6aR680g4
+        defaultApp:
+          appInstanceId: 0oa114iNkrcN6aR680g4
+          appLinkName: null
+          classicApplicationUri: null
+        locale: en
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          themes:
+            href: https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4/themes
+            hints:
+              allow:
+                - GET
+    UpdateEmailDomainRequest:
+      value:
+        displayName: IT Admin
+        userName: noreply
+    UpdateMappingBody:
+      summary: Update an existing profile mapping by updating one or more properties
+      value:
+        properties:
+          nickName:
+            expression: user.honorificPrefix + user.displayName
+            pushStatus: DONT_PUSH
+    UpdateMappingResponse:
+      summary: Update an existing profile mapping by updating one or more properties
+      value:
+        id: prm1k47ghydIQOTBW0g4
+        source:
+          id: otysbePhQ3yqt4cVv0g3
+          name: user
+          type: user
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/meta/types/user/otysbePhQ3yqt4cVv0g3
+            schema:
+              href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscsbePhQ3yqt4cVv0g3
+        target:
+          id: 0oa1qmn4LZQQEH0wZ0g4
+          name: okta_org2org
+          type: appuser
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/apps/0oa1qmn4LZQQEH0wZ0g4
+            schema:
+              href: https://{yourOktaDomain}/api/v1/meta/schemas/apps/0oa1qmn4LZQQEH0wZ0g4/default
+        properties:
+          fullName:
+            expression: user.firstName + user.lastName
+            pushStatus: PUSH
+          nickName:
+            expression: user.honorificPrefix + user.displayName
+            pushStatus: DONT_PUSH
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/mappings/prm1k48weFSOnEUnw0g4
+    UpdateUserTypePostRequest:
+      summary: Update user type request
+      value:
+        displayName: Updated Display Name
+    UpdateUserTypePostResponse:
+      summary: Update user type response
+      value:
+        id: otyfnly5cQjJT9PnR0g4
+        displayName: Updated Display Name
+        name: newUserType
+        description: A new custom user type
+        createdBy: sprz9fj1ycBcsgopy1d6
+        lastUpdatedBy: sprz9fj1ycBcsgopy1d6
+        created: '2021-07-05T20:40:38.000Z'
+        lastUpdated: '2021-07-05T20:40:38.000Z'
+        default: false
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+          schema:
+            href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+    UpdatedEmailDomainResponse:
+      value:
+        id: OeD114iNkrcN6aR680g4
+        validationStatus: NOT_STARTED
+        displayName: IT Admin
+        userName: noreply
+        domain: example.com
+        dnsValidationRecords:
+          - recordType: TXT
+            fqdn: _oktaverification.example.com
+            verificationValue: 759080212bda43e3bc825a7d73b4bb64
+          - recordType: CNAME
+            fqdn: mail.example.com
+            verificationValue: u22224444.wl024.sendgrid.net
+          - recordType: CNAME
+            fqdn: t02._domainkey.example.com
+            verificationValue: t02.domainkey.u22224444.wl024.sendgrid.net
+          - recordType: CNAME
+            fqdn: t022._domainkey.example.com
+            verificationValue: t02.domainkey.u22224444.wl024.sendgrid.net
+    UserSchemaAddRequest:
+      value:
+        definitions:
+          custom:
+            id: '#custom'
+            type: object
+            properties:
+              twitterUserName:
+                title: Twitter username
+                description: Twitter Username
+                type: string
+                required: false
+                minLength: 1
+                maxLength: 20
+                permissions:
+                  - principal: SELF
+                    action: READ_WRITE
+            required: []
+    UserSchemaResponse:
+      value:
+        id: https://{yourOktaDomain}/meta/schemas/user/default
+        $schema: http://json-schema.org/draft-04/schema#
+        name: user
+        title: Default Okta User
+        lastUpdated: '2015-09-05T10:40:45.000Z'
+        created: '2015-02-02T10:27:36.000Z'
+        definitions:
+          base:
+            id: '#base'
+            type: object
+            properties:
+              login:
+                title: Username
+                type: string
+                required: true
+                minLength: 5
+                maxLength: 100
+                permissions:
+                  - principal: SELF
+                    action: READ_WRITE
+              firstName:
+                title: First name
+                type: string
+                required: true
+                minLength: 1
+                maxLength: 50
+                permissions:
+                  - principal: SELF
+                    action: READ_WRITE
+              lastName:
+                title: Last name
+                type: string
+                required: true
+                minLength: 1
+                maxLength: 50
+                permissions:
+                  - principal: SELF
+                    action: READ_WRITE
+              email:
+                title: Primary email
+                type: string
+                required: true
+                format: email
+                permissions:
+                  - principal: SELF
+                    action: READ_WRITE
+            required:
+              - login
+              - firstName
+              - lastName
+              - email
+          custom:
+            id: '#custom'
+            type: object
+            properties:
+              twitterUserName:
+                title: Twitter username
+                description: User's username for twitter.com
+                type: string
+                required: false
+                minLength: 1
+                maxLength: 20
+                permissions:
+                  - principal: SELF
+                    action: READ_WRITE
+            required: []
+        type: object
+        properties:
+          profile:
+            allOf:
+              - $ref: '#/definitions/base'
+              - $ref: '#/definitions/custom'
+    VerifiedEmailDomainResponse:
+      value:
+        id: OeD114iNkrcN6aR680g4
+        validationStatus: VERIFIED
+        displayName: IT Admin
+        userName: noreply
+        domain: example.com
+        dnsValidationRecords:
+          - recordType: TXT
+            fqdn: _oktaverification.example.com
+            verificationValue: 759080212bda43e3bc825a7d73b4bb64
+          - recordType: CNAME
+            fqdn: mail.example.com
+            verificationValue: u22224444.wl024.sendgrid.net
+          - recordType: CNAME
+            fqdn: t02._domainkey.example.com
+            verificationValue: t02.domainkey.u22224444.wl024.sendgrid.net
+          - recordType: CNAME
+            fqdn: t022._domainkey.example.com
+            verificationValue: t02.domainkey.u22224444.wl024.sendgrid.net
+    WellKnownOrgMetadataResponseClassic:
+      value:
+        id: 00o5rb5mt2H3d1TJd0h7
+        _links:
+          organization:
+            href: https://{{yourOktaDomain}}
+        pipeline: v1
+        settings:
+          analyticsCollectionEnabled: false
+          bugReportingEnabled: true
+          omEnabled: true
+    WellKnownOrgMetadataResponseCustomUrlOie:
+      value:
+        id: 00o47wwoytgsDqEtz0g7
+        _links:
+          organization:
+            href: https://{{yourSubdomain}}.okta.com
+          alternate:
+            href: https://{{yourCustomDomain}}
+        pipeline: idx
+        settings:
+          analyticsCollectionEnabled: false
+          bugReportingEnabled: true
+          omEnabled: false
+    activeAPIServiceIntegrationInstanceSecretResponse:
+      summary: Activate Secret response example
+      value:
+        id: ocs2f50kZB0cITmYU0g4
+        status: ACTIVE
+        client_secret: '***MQGQ'
+        secret_hash: 0WOOvBSzV9clc4Nr7Rbaug
+        created: '2023-04-06T21:32:33.000Z'
+        lastUpdated: '2023-04-06T21:32:33.000Z'
+        _links:
+          deactivate:
+            href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f50kZB0cITmYU0g4/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    inactiveAPIServiceIntegrationInstanceSecretResponse:
+      summary: Deactivate Secret response example
+      value:
+        id: ocs2f4zrZbs8nUa7p0g4
+        status: INACTIVE
+        client_secret: '***DhOW'
+        secret_hash: yk4SVx4sUWVJVbHt6M-UPA
+        created: '2023-02-21T20:08:24.000Z'
+        lastUpdated: '2023-02-21T20:08:24.000Z'
+        _links:
+          activate:
+            href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f4zrZbs8nUa7p0g4/lifecycle/activate
+            hints:
+              allow:
+                - POST
+          delete:
+            href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f4zrZbs8nUa7p0g4
+            hints:
+              allow:
+                - DELETE
+    newAPIServiceIntegrationInstanceSecretResponse:
+      summary: New secret response example
+      value:
+        id: ocs2f50kZB0cITmYU0g4
+        status: ACTIVE
+        client_secret: DRUFXGF9XbLnS9k-Sla3x3POBiIxDreBCdZuFs5B
+        secret_hash: FpCwXwSjTRQNtEI11I00-g
+        created: '2023-04-06T21:32:33.000Z'
+        lastUpdated: '2023-04-06T21:32:33.000Z'
+        _links:
+          deactivate:
+            href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f50kZB0cITmYU0g4/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    postAPIServiceIntegrationRequest:
+      value:
+        type: my_app_cie
+        grantedScopes:
+          - okta.logs.read
+          - okta.groups.read
+          - okta.users.read
+    postAPIServiceIntegrationResponse:
+      summary: Post response example
+      value:
+        id: 0oa72lrepvp4WqEET1d9
+        type: my_app_cie
+        name: My App Cloud Identity Engine
+        createdAt: '2023-02-21T20:08:24.000Z'
+        createdBy: 00uu3u0ujW1P6AfZC2d5
+        clientSecret: CkF69kXtag0q0P4pXU8OnP5IAzgGlwx6eqGy7Fmg
+        configGuideUrl: https://{docDomain}/my-app-cie/configuration-guide
+        grantedScopes:
+          - okta.logs.read
+          - okta.groups.read
+          - okta.users.read
+        _links:
+          self:
+            href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa72lrepvp4WqEET1d9
+            hints:
+              allow:
+                - GET
+                - DELETE
+          client:
+            href: https://{yourOktaDomain}/oauth2/v1/clients/0oa72lrepvp4WqEET1d9
+            hints:
+              allow:
+                - GET
+          logo:
+            name: small
+            href: https://{logoDomain}/{logoPath}/my_app_cie_small_logo
+    sspr-enabled-no-step-up:
+      summary: Password policy - SSPR with no step up
+      description: This password policy permits self-service password change, reset, and unlock. Phone SMS or email are initial authenticators with no secondary authentication required.
+      value:
+        name: SSPR Rule
+        priority: 1
+        status: ACTIVE
+        conditions:
+          people:
+            users:
+              exclude: []
+          network:
+            connection: ANYWHERE
+        actions:
+          passwordChange:
+            access: ALLOW
+          selfServicePasswordReset:
+            access: ALLOW
+            requirement:
+              primary:
+                methods:
+                  - sms
+                  - email
+              stepUp:
+                required: false
+          selfServiceUnlock:
+            access: ALLOW
+        system: false
+        type: PASSWORD
+    sspr-enabled-no-step-up-response:
+      summary: Password policy - SSPR with no step up
+      value:
+        id: ruleId
+        $ref: '#/components/examples/sspr-enabled-no-step-up/value'
+        _links:
+          self:
+            href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    sspr-enabled-no-step-up-update:
+      summary: Password policy - SSPR with no step up
+      description: This password policy permits self-service password change, reset, and unlock. Phone SMS or email are initial authenticators with no secondary authentication required.
+      value:
+        id: ruleId
+        $ref: '#/components/examples/sspr-enabled-no-step-up/value'
+    sspr-enabled-sq-step-up:
+      summary: Password policy - SSPR with security question as step up
+      description: This password policy permits self-service password change, reset, and unlock. Phone SMS and Okta Verify push are initial authenticators, and the secondary authentication is a security question.
+      value:
+        name: SSPR Rule
+        priority: 1
+        status: ACTIVE
+        conditions:
+          people:
+            users:
+              exclude: []
+          network:
+            connection: ANYWHERE
+        actions:
+          passwordChange:
+            access: ALLOW
+          selfServicePasswordReset:
+            access: ALLOW
+            requirement:
+              primary:
+                methods:
+                  - push
+                  - sms
+              stepUp:
+                required: true
+                methods:
+                  - security_question
+          selfServiceUnlock:
+            access: ALLOW
+        system: false
+        type: PASSWORD
+    sspr-enabled-sq-step-up-response:
+      summary: Password policy - SSPR with security question as step up
+      value:
+        id: ruleId
+        $ref: '#/components/examples/sspr-enabled-sq-step-up/value'
+        _links:
+          self:
+            href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    sspr-enabled-sq-step-up-update:
+      summary: Password policy - SSPR with security question as step up
+      description: This password policy permits self-service password change, reset, and unlock. Phone SMS and Okta Verify push are initial authenticators, and the secondary authentication is a security question.
+      value:
+        id: ruleId
+        $ref: '#/components/examples/sspr-enabled-sq-step-up/value'
+    sspr-enabled-sso-step-up:
+      summary: Password policy - SSPR with any SSO authenticator as step up
+      description: This password policy permits self-service password change, reset, and unlock. Phone SMS or email are initial authenticators. The step-up authentication required is any active SSO authenticator.
+      value:
+        name: SSPR Rule
+        priority: 1
+        status: ACTIVE
+        conditions:
+          people:
+            users:
+              exclude: []
+          network:
+            connection: ANYWHERE
+        actions:
+          passwordChange:
+            access: ALLOW
+          selfServicePasswordReset:
+            access: ALLOW
+            requirement:
+              primary:
+                methods:
+                  - push
+                  - sms
+              stepUp:
+                required: true
+          selfServiceUnlock:
+            access: ALLOW
+        system: false
+        type: PASSWORD
+    sspr-enabled-sso-step-up-response:
+      summary: Password policy - SSPR with any SSO authenticator as step up
+      value:
+        id: ruleId
+        $ref: '#/components/examples/sspr-enabled-sso-step-up/value'
+        _links:
+          self:
+            href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    sspr-enabled-sso-step-up-update:
+      summary: Password policy - SSPR with any SSO authenticator as step up
+      description: This password policy permits self-service password change, reset, and unlock. Phone SMS or email are initial authenticators. The step-up authentication required is any active SSO authenticator.
+      value:
+        id: ruleId
+        $ref: '#/components/examples/sspr-enabled-sso-step-up/value'
+    sspr-enabled-sso-step-up-with-constraints:
+      summary: Password policy - Enable SSPR with OTP enabled and Google authenticator constraint
+      description: This password policy permits self-service password change, reset, and unlock. Okta Verify push, Phone SMS, or Google OTP are initial authenticators. The secondary authentication required is any SSO authenticator. The `methodConstraints` property limits OTP authenticators to Google.
+      value:
+        id: ruleId
+        name: SSPR Rule
+        priority: 1
+        status: ACTIVE
+        conditions:
+          people:
+            users:
+              exclude: []
+          network:
+            connection: ANYWHERE
+        actions:
+          passwordChange:
+            access: ALLOW
+          selfServicePasswordReset:
+            access: ALLOW
+            requirement:
+              primary:
+                methods:
+                  - push
+                  - sms
+                  - otp
+                methodConstraints:
+                  - method: otp
+                    allowedAuthenticators:
+                      - key: google_otp
+              stepUp:
+                required: true
+          selfServiceUnlock:
+            access: ALLOW
+        system: false
+        type: PASSWORD
+    sspr-enabled-sso-step-up-with-constraints-response:
+      summary: Password policy - Enable SSPR with OTP enabled and Google authenticator constraint
+      value:
+        id: ruleId
+        $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints/value'
+        _links:
+          self:
+            href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    sspr-enabled-sso-step-up-with-constraints-update:
+      summary: Password policy - Enable SSPR with OTP enabled and Google authenticator constraint
+      description: This password policy permits self-service password change, reset, and unlock. Okta Verify push, Phone SMS, or Google OTP are initial authenticators. The secondary authentication required is any SSO authenticator. The `methodConstraints` property limits OTP authenticators to Google.
+      value:
+        id: ruleId
+        $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints/value'
+  parameters:
+    UISchemaId:
+      name: id
+      description: The unique ID of the UI Schema
+      in: path
+      required: true
+      schema:
+        type: string
+        example: uis4a7liocgcRgcxZ0g7
+    pathApiServiceId:
+      name: apiServiceId
+      in: path
+      schema:
+        type: string
+      required: true
+      description: '`id` of the API Service Integration instance'
+      example: 000lr2rLjZ6NsGn1P0g3
+    pathApiTokenId:
+      name: apiTokenId
+      in: path
+      schema:
+        type: string
+        example: 00Tabcdefg1234567890
+      required: true
+      description: id of the API Token
+    pathAppId:
+      name: appId
+      description: ID of the Application
+      in: path
+      required: true
+      schema:
+        type: string
+        example: 0oafxqCAJWWGELFTYASJ
+    pathAppName:
+      name: appName
+      in: path
+      required: true
+      schema:
+        type: string
+        example: oidc_client
+    pathAssociatedServerId:
+      name: associatedServerId
+      description: '`id` of the associated Authorization Server'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: aus6xt9jKPmCyn6kg0g4
+    pathAuthServerId:
+      name: authServerId
+      description: '`id` of the Authorization Server'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: GeGRTEr7f3yu2n7grw22
+    pathAuthenticatorId:
+      name: authenticatorId
+      description: '`id` of the Authenticator'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: aut1nd8PQhGcQtSxB0g4
+    pathBehaviorId:
+      name: behaviorId
+      in: path
+      schema:
+        type: string
+        example: abcd1234
+      required: true
+      description: id of the Behavior Detection Rule
+    pathBrandId:
+      name: brandId
+      in: path
+      required: true
+      schema:
+        type: string
+      description: The ID of the brand
+    pathCaptchaId:
+      name: captchaId
+      in: path
+      schema:
+        type: string
+      required: true
+      description: The unique key used to identify your CAPTCHA instance
+    pathClaimId:
+      name: claimId
+      description: '`id` of Claim'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: hNJ3Uk76xLagWkGx5W3N
+    pathClientId:
+      name: clientId
+      description: '`client_id` of the app'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
+    pathContactType:
+      name: contactType
+      in: path
+      required: true
+      schema:
+        type: string
+    pathCsrId:
+      name: csrId
+      description: '`id` of the CSR'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: fd7x1h7uTcZFx22rU1f7
+    pathCustomizationId:
+      name: customizationId
+      in: path
+      required: true
+      schema:
+        type: string
+      description: The ID of the email customization
+    pathDeviceAssuranceId:
+      in: path
+      name: deviceAssuranceId
+      required: true
+      description: Id of the Device Assurance Policy
+      schema:
+        type: string
+    pathDeviceId:
+      name: deviceId
+      in: path
+      schema:
+        type: string
+        example: guo4a5u7JHHhjXrMK0g4
+      required: true
+      description: '`id` of the device'
+    pathDomainId:
+      name: domainId
+      description: '`id` of the Domain'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: OmWNeywfTzElSLOBMZsL
+    pathEmailDomainId:
+      name: emailDomainId
+      in: path
+      required: true
+      schema:
+        type: string
+        description: The ID of the email domain.
+    pathEmailServerId:
+      name: emailServerId
+      in: path
+      required: true
+      schema:
+        type: string
+        description: The ID of the email SMTP Server
+    pathEventHookId:
+      name: eventHookId
+      description: '`id` of the Event Hook'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: YTDQbItFfFuy9RdHrvly
+    pathFactorId:
+      name: factorId
+      description: '`id` of the Factor'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: zAgrsaBe0wVGRugDYtdv
+    pathFeatureId:
+      name: featureId
+      description: '`id` of the Feature'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: R5HjqNn1pEqWGy48E9jg
+    pathFeatureName:
+      name: featureName
+      description: Name of the Feature
+      in: path
+      required: true
+      schema:
+        type: string
+        example: USER_PROVISIONING
+    pathGrantId:
+      name: grantId
+      description: ID of the Grant
+      in: path
+      required: true
+      schema:
+        type: string
+        example: iJoqkwx50mrgX4T9LcaH
+    pathGroupId:
+      name: groupId
+      description: The `id` of the group
+      in: path
+      required: true
+      schema:
+        type: string
+        example: 00g1emaKYZTWRYYRRTSK
+    pathGroupRuleId:
+      name: groupRuleId
+      description: The `id` of the group rule
+      in: path
+      required: true
+      schema:
+        type: string
+        example: 0pr3f7zMZZHPgUoWO0g4
+    pathHookKeyId:
+      name: hookKeyId
+      description: '`id` of the Hook Key'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: XreKU5laGwBkjOTehusG
+    pathIdentitySourceId:
+      name: identitySourceId
+      in: path
+      required: true
+      schema:
+        type: string
+    pathIdentitySourceSessionId:
+      name: sessionId
+      in: path
+      required: true
+      schema:
+        type: string
+    pathIdpCsrId:
+      name: idpCsrId
+      description: '`id` of the IdP CSR'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: 1uEhyE65oV3H6KM9gYcN
+    pathIdpId:
+      name: idpId
+      description: '`id` of IdP'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: SVHoAOh0l8cPQkVX1LRl
+    pathIdpKeyId:
+      name: idpKeyId
+      description: '`id` of IdP Key'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: KmMo85SSsU7TZzOShcGb
+    pathInlineHookId:
+      name: inlineHookId
+      description: '`id` of the Inline Hook'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: Y7Rzrd4g4xj6WdKzrBHH
+    pathKeyId:
+      name: keyId
+      description: ID of the Key Credential for the application
+      in: path
+      required: true
+      schema:
+        type: string
+        example: sjP9eiETijYz110VkhHN
+    pathLifecycle:
+      name: lifecycle
+      description: Whether to `enable` or `disable` the feature
+      in: path
+      required: true
+      schema:
+        $ref: '#/components/schemas/FeatureLifecycle'
+    pathLinkedObjectName:
+      name: linkedObjectName
+      in: path
+      required: true
+      schema:
+        type: string
+    pathLogStreamId:
+      name: logStreamId
+      in: path
+      schema:
+        type: string
+        example: 0oa1orzg0CHSgPcjZ0g4
+      required: true
+      description: Unique identifier for the Log Stream
+    pathLogStreamType:
+      name: logStreamType
+      in: path
+      required: true
+      schema:
+        $ref: '#/components/schemas/LogStreamType'
+    pathMappingId:
+      name: mappingId
+      description: '`id` of the Mapping'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: cB6u7X8mptebWkffatKA
+    pathMemberId:
+      name: memberId
+      in: path
+      schema:
+        type: string
+        example: irb1qe6PGuMc7Oh8N0g4
+      required: true
+      description: '`id` of a member'
+    pathMethodType:
+      name: methodType
+      description: Type of the authenticator method
+      in: path
+      required: true
+      schema:
+        $ref: '#/components/schemas/AuthenticatorMethodType'
+    pathNotificationType:
+      name: notificationType
+      in: path
+      required: true
+      schema:
+        $ref: '#/components/schemas/NotificationType'
+    pathOperation:
+      name: operation
+      in: path
+      required: true
+      schema:
+        type: string
+    pathOwnerId:
+      description: The `id` of the group owner
+      name: ownerId
+      in: path
+      required: true
+      schema:
+        type: string
+        example: 00u1emaK22TWRYd3TtG
+    pathPermissionType:
+      name: permissionType
+      in: path
+      schema:
+        type: string
+        example: okta.users.manage
+      required: true
+      description: An okta permission type
+    pathPolicyId:
+      name: policyId
+      description: '`id` of the Policy'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: 00plrilJ7jZ66Gn0X0g3
+    pathPolicyMappingId:
+      name: mappingId
+      description: '`id` of the policy resource Mapping'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: maplr2rLjZ6NsGn1P0g3
+    pathPoolId:
+      name: poolId
+      in: path
+      description: Id of the agent pool for which the settings will apply
+      schema:
+        type: string
+      required: true
+    pathPrimaryRelationshipName:
+      name: primaryRelationshipName
+      in: path
+      required: true
+      schema:
+        type: string
+    pathPrimaryUserId:
+      name: primaryUserId
+      description: '`id` of primary User'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: ctxeQ5JnAVdGFBB7Zr7W
+    pathPrincipalRateLimitId:
+      name: principalRateLimitId
+      in: path
+      schema:
+        type: string
+        example: abcd1234
+      required: true
+      description: id of the Principal Rate Limit
+    pathPublicKeyId:
+      name: publicKeyId
+      description: '`id` of the Public Key'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: FcH2P9Eg7wr0o8N2FuV0
+    pathPushProviderId:
+      in: path
+      name: pushProviderId
+      required: true
+      description: Id of the push provider
+      schema:
+        type: string
+    pathRealmId:
+      name: realmId
+      description: '`id` of the Realm'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: vvrcFogtKCrK9aYq3fgV
+    pathRelationshipName:
+      name: relationshipName
+      in: path
+      required: true
+      schema:
+        type: string
+    pathResourceId:
+      name: resourceId
+      in: path
+      schema:
+        type: string
+        example: ire106sQKoHoXXsAe0g4
+      required: true
+      description: '`id` of a resource'
+    pathResourceSetId:
+      name: resourceSetId
+      in: path
+      schema:
+        type: string
+        example: iamoJDFKaJxGIr0oamd9g
+      required: true
+      description: '`id` of a Resource Set'
+    pathRiskProviderId:
+      name: riskProviderId
+      in: path
+      schema:
+        type: string
+        example: 00rp12r4skkjkjgsn
+      required: true
+      description: '`id` of the Risk Provider object'
+    pathRoleId:
+      name: roleId
+      description: '`id` of the Role'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: 3Vg1Pjp3qzw4qcCK5EdO
+    pathRoleIdOrLabel:
+      name: roleIdOrLabel
+      in: path
+      schema:
+        type: string
+        example: cr0Yq6IJxGIr0ouum0g3
+      required: true
+      description: '`id` or `label` of the role'
+    pathRoleRef:
+      name: roleRef
+      in: path
+      description: A reference to an existing role. Standard roles require a `roleType`, while Custom Roles require a `roleId`. See [Standard Role Types](https://developer.okta.com/docs/concepts/role-assignment/#standard-role-types).
+      required: true
+      schema:
+        oneOf:
+          - title: roleType
+            type: string
+            $ref: '#/components/schemas/RoleType'
+          - title: roleId
+            type: string
+    pathRuleId:
+      name: ruleId
+      description: '`id` of the Policy Rule'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: ruld3hJ7jZh4fn0st0g3
+    pathSchemaId:
+      name: schemaId
+      in: path
+      required: true
+      schema:
+        type: string
+    pathScopeId:
+      name: scopeId
+      description: '`id` of Scope'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: 0TMRpCWXRKFjP7HiPFNM
+    pathSecretId:
+      name: secretId
+      in: path
+      schema:
+        type: string
+      required: true
+      description: '`id` of the API Service Integration instance Secret'
+      example: ocs2f4zrZbs8nUa7p0g4
+    pathSection:
+      name: section
+      in: path
+      required: true
+      schema:
+        type: string
+    pathSessionId:
+      name: sessionId
+      description: '`id` of the Session'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: l7FbDVqS8zHSy65uJD85
+    pathTargetGroupId:
+      name: targetGroupId
+      in: path
+      required: true
+      schema:
+        type: string
+        example: 00g1e9dfjHeLAsdX983d
+    pathTemplateId:
+      name: templateId
+      description: '`id` of the Template'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: 6NQUJ5yR3bpgEiYmq8IC
+    pathTemplateName:
+      name: templateName
+      in: path
+      required: true
+      schema:
+        type: string
+      description: The name of the email template
+    pathThemeId:
+      name: themeId
+      in: path
+      required: true
+      schema:
+        type: string
+      description: The ID of the theme
+    pathTokenId:
+      name: tokenId
+      description: '`id` of Token'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: sHHSth53yJAyNSTQKDJZ
+    pathTransactionId:
+      name: transactionId
+      description: '`id` of the Transaction'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: gPAQcN3NDjSGOCAeG2Jv
+    pathTrustedOriginId:
+      name: trustedOriginId
+      description: '`id` of the Trusted Origin'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: 7j2PkU1nyNIDe26ZNufR
+    pathTypeId:
+      name: typeId
+      in: path
+      required: true
+      schema:
+        type: string
+        description: The unique key for the User Type
+    pathUpdateId:
+      name: updateId
+      in: path
+      description: Id of the update
+      schema:
+        type: string
+      required: true
+    pathUserId:
+      name: userId
+      in: path
+      required: true
+      schema:
+        type: string
+    pathZoneId:
+      name: zoneId
+      in: path
+      schema:
+        type: string
+      required: true
+      description: '`id` of the Network Zone'
+      example: nzowc1U5Jh5xuAK0o0g3
+    queryAfter:
+      name: after
+      in: query
+      schema:
+        type: string
+      description: The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](/#pagination) for more information.
+    queryExpand:
+      name: expand
+      in: query
+      description: 'An optional parameter to include scope details in the `_embedded` attribute. Valid value: `scope`'
+      schema:
+        type: string
+        example: scope
+    queryExpandBrand:
+      name: expand
+      in: query
+      style: form
+      explode: false
+      required: false
+      schema:
+        type: array
+        items:
+          type: string
+          enum:
+            - themes
+            - domains
+            - emailDomain
+      description: Specifies additional metadata to be included in the response
+    queryExpandEmailDomain:
+      name: expand
+      in: query
+      style: form
+      explode: false
+      required: false
+      schema:
+        type: array
+        items:
+          type: string
+          enum:
+            - brands
+      description: Specifies additional metadata to be included in the response
+    queryExpandEmailTemplate:
+      name: expand
+      in: query
+      style: form
+      explode: false
+      required: false
+      schema:
+        type: array
+        items:
+          type: string
+          enum:
+            - settings
+            - customizationCount
+      description: Specifies additional metadata to be included in the response
+    queryExpandPageRoot:
+      name: expand
+      in: query
+      style: form
+      explode: false
+      required: false
+      schema:
+        type: array
+        items:
+          type: string
+          enum:
+            - default
+            - customized
+            - customizedUrl
+            - preview
+            - previewUrl
+      description: Specifies additional metadata to be included in the response
+    queryFilter:
+      name: q
+      in: query
+      description: Searches the records for matching value
+      schema:
+        type: string
+    queryLanguage:
+      name: language
+      schema:
+        $ref: '#/components/schemas/Language'
+      in: query
+      description: The language to use for the email. Defaults to the current user's language if unspecified.
+    queryLimit:
+      name: limit
+      in: query
+      schema:
+        type: integer
+        minimum: 1
+        maximum: 200
+        default: 20
+      description: A limit on the number of objects to return
+    queryLimitPerPoolType:
+      name: limitPerPoolType
+      in: query
+      schema:
+        type: integer
+        default: 5
+      required: false
+      description: Maximum number of AgentPools being returned
+    queryPoolType:
+      name: poolType
+      in: query
+      schema:
+        $ref: '#/components/schemas/AgentType'
+      required: false
+      description: Agent type to search for
+    queryScheduled:
+      name: scheduled
+      in: query
+      description: Scope the list only to scheduled or ad-hoc updates. If the parameter is not provided we will return the whole list of updates.
+      schema:
+        type: boolean
+      required: false
+    simulateParameter:
+      name: expand
+      description: Use `expand=EVALUATED` to include a list of evaluated but not matched policies and policy rules. Use `expand=RULE` to include details about why a rule condition was (not) matched.
+      in: query
+      schema:
+        type: string
+        example: expand=EVALUATED&expand=RULE
+  requestBodies:
+    AuthenticatorRequestBody:
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/Authenticator'
+          examples:
+            Duo:
+              $ref: '#/components/examples/AuthenticatorRequestDuo'
+      required: true
+  responses:
+    ErrorApiValidationFailed400:
+      description: Bad Request
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/Error'
+          examples:
+            APIValidationFailed:
+              $ref: '#/components/examples/ErrorApiValidationFailed'
+    ErrorMissingRequiredParameter400:
+      description: Bad Request
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/Error'
+          examples:
+            MissingRequiredParameter:
+              $ref: '#/components/examples/ErrorMissingRequiredParameter'
+    ErrorInvalidToken401:
+      description: Unauthorized
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/Error'
+          examples:
+            InvalidTokenProvided:
+              $ref: '#/components/examples/ErrorInvalidTokenProvided'
+    ErrorAccessDenied403:
+      description: Forbidden
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/Error'
+          examples:
+            AccessDenied:
+              $ref: '#/components/examples/ErrorAccessDenied'
+    ErrorResourceNotFound404:
+      description: Not Found
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/Error'
+          examples:
+            ResourceNotFound:
+              $ref: '#/components/examples/ErrorResourceNotFound'
+    ErrorTooManyRequests429:
+      description: Too Many Requests
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/Error'
+          examples:
+            TooManyRequests:
+              $ref: '#/components/examples/ErrorTooManyRequests'
+    AuthenticatorResponse:
+      description: OK
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/Authenticator'
+          examples:
+            Duo:
+              $ref: '#/components/examples/AuthenticatorResponseDuo'
+            Email:
+              $ref: '#/components/examples/AuthenticatorResponseEmail'
+            Password:
+              $ref: '#/components/examples/AuthenticatorResponsePassword'
+            Phone:
+              $ref: '#/components/examples/AuthenticatorResponsePhone'
+            WebAuthn:
+              $ref: '#/components/examples/AuthenticatorResponseWebAuthn'
+            SecurityQuestion:
+              $ref: '#/components/examples/AuthenticatorResponseSecurityQuestion'
+  schemas:
+    APIServiceIntegrationInstance:
+      type: object
+      properties:
+        configGuideUrl:
+          type: string
+          description: The URL to the API service integration configuration guide
+          example: https://{docDomain}/my-app-cie/configuration-guide
+          readOnly: true
+        createdAt:
+          type: string
+          description: Timestamp when the API Service Integration instance was created
+          example: '2023-02-21T20:08:24.000Z'
+          readOnly: true
+        createdBy:
+          type: string
+          description: The user ID of the API Service Integration instance creator
+          example: 00uu3u0ujW1P6AfZC2d5
+          readOnly: true
+        grantedScopes:
+          type: array
+          description: The list of Okta management scopes granted to the API Service Integration instance. See [Okta management OAuth 2.0 scopes](/oauth2/#okta-admin-management).
+          items:
+            type: string
+          example:
+            - okta.logs.read
+        id:
+          type: string
+          description: The ID of the API Service Integration instance
+          readOnly: true
+          example: 0oa72lrepvp4WqEET1d9
+        name:
+          type: string
+          description: The name of the API service integration that corresponds with the `type` property. This is the full name of the API service integration listed in the Okta Integration Network (OIN) catalog.
+          readOnly: true
+          example: My App Cloud Identity Engine
+        type:
+          type: string
+          description: The type of the API service integration. This string is an underscore-concatenated, lowercased API service integration name. For example, `my_api_log_integration`.
+          example: my_app_cie
+        _links:
+          $ref: '#/components/schemas/APIServiceIntegrationLinks'
+          readOnly: true
+    APIServiceIntegrationInstanceSecret:
+      type: object
+      properties:
+        client_secret:
+          type: string
+          description: The OAuth 2.0 client secret string. The client secret string is returned in the response of a Secret creation request. In other responses (such as list, activate, or deactivate requests), the client secret is returned as an undisclosed hashed value.
+          example: DRUFXGF9XbLnS9k-Sla3x3POBiIxDreBCdZuFs5B
+          readOnly: true
+        created:
+          type: string
+          description: Timestamp when the API Service Integration instance Secret was created
+          example: '2023-02-21T20:08:24.000Z'
+          readOnly: true
+        id:
+          type: string
+          description: The ID of the API Service Integration instance Secret
+          example: ocs2f4zrZbs8nUa7p0g4
+          readOnly: true
+        lastUpdated:
+          type: string
+          description: Timestamp when the API Service Integration instance Secret was updated
+          example: '2023-02-21T20:08:24.000Z'
+          readOnly: true
+        secret_hash:
+          type: string
+          description: OAuth 2.0 client secret string hash
+          example: yk4SVx4sUWVJVbHt6M-UPA
+          readOnly: true
+        status:
+          type: string
+          enum:
+            - ACTIVE
+            - INACTIVE
+          description: Status of the API Service Integration instance Secret
+          example: ACTIVE
+        _links:
+          $ref: '#/components/schemas/APIServiceIntegrationSecretLinks'
+          readOnly: true
+      required:
+        - id
+        - status
+        - client_secret
+        - created
+        - lastUpdated
+        - secret_hash
+        - _links
+    APIServiceIntegrationLinks:
+      description: Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of an application using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. This object is used for dynamic discovery of related resources and lifecycle operations.
+      properties:
+        client:
+          $ref: '#/components/schemas/HrefObjectClientLink'
+        logo:
+          $ref: '#/components/schemas/HrefObjectLogoLink'
+        self:
+          $ref: '#/components/schemas/HrefObjectSelfLink'
+      readOnly: true
+    APIServiceIntegrationSecretLinks:
+      description: Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of an application using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. This object is used for dynamic discovery of related resources and lifecycle operations.
+      properties:
+        activate:
+          $ref: '#/components/schemas/HrefObjectActivateLink'
+        deactivate:
+          $ref: '#/components/schemas/HrefObjectDeactivateLink'
+        delete:
+          $ref: '#/components/schemas/HrefObjectDeleteLink'
+      readOnly: true
+    APNSConfiguration:
+      properties:
+        fileName:
+          type: string
+          description: (Optional) File name for Admin Console display
+        keyId:
+          type: string
+          description: 10-character Key ID obtained from the Apple developer account
+        teamId:
+          type: string
+          description: 10-character Team ID used to develop the iOS app
+        tokenSigningKey:
+          type: string
+          description: APNs private authentication token signing key
+          writeOnly: true
+    APNSPushProvider:
+      allOf:
+        - $ref: '#/components/schemas/PushProvider'
+        - type: object
+          properties:
+            configuration:
+              $ref: '#/components/schemas/APNSConfiguration'
+    AccessPolicy:
+      allOf:
+        - $ref: '#/components/schemas/Policy'
+        - type: object
+          properties:
+            conditions:
+              $ref: '#/components/schemas/PolicyRuleConditions'
+    AccessPolicyConstraint:
+      type: object
+      properties:
+        methods:
+          description: The Authenticator methods that are permitted
+          items:
+            type: string
+            enum:
+              - PASSWORD
+              - SECURITY_QUESTION
+              - SMS
+              - VOICE
+              - EMAIL
+              - PUSH
+              - SIGNED_NONCE
+              - OTP
+              - TOTP
+              - WEBAUTHN
+              - DUO
+              - IDP
+              - CERT
+          type: array
+        reauthenticateIn:
+          description: The duration after which the user must re-authenticate regardless of user activity. This re-authentication interval overrides the Verification Method object's `reauthenticateIn` interval. The supported values use ISO 8601 period format for recurring time intervals (for example, `PT1H`).
+          type: string
+        types:
+          description: The Authenticator types that are permitted
+          items:
+            type: string
+            enum:
+              - SECURITY_KEY
+              - PHONE
+              - EMAIL
+              - PASSWORD
+              - SECURITY_QUESTION
+              - APP
+              - FEDERATED
+          type: array
+        authenticationMethods:
+          x-okta-lifecycle:
+            features:
+              - ASSURANCE_GRANULAR_AUTHENTICATOR_CONSTRAINTS
+          description: This property specifies the precise authenticator and method for authentication.
+          type: array
+          items:
+            $ref: '#/components/schemas/AuthenticationMethodObject'
+        excludedAuthenticationMethods:
+          x-okta-lifecycle:
+            features:
+              - ASSURANCE_GRANULAR_AUTHENTICATOR_CONSTRAINTS
+          description: This property specifies the precise authenticator and method to exclude from authentication.
+          items:
+            $ref: '#/components/schemas/AuthenticationMethodObject'
+        required:
+          x-okta-lifecycle:
+            features:
+              - ASSURANCE_GRANULAR_AUTHENTICATOR_CONSTRAINTS
+          description: This property indicates whether the knowledge or possession factor is required by the assurance. It's optional in the request, but is always returned in the response. By default, this field is `true`. If the knowledge or possession constraint has values for`excludedAuthenticationMethods` the `required` value is false.
+          type: boolean
+    AuthenticationMethodObject:
+      type: object
+      properties:
+        key:
+          type: string
+          description: A label that identifies the authenticator
+        method:
+          type: string
+          description: Specifies the method used for the authenticator
+    AccessPolicyConstraints:
+      type: object
+      properties:
+        knowledge:
+          $ref: '#/components/schemas/KnowledgeConstraint'
+        possession:
+          $ref: '#/components/schemas/PossessionConstraint'
+    AccessPolicyRule:
+      allOf:
+        - $ref: '#/components/schemas/PolicyRule'
+        - type: object
+          properties:
+            actions:
+              $ref: '#/components/schemas/AccessPolicyRuleActions'
+            conditions:
+              $ref: '#/components/schemas/AccessPolicyRuleConditions'
+    AccessPolicyRuleActions:
+      allOf:
+        - $ref: '#/components/schemas/PolicyRuleActions'
+        - type: object
+          properties:
+            appSignOn:
+              $ref: '#/components/schemas/AccessPolicyRuleApplicationSignOn'
+    AccessPolicyRuleApplicationSignOn:
+      type: object
+      properties:
+        access:
+          type: string
+        verificationMethod:
+          $ref: '#/components/schemas/VerificationMethod'
+    AccessPolicyRuleConditions:
+      allOf:
+        - $ref: '#/components/schemas/PolicyRuleConditions'
+        - type: object
+          properties:
+            device:
+              $ref: '#/components/schemas/DeviceAccessPolicyRuleCondition'
+            elCondition:
+              $ref: '#/components/schemas/AccessPolicyRuleCustomCondition'
+            userType:
+              $ref: '#/components/schemas/UserTypeCondition'
+    AccessPolicyRuleCustomCondition:
+      properties:
+        condition:
+          type: string
+    AcsEndpoint:
+      description: An array of ACS endpoints. You can configure a maximum of 100 endpoints.
+      type: object
+      properties:
+        index:
+          type: integer
+          description: Index of the URL in the array of ACS endpoints
+          example: 0
+        url:
+          type: string
+          description: URL of the ACS
+          maxLength: 1024
+          example: https://www.example.com/sso/saml
+      required:
+        - url
+        - index
+    ActivateFactorRequest:
+      type: object
+      properties:
+        attestation:
+          type: string
+        clientData:
+          type: string
+        passCode:
+          type: string
+        registrationData:
+          type: string
+        stateToken:
+          type: string
+    Agent:
+      description: Agent details
+      type: object
+      properties:
+        id:
+          type: string
+          readOnly: true
+        isHidden:
+          type: boolean
+        isLatestGAedVersion:
+          type: boolean
+        lastConnection:
+          type: string
+          format: date-time
+        name:
+          type: string
+        operationalStatus:
+          $ref: '#/components/schemas/OperationalStatus'
+        poolId:
+          type: string
+        type:
+          $ref: '#/components/schemas/AgentType'
+        updateMessage:
+          type: string
+        updateStatus:
+          $ref: '#/components/schemas/AgentUpdateInstanceStatus'
+        version:
+          type: string
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    AgentPool:
+      description: An AgentPool is a collection of agents that serve a common purpose. An AgentPool has a unique ID within an org, and contains a collection of agents disjoint to every other AgentPool (i.e. no two AgentPools share an Agent).
+      type: object
+      properties:
+        agents:
+          type: array
+          items:
+            $ref: '#/components/schemas/Agent'
+        id:
+          type: string
+          readOnly: true
+        name:
+          type: string
+        operationalStatus:
+          $ref: '#/components/schemas/OperationalStatus'
+        type:
+          $ref: '#/components/schemas/AgentType'
+    AgentPoolUpdate:
+      description: Various information about agent auto update configuration
+      type: object
+      properties:
+        agents:
+          type: array
+          items:
+            $ref: '#/components/schemas/Agent'
+        agentType:
+          $ref: '#/components/schemas/AgentType'
+        enabled:
+          type: boolean
+        id:
+          type: string
+          readOnly: true
+        name:
+          type: string
+        notifyAdmin:
+          type: boolean
+        reason:
+          type: string
+        schedule:
+          $ref: '#/components/schemas/AutoUpdateSchedule'
+        sortOrder:
+          type: integer
+        status:
+          $ref: '#/components/schemas/AgentUpdateJobStatus'
+        targetVersion:
+          type: string
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    AgentPoolUpdateSetting:
+      description: Setting for auto-update
+      type: object
+      properties:
+        agentType:
+          $ref: '#/components/schemas/AgentType'
+        continueOnError:
+          type: boolean
+        latestVersion:
+          type: string
+        minimalSupportedVersion:
+          type: string
+        poolId:
+          type: string
+          readOnly: true
+        poolName:
+          type: string
+        releaseChannel:
+          $ref: '#/components/schemas/ReleaseChannel'
+    AgentType:
+      description: Agent types that are being monitored
+      type: string
+      enum:
+        - AD
+        - IWA
+        - LDAP
+        - MFA
+        - OPP
+        - RUM
+        - Radius
+    AgentUpdateInstanceStatus:
+      description: Status for one agent regarding the status to auto-update that agent
+      type: string
+      enum:
+        - Cancelled
+        - Failed
+        - InProgress
+        - PendingCompletion
+        - Scheduled
+        - Success
+    AgentUpdateJobStatus:
+      description: Overall state for the auto-update job from admin perspective
+      type: string
+      enum:
+        - Cancelled
+        - Failed
+        - InProgress
+        - Paused
+        - Scheduled
+        - Success
+    AllowedForEnum:
+      type: string
+      enum:
+        - any
+        - none
+        - recovery
+        - sso
+    ApiToken:
+      title: API Token
+      description: An API token for an Okta User. This token is NOT scoped any further and can be used for any API the user has permissions to call.
+      type: object
+      properties:
+        clientName:
+          type: string
+          readOnly: true
+        created:
+          type: string
+          format: date-time
+          readOnly: true
+        expiresAt:
+          type: string
+          format: date-time
+          readOnly: true
+        id:
+          type: string
+          readOnly: true
+        lastUpdated:
+          type: string
+          format: date-time
+          readOnly: true
+        name:
+          type: string
+        tokenWindow:
+          $ref: '#/components/schemas/TimeDuration'
+        userId:
+          type: string
+        _link:
+          $ref: '#/components/schemas/LinksSelf'
+      required:
+        - name
+    AppAndInstanceConditionEvaluatorAppOrInstance:
+      type: object
+      properties:
+        id:
+          type: string
+          description: ID of the app
+          readOnly: false
+        name:
+          type: string
+          description: Name of the app type
+        type:
+          $ref: '#/components/schemas/AppAndInstanceType'
+    AppAndInstancePolicyRuleCondition:
+      type: object
+      properties:
+        exclude:
+          type: array
+          items:
+            $ref: '#/components/schemas/AppAndInstanceConditionEvaluatorAppOrInstance'
+        include:
+          type: array
+          items:
+            $ref: '#/components/schemas/AppAndInstanceConditionEvaluatorAppOrInstance'
+    AppAndInstanceType:
+      type: string
+      enum:
+        - APP
+        - APP_TYPE
+    AppInstancePolicyRuleCondition:
+      type: object
+      properties:
+        exclude:
+          type: array
+          items:
+            type: string
+        include:
+          type: array
+          items:
+            type: string
+    AppLink:
+      type: object
+      properties:
+        appAssignmentId:
+          type: string
+          readOnly: true
+        appInstanceId:
+          type: string
+          readOnly: true
+        appName:
+          type: string
+          readOnly: true
+        credentialsSetup:
+          type: boolean
+          readOnly: true
+        hidden:
+          type: boolean
+          readOnly: true
+        id:
+          type: string
+          readOnly: true
+        label:
+          type: string
+          readOnly: true
+        linkUrl:
+          type: string
+          readOnly: true
+        logoUrl:
+          type: string
+          readOnly: true
+        sortOrder:
+          type: integer
+          readOnly: true
+    AppUser:
+      title: Application User
+      description: The App User object defines a user's app-specific profile and credentials for an app.
+      type: object
+      properties:
+        created:
+          type: string
+          description: Timestamp when the App User object was created
+          format: date-time
+          readOnly: true
+          example: '2014-06-24T15:27:59.000Z'
+        credentials:
+          $ref: '#/components/schemas/AppUserCredentials'
+        externalId:
+          type: string
+          description: |-
+            The ID of the user in the target app that's linked to the Okta App User object.
+            This value is the native app-specific identifier or primary key for the user in the target app.
+
+            The `externalId` is set during import when the user is confirmed (reconciled) or during provisioning when the user has been successfully created in the target app.
+            This value isn't populated for SSO app assignments (for example, SAML or SWA) because it isn't synchronized with a target app.
+          readOnly: true
+          example: 70c14cc17d3745e8a9f98d599a68329c
+        id:
+          type: string
+          description: Unique identifier of the App User object (only required for apps with `signOnMode` or authentication schemes that don't require credentials)
+          example: 00u11z6WHMYCGPCHCRFK
+        lastSync:
+          type: string
+          description: Timestamp of the last synchronization operation. This value is only updated for apps with the `IMPORT_PROFILE_UPDATES` or `PUSH PROFILE_UPDATES` feature.
+          format: date-time
+          readOnly: true
+          example: '2014-06-24T15:27:59.000Z'
+        lastUpdated:
+          type: string
+          description: Timestamp when App User was last updated
+          format: date-time
+          readOnly: true
+          example: '2014-06-24T15:28:14.000Z'
+        passwordChanged:
+          type: string
+          description: Timestamp when the App User password was last changed
+          format: date-time
+          readOnly: true
+          nullable: true
+          example: '2014-06-24T15:27:59.000Z'
+        profile:
+          $ref: '#/components/schemas/AppUserProfile'
+        scope:
+          type: string
+          description: Toggles the assignment between user or group scope
+          enum:
+            - USER
+            - GROUP
+          example: USER
+        status:
+          $ref: '#/components/schemas/AppUserStatus'
+        statusChanged:
+          type: string
+          description: Timestamp when the App User status was last changed
+          format: date-time
+          readOnly: true
+          example: '2014-06-24T15:28:14.000Z'
+        syncState:
+          $ref: '#/components/schemas/AppUserSyncState'
+        _embedded:
+          type: object
+          description: Embedded resources related to the App User using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification
+          additionalProperties:
+            type: object
+            properties: {}
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/LinksAppAndUser'
+      required:
+        - created
+        - lastUpdated
+        - scope
+        - status
+        - statusChanged
+        - _links
+    AppUserCredentials:
+      description: Specifies a user's credentials for the app. The authentication scheme of the app determines whether a username or password can be assigned to a user.
+      type: object
+      properties:
+        password:
+          $ref: '#/components/schemas/AppUserPasswordCredential'
+        userName:
+          type: string
+          description: Username for the app
+          minLength: 1
+          maxLength: 100
+          example: testuser
+    AppUserPasswordCredential:
+      description: Specifies a password for a user. This is a write-only property. An empty `password` object is returned to indicate that a password value exists.
+      type: object
+      properties:
+        value:
+          description: Password value
+          type: string
+          format: password
+          writeOnly: true
+    AppUserProfile:
+      description: |-
+        App user profiles are app-specific and can be customized by the Profile Editor in the Admin Console.
+        SSO apps typically don't support app user profiles, while apps with user provisioning features have app-specific profiles.
+        Properties that are visible in the Admin Console for an app assignment can also be assigned through the API.
+        Some properties are reference properties that are imported from the target app and can't be configured.
+      additionalProperties:
+        type: object
+        properties: {}
+      type: object
+    AppUserStatus:
+      description: Status of an App User
+      example: ACTIVE
+      type: string
+      enum:
+        - ACTIVE
+        - APPROVED
+        - DEPROVISIONED
+        - IMPLICIT
+        - IMPORTED
+        - INACTIVE
+        - MATCHED
+        - PENDING
+        - PROVISIONED
+        - REVOKED
+        - STAGED
+        - SUSPENDED
+        - UNASSIGNED
+      x-enumDescriptions:
+        ACTIVE: The App User is provisioned and is enabled to use the app. This status also occurs if the app has the `IMPORT_PROFILE_UPDATES` feature enabled and user import is confirmed, or if the app doesn't have provisioning enabled.
+        INACTIVE: The App User is provisioned, but isn't enabled to use the app. App Users in this status can be reactivated with a password reset or permanently deleted.
+        IMPORTED: The App User is created based on imported data.
+        MATCHED: The imported user is matched with an existing App User.
+        UNASSIGNED: The App User was imported, but the user-matching operation was skipped.
+        SUSPENDED: The App User is provisioned, but isn't enabled to use the app. App Users in this status can be reactivated without a password reset.
+        PENDING: The App User is provisioned, but in a pending state and can't use the app. The status moves to `ACTIVE` when the App User is activated.
+        APPROVED: The App User was created but not provisioned. This status can occur when manual provisioning acknowledgment is required.
+        REVOKED: The App User is disabled and waiting for deprovisioning acknowledgment. The App User can be deleted after deprovisioning acknowledgment.
+        IMPLICIT: The App User is now migrated to use implicit app assignment.
+        STAGED: The App User doesn't have `externalId` set and the background provisioning operation is queued. This applies to apps with the `PUSH_NEW_USERS` feature enabled.
+        PROVISIONED: The background provisioning operation completed and the App User was assigned an `externalId` successfully.
+        DEPROVISIONED: The user was removed by the provisioning operation and the `externalId` property is unassigned.
+      readOnly: true
+    AppUserSyncState:
+      description: |-
+        The synchronization state for the App User.
+        The App User's `syncState` depends on whether the `PROFILE_MASTERING` feature is enabled for the app.
+
+        > **Note:** User provisioning currently must be configured through the Admin Console.
+      example: SYNCHRONIZED
+      type: string
+      enum:
+        - DISABLED
+        - ERROR
+        - OUT_OF_SYNC
+        - SYNCHRONIZED
+        - SYNCING
+      x-enumDescriptions:
+        DISABLED: The provisioning feature is disabled for the app (`PROFILE_MASTERING` feature is disabled).
+        OUT_OF_SYNC: The App User has changes that haven't been pushed to the target app.
+        SYNCING: A background provisioning operation is running to update the user's profile in the target app.
+        SYNCHRONIZED: All changes to the App User profile have successfully been synchronized with the target app.
+        ERROR: A background provisioning operation failed to update the user's profile in the target app. You must resolve the provisioning task in the Admin Console before you retry the operation.
+      readOnly: true
+    Application:
+      type: object
+      properties:
+        accessibility:
+          $ref: '#/components/schemas/ApplicationAccessibility'
+        created:
+          type: string
+          format: date-time
+          readOnly: true
+        features:
+          type: array
+          items:
+            type: string
+        id:
+          type: string
+          readOnly: true
+        label:
+          $ref: '#/components/schemas/ApplicationLabel'
+        lastUpdated:
+          type: string
+          format: date-time
+          readOnly: true
+        licensing:
+          $ref: '#/components/schemas/ApplicationLicensing'
+        profile:
+          type: object
+          additionalProperties:
+            type: object
+            properties: {}
+        signOnMode:
+          $ref: '#/components/schemas/ApplicationSignOnMode'
+        status:
+          $ref: '#/components/schemas/ApplicationLifecycleStatus'
+        visibility:
+          $ref: '#/components/schemas/ApplicationVisibility'
+        _embedded:
+          type: object
+          additionalProperties:
+            type: object
+            properties: {}
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/ApplicationLinks'
+      discriminator:
+        propertyName: signOnMode
+        mapping:
+          AUTO_LOGIN: '#/components/schemas/AutoLoginApplication'
+          BASIC_AUTH: '#/components/schemas/BasicAuthApplication'
+          BOOKMARK: '#/components/schemas/BookmarkApplication'
+          BROWSER_PLUGIN: '#/components/schemas/BrowserPluginApplication'
+          OPENID_CONNECT: '#/components/schemas/OpenIdConnectApplication'
+          SAML_1_1: '#/components/schemas/SamlApplication'
+          SAML_2_0: '#/components/schemas/SamlApplication'
+          SECURE_PASSWORD_STORE: '#/components/schemas/SecurePasswordStoreApplication'
+          WS_FEDERATION: '#/components/schemas/WsFederationApplication'
+    ApplicationAccessibility:
+      type: object
+      properties:
+        errorRedirectUrl:
+          type: string
+        loginRedirectUrl:
+          type: string
+        selfService:
+          type: boolean
+    ApplicationCredentials:
+      type: object
+      properties:
+        signing:
+          $ref: '#/components/schemas/ApplicationCredentialsSigning'
+        userNameTemplate:
+          $ref: '#/components/schemas/ApplicationCredentialsUsernameTemplate'
+    ApplicationCredentialsOAuthClient:
+      type: object
+      properties:
+        autoKeyRotation:
+          type: boolean
+        client_id:
+          type: string
+        client_secret:
+          type: string
+        token_endpoint_auth_method:
+          $ref: '#/components/schemas/OAuthEndpointAuthenticationMethod'
+    ApplicationCredentialsScheme:
+      type: string
+      enum:
+        - ADMIN_SETS_CREDENTIALS
+        - EDIT_PASSWORD_ONLY
+        - EDIT_USERNAME_AND_PASSWORD
+        - EXTERNAL_PASSWORD_SYNC
+        - SHARED_USERNAME_AND_PASSWORD
+    ApplicationCredentialsSigning:
+      type: object
+      properties:
+        kid:
+          type: string
+        lastRotated:
+          type: string
+          format: date-time
+          readOnly: true
+        nextRotation:
+          type: string
+          format: date-time
+          readOnly: true
+        rotationMode:
+          type: string
+        use:
+          $ref: '#/components/schemas/ApplicationCredentialsSigningUse'
+    ApplicationCredentialsSigningUse:
+      type: string
+      enum:
+        - sig
+    ApplicationCredentialsUsernameTemplate:
+      type: object
+      properties:
+        pushStatus:
+          type: string
+        template:
+          type: string
+        type:
+          type: string
+        userSuffix:
+          type: string
+    ApplicationFeature:
+      description: |
+        The Feature object is used to configure application feature settings.
+
+        The only feature currently supported is `USER_PROVISIONING` for the Org2Org application type.
+      type: object
+      properties:
+        capabilities:
+          allOf:
+            - $ref: '#/components/schemas/CapabilitiesObject'
+        description:
+          type: string
+          description: Description of the feature
+          example: Settings for provisioning users from Okta to a downstream application
+          readOnly: true
+        name:
+          type: string
+          description: Identifying name of the feature
+          readOnly: true
+          example: USER_PROVISIONING
+          enum:
+            - USER_PROVISIONING
+          x-enumDescriptions:
+            USER_PROVISIONING: Represents the **To App** provisioning feature setting in the Admin Console
+        status:
+          allOf:
+            - $ref: '#/components/schemas/EnabledStatus'
+            - default: DISABLED
+            - example: ENABLED
+            - readOnly: true
+        _links:
+          allOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - readOnly: true
+    ApplicationGroupAssignment:
+      type: object
+      properties:
+        id:
+          type: string
+          readOnly: true
+        lastUpdated:
+          type: string
+          format: date-time
+          readOnly: true
+        priority:
+          type: integer
+        profile:
+          type: object
+          additionalProperties:
+            type: object
+            properties: {}
+        _embedded:
+          type: object
+          additionalProperties:
+            type: object
+            properties: {}
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    ApplicationLabel:
+      type: string
+    ApplicationLayout:
+      type: object
+      properties:
+        elements:
+          type: array
+          items:
+            type: object
+            additionalProperties: {}
+        label:
+          type: string
+        options:
+          type: object
+          additionalProperties: {}
+        rule:
+          type: object
+          properties:
+            effect:
+              type: string
+            condition:
+              $ref: '#/components/schemas/ApplicationLayoutRuleCondition'
+        scope:
+          type: string
+        type:
+          type: string
+    ApplicationLayoutRuleCondition:
+      type: object
+      properties:
+        schema:
+          type: object
+          additionalProperties: {}
+        scope:
+          type: string
+    ApplicationLayouts:
+      type: object
+      properties:
+        _links:
+          type: object
+          properties:
+            general:
+              $ref: '#/components/schemas/ApplicationLayoutsLinksItem'
+            signOn:
+              $ref: '#/components/schemas/ApplicationLayoutsLinksItem'
+            provisioning:
+              $ref: '#/components/schemas/ApplicationLayoutsLinksItem'
+          readOnly: true
+    ApplicationLayoutsLinksItem:
+      items:
+        $ref: '#/components/schemas/HrefObject'
+      type: array
+    ApplicationLicensing:
+      type: object
+      properties:
+        seatCount:
+          type: integer
+    ApplicationLifecycleStatus:
+      type: string
+      enum:
+        - ACTIVE
+        - DELETED
+        - INACTIVE
+      readOnly: true
+    ApplicationLinks:
+      properties:
+        accessPolicy:
+          $ref: '#/components/schemas/HrefObject'
+        activate:
+          $ref: '#/components/schemas/HrefObjectActivateLink'
+        deactivate:
+          $ref: '#/components/schemas/HrefObjectDeactivateLink'
+        groups:
+          $ref: '#/components/schemas/HrefObject'
+        logo:
+          type: array
+          items:
+            $ref: '#/components/schemas/HrefObject'
+        metadata:
+          $ref: '#/components/schemas/HrefObject'
+        self:
+          $ref: '#/components/schemas/HrefObjectSelfLink'
+        users:
+          $ref: '#/components/schemas/HrefObject'
+    ApplicationSettings:
+      type: object
+      properties:
+        identityStoreId:
+          type: string
+        implicitAssignment:
+          type: boolean
+        inlineHookId:
+          type: string
+        notes:
+          $ref: '#/components/schemas/ApplicationSettingsNotes'
+        notifications:
+          $ref: '#/components/schemas/ApplicationSettingsNotifications'
+    ApplicationSettingsNotes:
+      type: object
+      properties:
+        admin:
+          type: string
+        enduser:
+          type: string
+    ApplicationSettingsNotifications:
+      type: object
+      properties:
+        vpn:
+          $ref: '#/components/schemas/ApplicationSettingsNotificationsVpn'
+    ApplicationSettingsNotificationsVpn:
+      type: object
+      properties:
+        helpUrl:
+          type: string
+        message:
+          type: string
+        network:
+          $ref: '#/components/schemas/ApplicationSettingsNotificationsVpnNetwork'
+    ApplicationSettingsNotificationsVpnNetwork:
+      type: object
+      properties:
+        connection:
+          type: string
+        exclude:
+          type: array
+          items:
+            type: string
+        include:
+          type: array
+          items:
+            type: string
+    ApplicationSignOnMode:
+      type: string
+      enum:
+        - AUTO_LOGIN
+        - BASIC_AUTH
+        - BOOKMARK
+        - BROWSER_PLUGIN
+        - OPENID_CONNECT
+        - SAML_1_1
+        - SAML_2_0
+        - SECURE_PASSWORD_STORE
+        - WS_FEDERATION
+    ApplicationVisibility:
+      type: object
+      properties:
+        appLinks:
+          type: object
+          additionalProperties:
+            type: boolean
+        autoLaunch:
+          type: boolean
+        autoSubmitToolbar:
+          type: boolean
+        hide:
+          $ref: '#/components/schemas/ApplicationVisibilityHide'
+    ApplicationVisibilityHide:
+      type: object
+      properties:
+        iOS:
+          type: boolean
+        web:
+          type: boolean
+    AssignGroupOwnerRequestBody:
+      type: object
+      properties:
+        id:
+          description: The `id` of the group owner
+          type: string
+        type:
+          $ref: '#/components/schemas/GroupOwnerType'
+    AssignRoleRequest:
+      type: object
+      properties:
+        type:
+          $ref: '#/components/schemas/RoleType'
+    AssociatedServerMediated:
+      type: object
+      properties:
+        trusted:
+          type: array
+          description: A list of the authorization server IDs
+          items:
+            type: string
+    AuthenticationProvider:
+      type: object
+      properties:
+        name:
+          type: string
+        type:
+          $ref: '#/components/schemas/AuthenticationProviderType'
+    AuthenticationProviderType:
+      type: string
+      enum:
+        - ACTIVE_DIRECTORY
+        - FEDERATION
+        - IMPORT
+        - LDAP
+        - OKTA
+        - SOCIAL
+    Authenticator:
+      type: object
+      properties:
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        id:
+          readOnly: true
+          type: string
+        key:
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        name:
+          type: string
+        provider:
+          $ref: '#/components/schemas/AuthenticatorProvider'
+        settings:
+          $ref: '#/components/schemas/AuthenticatorSettings'
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+        type:
+          $ref: '#/components/schemas/AuthenticatorType'
+        _links:
+          $ref: '#/components/schemas/AuthenticatorLinks'
+    AuthenticatorIdentity:
+      description: Represents a particular authenticator serving as a constraint on a method
+      type: object
+      properties:
+        key:
+          type: string
+    AuthenticatorLinks:
+      allOf:
+        - $ref: '#/components/schemas/LinksSelfAndLifecycle'
+        - type: object
+          properties:
+            methods:
+              description: Link to Authenticator methods
+              allOf:
+                - $ref: '#/components/schemas/HrefObject'
+    AuthenticatorMethodAlgorithm:
+      description: The encryption algorithm for this authenticator method
+      type: string
+      enum:
+        - ES256
+        - RS256
+    AuthenticatorMethodBase:
+      type: object
+      properties:
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+        type:
+          $ref: '#/components/schemas/AuthenticatorMethodType'
+        _links:
+          $ref: '#/components/schemas/LinksSelfAndLifecycle'
+      discriminator:
+        propertyName: type
+        mapping:
+          sms: '#/components/schemas/AuthenticatorMethodSimple'
+          voice: '#/components/schemas/AuthenticatorMethodSimple'
+          email: '#/components/schemas/AuthenticatorMethodSimple'
+          push: '#/components/schemas/AuthenticatorMethodPush'
+          signed_nonce: '#/components/schemas/AuthenticatorMethodSignedNonce'
+          totp: '#/components/schemas/AuthenticatorMethodTotp'
+          otp: '#/components/schemas/AuthenticatorMethodOtp'
+          password: '#/components/schemas/AuthenticatorMethodSimple'
+          webauthn: '#/components/schemas/AuthenticatorMethodWebAuthn'
+          security_question: '#/components/schemas/AuthenticatorMethodSimple'
+          idp: '#/components/schemas/AuthenticatorMethodWithVerifiableProperties'
+          duo: '#/components/schemas/AuthenticatorMethodWithVerifiableProperties'
+          cert: '#/components/schemas/AuthenticatorMethodWithVerifiableProperties'
+    AuthenticatorMethodConstraint:
+      description: |-
+        Limits the authenticators that can be used for a given method. Currently, only the `otp` method supports constraints, and Google authenticator (key : 'google_otp') is the only allowed authenticator.
+      type: object
+      properties:
+        method:
+          enum:
+            - otp
+        allowedAuthenticators:
+          type: array
+          items:
+            $ref: '#/components/schemas/AuthenticatorIdentity'
+    AuthenticatorMethodOtp:
+      allOf:
+        - $ref: '#/components/schemas/AuthenticatorMethodWithVerifiableProperties'
+        - type: object
+          properties:
+            acceptableAdjacentIntervals:
+              type: integer
+              minimum: 0
+              maximum: 10
+            algorithm:
+              $ref: '#/components/schemas/OtpTotpAlgorithm'
+            encoding:
+              $ref: '#/components/schemas/OtpTotpEncoding'
+            factorProfileId:
+              type: string
+            passCodeLength:
+              type: integer
+              minimum: 6
+              maximum: 10
+              multipleOf: 2
+            protocol:
+              $ref: '#/components/schemas/OtpProtocol'
+            timeIntervalInSeconds:
+              type: integer
+    AuthenticatorMethodProperty:
+      type: string
+      enum:
+        - DEVICE_BOUND
+        - HARDWARE_PROTECTED
+        - PHISHING_RESISTANT
+        - USER_PRESENCE
+        - USER_VERIFYING
+    AuthenticatorMethodPush:
+      allOf:
+        - $ref: '#/components/schemas/AuthenticatorMethodBase'
+        - type: object
+          properties:
+            settings:
+              type: object
+              properties:
+                algorithms:
+                  type: array
+                  items:
+                    $ref: '#/components/schemas/AuthenticatorMethodAlgorithm'
+                keyProtection:
+                  $ref: '#/components/schemas/PushMethodKeyProtection'
+                transactionTypes:
+                  type: array
+                  items:
+                    $ref: '#/components/schemas/AuthenticatorMethodTransactionType'
+    AuthenticatorMethodSignedNonce:
+      allOf:
+        - $ref: '#/components/schemas/AuthenticatorMethodBase'
+        - type: object
+          properties:
+            settings:
+              type: object
+              properties:
+                algorithms:
+                  type: array
+                  items:
+                    $ref: '#/components/schemas/AuthenticatorMethodAlgorithm'
+                keyProtection:
+                  $ref: '#/components/schemas/PushMethodKeyProtection'
+                showSignInWithOV:
+                  $ref: '#/components/schemas/ShowSignInWithOV'
+    AuthenticatorMethodSimple:
+      allOf:
+        - $ref: '#/components/schemas/AuthenticatorMethodBase'
+    AuthenticatorMethodTotp:
+      allOf:
+        - $ref: '#/components/schemas/AuthenticatorMethodBase'
+        - type: object
+          properties:
+            settings:
+              type: object
+              properties:
+                timeIntervalInSeconds:
+                  type: integer
+                encoding:
+                  type: string
+                algorithm:
+                  type: string
+                passCodeLength:
+                  type: integer
+    AuthenticatorMethodTransactionType:
+      type: string
+      enum:
+        - CIBA
+        - LOGIN
+    AuthenticatorMethodType:
+      type: string
+      enum:
+        - cert
+        - duo
+        - email
+        - idp
+        - otp
+        - password
+        - push
+        - security_question
+        - signed_nonce
+        - sms
+        - totp
+        - voice
+        - webauthn
+    AuthenticatorMethodWebAuthn:
+      allOf:
+        - $ref: '#/components/schemas/AuthenticatorMethodBase'
+        - type: object
+          properties:
+            settings:
+              type: object
+              properties:
+                userVerification:
+                  $ref: '#/components/schemas/UserVerificationEnum'
+                attachment:
+                  $ref: '#/components/schemas/WebAuthnAttachment'
+    AuthenticatorMethodWithVerifiableProperties:
+      allOf:
+        - $ref: '#/components/schemas/AuthenticatorMethodBase'
+        - type: object
+          properties:
+            verifiableProperties:
+              type: array
+              items:
+                $ref: '#/components/schemas/AuthenticatorMethodProperty'
+    AuthenticatorProvider:
+      properties:
+        configuration:
+          $ref: '#/components/schemas/AuthenticatorProviderConfiguration'
+        type:
+          type: string
+    AuthenticatorProviderConfiguration:
+      properties:
+        authPort:
+          type: integer
+        hostName:
+          type: string
+        instanceId:
+          type: string
+        sharedSecret:
+          type: string
+        userNameTemplate:
+          $ref: '#/components/schemas/AuthenticatorProviderConfigurationUserNameTemplate'
+    AuthenticatorProviderConfigurationUserNameTemplate:
+      properties:
+        template:
+          type: string
+    AuthenticatorSettings:
+      type: object
+      properties:
+        allowedFor:
+          $ref: '#/components/schemas/AllowedForEnum'
+        appInstanceId:
+          type: string
+        channelBinding:
+          $ref: '#/components/schemas/ChannelBinding'
+        compliance:
+          $ref: '#/components/schemas/Compliance'
+        tokenLifetimeInMinutes:
+          type: integer
+        userVerification:
+          $ref: '#/components/schemas/UserVerificationEnum'
+    AuthenticatorType:
+      type: string
+      enum:
+        - app
+        - email
+        - federated
+        - password
+        - phone
+        - security_key
+        - security_question
+    AuthorizationServer:
+      type: object
+      properties:
+        audiences:
+          type: array
+          items:
+            type: string
+        created:
+          type: string
+          format: date-time
+          readOnly: true
+        credentials:
+          $ref: '#/components/schemas/AuthorizationServerCredentials'
+        description:
+          type: string
+        id:
+          type: string
+          readOnly: true
+        issuer:
+          type: string
+        issuerMode:
+          $ref: '#/components/schemas/IssuerMode'
+        lastUpdated:
+          type: string
+          format: date-time
+          readOnly: true
+        name:
+          type: string
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    AuthorizationServerCredentials:
+      type: object
+      properties:
+        signing:
+          $ref: '#/components/schemas/AuthorizationServerCredentialsSigningConfig'
+    AuthorizationServerCredentialsRotationMode:
+      type: string
+      enum:
+        - AUTO
+        - MANUAL
+    AuthorizationServerCredentialsSigningConfig:
+      type: object
+      properties:
+        kid:
+          type: string
+        lastRotated:
+          type: string
+          format: date-time
+          readOnly: true
+        nextRotation:
+          type: string
+          format: date-time
+          readOnly: true
+        rotationMode:
+          $ref: '#/components/schemas/AuthorizationServerCredentialsRotationMode'
+        use:
+          $ref: '#/components/schemas/AuthorizationServerCredentialsUse'
+    AuthorizationServerCredentialsUse:
+      type: string
+      enum:
+        - sig
+    AuthorizationServerPolicy:
+      allOf:
+        - $ref: '#/components/schemas/Policy'
+        - type: object
+          properties:
+            conditions:
+              $ref: '#/components/schemas/PolicyRuleConditions'
+    AuthorizationServerPolicyRule:
+      allOf:
+        - $ref: '#/components/schemas/PolicyRule'
+        - type: object
+          properties:
+            actions:
+              $ref: '#/components/schemas/AuthorizationServerPolicyRuleActions'
+            conditions:
+              $ref: '#/components/schemas/AuthorizationServerPolicyRuleConditions'
+    AuthorizationServerPolicyRuleActions:
+      allOf:
+        - $ref: '#/components/schemas/PolicyRuleActions'
+        - type: object
+          properties:
+            token:
+              $ref: '#/components/schemas/TokenAuthorizationServerPolicyRuleAction'
+    AuthorizationServerPolicyRuleConditions:
+      allOf:
+        - $ref: '#/components/schemas/PolicyRuleConditions'
+        - type: object
+          properties:
+            clients:
+              $ref: '#/components/schemas/ClientPolicyCondition'
+            grantTypes:
+              $ref: '#/components/schemas/GrantTypePolicyRuleCondition'
+            people:
+              $ref: '#/components/schemas/PolicyPeopleCondition'
+            scopes:
+              $ref: '#/components/schemas/OAuth2ScopesMediationPolicyRuleCondition'
+    AutoLoginApplication:
+      allOf:
+        - $ref: '#/components/schemas/Application'
+        - type: object
+          properties:
+            credentials:
+              $ref: '#/components/schemas/SchemeApplicationCredentials'
+            name:
+              type: string
+            settings:
+              $ref: '#/components/schemas/AutoLoginApplicationSettings'
+    AutoLoginApplicationSettings:
+      allOf:
+        - $ref: '#/components/schemas/ApplicationSettings'
+        - type: object
+          properties:
+            signOn:
+              $ref: '#/components/schemas/AutoLoginApplicationSettingsSignOn'
+    AutoLoginApplicationSettingsSignOn:
+      type: object
+      properties:
+        loginUrl:
+          type: string
+        redirectUrl:
+          type: string
+    AutoUpdateSchedule:
+      description: The schedule of auto-update configured by admin.
+      type: object
+      properties:
+        cron:
+          type: string
+        delay:
+          description: delay in days
+          type: integer
+        duration:
+          description: duration in minutes
+          type: integer
+        lastUpdated:
+          description: last time when the updated finished (success or failed, exclude cancelled), null if job haven't finished once yet.
+          type: string
+          format: date-time
+        timezone:
+          type: string
+    AwsAccountId:
+      description: Your AWS account ID
+      minLength: 12
+      maxLength: 12
+      example: 123456789012
+      type: string
+    AwsEventSourceName:
+      description: An alphanumeric name (no spaces) to identify this event source in AWS EventBridge
+      minLength: 1
+      maxLength: 75
+      example: your-event-source-name
+      type: string
+      pattern: ^[a-zA-Z0-9.\-_]$
+    AwsRegion:
+      description: The destination AWS region where your event source is located
+      type: string
+      enum:
+        - ap-northeast-1
+        - ap-northeast-2
+        - ap-northeast-3
+        - ap-south-1
+        - ap-southeast-1
+        - ap-southeast-2
+        - ca-central-1
+        - eu-central-1
+        - eu-north-1
+        - eu-west-1
+        - eu-west-2
+        - eu-west-3
+        - sa-east-1
+        - us-east-1
+        - us-east-2
+        - us-west-1
+        - us-west-2
+    BaseEmailDomain:
+      type: object
+      properties:
+        displayName:
+          type: string
+        userName:
+          type: string
+      required:
+        - displayName
+        - userName
+    BaseEmailServer:
+      type: object
+      properties:
+        alias:
+          type: string
+          description: A name to identify this configuration
+        enabled:
+          type: boolean
+          description: True if and only if all email traffic should be routed through this SMTP Server
+        host:
+          type: string
+          description: The address of the SMTP Server
+        port:
+          type: integer
+          description: The port number of the SMTP Server
+        username:
+          type: string
+          description: The username to use with your SMTP Server
+    BasicApplicationSettings:
+      allOf:
+        - $ref: '#/components/schemas/ApplicationSettings'
+        - type: object
+          properties:
+            app:
+              $ref: '#/components/schemas/BasicApplicationSettingsApplication'
+    BasicApplicationSettingsApplication:
+      type: object
+      properties:
+        authURL:
+          type: string
+        url:
+          type: string
+    BasicAuthApplication:
+      x-okta-defined-as:
+        name: template_basic_auth
+      allOf:
+        - $ref: '#/components/schemas/Application'
+        - type: object
+          properties:
+            credentials:
+              $ref: '#/components/schemas/SchemeApplicationCredentials'
+            name:
+              type: string
+              default: template_basic_auth
+            settings:
+              $ref: '#/components/schemas/BasicApplicationSettings'
+    BeforeScheduledActionPolicyRuleCondition:
+      type: object
+      properties:
+        duration:
+          $ref: '#/components/schemas/Duration'
+        lifecycleAction:
+          $ref: '#/components/schemas/ScheduledUserLifecycleAction'
+    BehaviorRule:
+      title: Behavior Detection Rule
+      type: object
+      properties:
+        created:
+          type: string
+          format: date-time
+          readOnly: true
+        id:
+          type: string
+          readOnly: true
+        lastUpdated:
+          type: string
+          format: date-time
+          readOnly: true
+        name:
+          type: string
+          maxLength: 128
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+        type:
+          $ref: '#/components/schemas/BehaviorRuleType'
+        _link:
+          $ref: '#/components/schemas/LinksSelf'
+      required:
+        - name
+        - type
+      discriminator:
+        propertyName: type
+        mapping:
+          ANOMALOUS_LOCATION: '#/components/schemas/BehaviorRuleAnomalousLocation'
+          ANOMALOUS_IP: '#/components/schemas/BehaviorRuleAnomalousIP'
+          ANOMALOUS_DEVICE: '#/components/schemas/BehaviorRuleAnomalousDevice'
+          VELOCITY: '#/components/schemas/BehaviorRuleVelocity'
+    BehaviorRuleAnomalousDevice:
+      allOf:
+        - $ref: '#/components/schemas/BehaviorRule'
+        - type: object
+          properties:
+            settings:
+              $ref: '#/components/schemas/BehaviorRuleSettingsAnomalousDevice'
+    BehaviorRuleAnomalousIP:
+      allOf:
+        - $ref: '#/components/schemas/BehaviorRule'
+        - type: object
+          properties:
+            settings:
+              $ref: '#/components/schemas/BehaviorRuleSettingsAnomalousIP'
+    BehaviorRuleAnomalousLocation:
+      allOf:
+        - $ref: '#/components/schemas/BehaviorRule'
+        - type: object
+          properties:
+            settings:
+              $ref: '#/components/schemas/BehaviorRuleSettingsAnomalousLocation'
+    BehaviorRuleSettings:
+      title: Behavior Detection Rule Settings
+      type: object
+    BehaviorRuleSettingsAnomalousDevice:
+      allOf:
+        - $ref: '#/components/schemas/BehaviorRuleSettingsHistoryBased'
+    BehaviorRuleSettingsAnomalousIP:
+      allOf:
+        - $ref: '#/components/schemas/BehaviorRuleSettingsHistoryBased'
+        - type: object
+          properties:
+            maxEventsUsedForEvaluation:
+              type: integer
+              minimum: 0
+              maximum: 100
+              default: 50
+    BehaviorRuleSettingsAnomalousLocation:
+      allOf:
+        - $ref: '#/components/schemas/BehaviorRuleSettingsHistoryBased'
+        - type: object
+          properties:
+            granularity:
+              $ref: '#/components/schemas/LocationGranularity'
+            radiusKilometers:
+              type: integer
+              description: Required when `granularity` is `LAT_LONG`. Radius from the provided coordinates in kilometers.
+          required:
+            - granularity
+    BehaviorRuleSettingsHistoryBased:
+      allOf:
+        - $ref: '#/components/schemas/BehaviorRuleSettings'
+        - title: Behavior Detection Rule Settings based on Event History
+          type: object
+          properties:
+            maxEventsUsedForEvaluation:
+              type: integer
+              minimum: 1
+              maximum: 100
+              default: 20
+            minEventsNeededForEvaluation:
+              type: integer
+              minimum: 0
+              maximum: 10
+              default: 0
+    BehaviorRuleSettingsVelocity:
+      allOf:
+        - $ref: '#/components/schemas/BehaviorRuleSettings'
+        - title: Behavior Detection Rule Settings based on device velocity in kilometers per hour.
+          type: object
+          properties:
+            velocityKph:
+              type: integer
+              minimum: 1
+              default: 805
+          required:
+            - velocityKph
+    BehaviorRuleType:
+      type: string
+      enum:
+        - ANOMALOUS_DEVICE
+        - ANOMALOUS_IP
+        - ANOMALOUS_LOCATION
+        - VELOCITY
+    BehaviorRuleVelocity:
+      allOf:
+        - $ref: '#/components/schemas/BehaviorRule'
+        - type: object
+          properties:
+            settings:
+              $ref: '#/components/schemas/BehaviorRuleSettingsVelocity'
+    BookmarkApplication:
+      x-okta-defined-as:
+        name: bookmark
+      allOf:
+        - $ref: '#/components/schemas/Application'
+        - type: object
+          properties:
+            credentials:
+              $ref: '#/components/schemas/ApplicationCredentials'
+            name:
+              type: string
+              default: bookmark
+            settings:
+              $ref: '#/components/schemas/BookmarkApplicationSettings'
+    BookmarkApplicationSettings:
+      allOf:
+        - $ref: '#/components/schemas/ApplicationSettings'
+        - type: object
+          properties:
+            app:
+              $ref: '#/components/schemas/BookmarkApplicationSettingsApplication'
+    BookmarkApplicationSettingsApplication:
+      type: object
+      properties:
+        requestIntegration:
+          type: boolean
+        url:
+          type: string
+    BouncesRemoveListError:
+      type: object
+      properties:
+        emailAddress:
+          type: string
+        reason:
+          type: string
+    BouncesRemoveListObj:
+      type: object
+      properties:
+        emailAddresses:
+          type: array
+          items:
+            type: string
+    BouncesRemoveListResult:
+      type: object
+      properties:
+        errors:
+          type: array
+          items:
+            $ref: '#/components/schemas/BouncesRemoveListError'
+    Brand:
+      type: object
+      properties:
+        agreeToCustomPrivacyPolicy:
+          type: boolean
+        customPrivacyPolicyUrl:
+          type: string
+        defaultApp:
+          $ref: '#/components/schemas/DefaultApp'
+        emailDomainId:
+          type: string
+        id:
+          readOnly: true
+          type: string
+        isDefault:
+          readOnly: true
+          type: boolean
+        locale:
+          $ref: '#/components/schemas/Language'
+        name:
+          type: string
+        removePoweredByOkta:
+          type: boolean
+    BrandDomains:
+      title: BrandDomains
+      items:
+        $ref: '#/components/schemas/DomainResponse'
+      type: array
+    BrandRequest:
+      type: object
+      properties:
+        agreeToCustomPrivacyPolicy:
+          type: boolean
+        customPrivacyPolicyUrl:
+          type: string
+        defaultApp:
+          $ref: '#/components/schemas/DefaultApp'
+        emailDomainId:
+          type: string
+        locale:
+          $ref: '#/components/schemas/Language'
+        name:
+          type: string
+        removePoweredByOkta:
+          type: boolean
+    BrandWithEmbedded:
+      allOf:
+        - $ref: '#/components/schemas/Brand'
+      type: object
+      properties:
+        _embedded:
+          type: object
+          properties:
+            themes:
+              type: array
+              items:
+                $ref: '#/components/schemas/ThemeResponse'
+            domains:
+              items:
+                $ref: '#/components/schemas/DomainResponse'
+              type: array
+            emailDomain:
+              $ref: '#/components/schemas/EmailDomainResponse'
+          readOnly: true
+        _links:
+          allOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - properties:
+                themes:
+                  $ref: '#/components/schemas/HrefObject'
+    BrowserPluginApplication:
+      allOf:
+        - $ref: '#/components/schemas/Application'
+        - type: object
+          properties:
+            credentials:
+              $ref: '#/components/schemas/SchemeApplicationCredentials'
+            name:
+              type: string
+            settings:
+              $ref: '#/components/schemas/SwaApplicationSettings'
+    BulkDeleteRequestBody:
+      type: object
+      properties:
+        entityType:
+          type: string
+          enum:
+            - USERS
+        profiles:
+          type: array
+          items:
+            $ref: '#/components/schemas/IdentitySourceUserProfileForDelete'
+    BulkUpsertRequestBody:
+      type: object
+      properties:
+        entityType:
+          type: string
+          enum:
+            - USERS
+        profiles:
+          type: array
+          items:
+            $ref: '#/components/schemas/IdentitySourceUserProfileForUpsert'
+    CAPTCHAInstance:
+      title: CAPTCHAInstance
+      description: ''
+      type: object
+      properties:
+        id:
+          description: The unique key for the CAPTCHA instance
+          type: string
+          readOnly: true
+        name:
+          description: The name of the CAPTCHA instance
+          type: string
+        secretKey:
+          description: The secret key issued from the CAPTCHA provider to perform server-side validation for a CAPTCHA token
+          type: string
+          writeOnly: true
+        siteKey:
+          description: The site key issued from the CAPTCHA provider to render a CAPTCHA on a page
+          type: string
+        type:
+          $ref: '#/components/schemas/CAPTCHAType'
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    CAPTCHAType:
+      description: The type of CAPTCHA provider
+      type: string
+      enum:
+        - HCAPTCHA
+        - RECAPTCHA_V2
+    CallUserFactor:
+      allOf:
+        - $ref: '#/components/schemas/UserFactor'
+        - type: object
+          properties:
+            profile:
+              $ref: '#/components/schemas/CallUserFactorProfile'
+    CallUserFactorProfile:
+      type: object
+      properties:
+        phoneExtension:
+          type: string
+        phoneNumber:
+          type: string
+    CapabilitiesCreateObject:
+      description: |
+        Determines whether Okta assigns a new application account to each user managed by Okta.
+
+        Okta doesn't create a new account if it detects that the username specified in Okta already exists in the application.
+        The user's Okta username is assigned by default.
+      type: object
+      properties:
+        lifecycleCreate:
+          $ref: '#/components/schemas/LifecycleCreateSettingObject'
+    CapabilitiesObject:
+      description: Defines the configurations related to an application feature
+      type: object
+      properties:
+        create:
+          $ref: '#/components/schemas/CapabilitiesCreateObject'
+        update:
+          $ref: '#/components/schemas/CapabilitiesUpdateObject'
+    CapabilitiesUpdateObject:
+      description: Determines whether updates to a user's profile are pushed to the application
+      type: object
+      properties:
+        lifecycleDeactivate:
+          $ref: '#/components/schemas/LifecycleDeactivateSettingObject'
+        password:
+          $ref: '#/components/schemas/PasswordSettingObject'
+        profile:
+          $ref: '#/components/schemas/ProfileSettingObject'
+    CatalogApplication:
+      type: object
+      properties:
+        category:
+          type: string
+        description:
+          type: string
+        displayName:
+          type: string
+        features:
+          type: array
+          items:
+            type: string
+        id:
+          type: string
+          readOnly: true
+        lastUpdated:
+          type: string
+          format: date-time
+          readOnly: true
+        name:
+          type: string
+        signOnModes:
+          type: array
+          items:
+            type: string
+        status:
+          $ref: '#/components/schemas/CatalogApplicationStatus'
+        verificationStatus:
+          type: string
+        website:
+          type: string
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    CatalogApplicationStatus:
+      type: string
+      enum:
+        - ACTIVE
+        - INACTIVE
+    ChangeEnum:
+      description: Determines whether a change in a user's password also updates the user's password in the application
+      default: KEEP_EXISTING
+      example: CHANGE
+      type: string
+      enum:
+        - CHANGE
+        - KEEP_EXISTING
+    ChangePasswordRequest:
+      type: object
+      properties:
+        newPassword:
+          $ref: '#/components/schemas/PasswordCredential'
+        oldPassword:
+          $ref: '#/components/schemas/PasswordCredential'
+        revokeSessions:
+          type: boolean
+    ChannelBinding:
+      type: object
+      properties:
+        required:
+          $ref: '#/components/schemas/RequiredEnum'
+        style:
+          type: string
+    ChromeBrowserVersion:
+      description: Current version of the Chrome Browser
+      type: object
+      properties:
+        minimum:
+          type: string
+    ClientPolicyCondition:
+      type: object
+      description: Specifies which clients are included in the Policy
+      properties:
+        include:
+          type: array
+          description: Which clients are included in the Policy
+          items:
+            type: string
+    Compliance:
+      type: object
+      properties:
+        fips:
+          $ref: '#/components/schemas/FipsEnum'
+    ContentSecurityPolicySetting:
+      type: object
+      properties:
+        mode:
+          type: string
+          enum:
+            - enforced
+            - report_only
+        reportUri:
+          type: string
+        srcList:
+          type: array
+          items:
+            type: string
+    ContextPolicyRuleCondition:
+      allOf:
+        - $ref: '#/components/schemas/DevicePolicyRuleCondition'
+        - type: object
+          properties:
+            expression:
+              type: string
+    CreateBrandRequest:
+      title: CreateBrandRequest
+      type: object
+      properties:
+        name:
+          type: string
+      required:
+        - name
+    CreateIamRoleRequest:
+      type: object
+      properties:
+        description:
+          type: string
+          description: Description of the role
+        label:
+          type: string
+          description: Unique label for the role
+        permissions:
+          type: array
+          description: Array of permissions that the role will grant. See [Permission Types](https://developer.okta.com/docs/concepts/role-assignment/#permission-types).
+          items:
+            $ref: '#/components/schemas/RolePermissionType'
+      required:
+        - label
+        - description
+        - permissions
+    CreateResourceSetRequest:
+      type: object
+      properties:
+        description:
+          type: string
+          description: Description of the Resource Set
+        label:
+          type: string
+          description: Unique label for the Resource Set
+        resources:
+          type: array
+          items:
+            type: string
+    CreateSessionRequest:
+      type: object
+      properties:
+        sessionToken:
+          type: string
+          description: The session token obtained during authentication
+    CreateUISchema:
+      description: The request body properties for the new UI Schema
+      type: object
+      properties:
+        uiSchema:
+          type: object
+          description: Updated schema property expressions (Okta object or App Instance object)
+          $ref: '#/components/schemas/UISchemaObject'
+    CreateUpdateIamRolePermissionRequest:
+      type: object
+      properties:
+        conditions:
+          $ref: '#/components/schemas/PermissionConditions'
+    CreateUserRequest:
+      type: object
+      properties:
+        credentials:
+          $ref: '#/components/schemas/UserCredentials'
+        groupIds:
+          type: array
+          items:
+            type: string
+        profile:
+          $ref: '#/components/schemas/UserProfile'
+        realmId:
+          type: string
+          description: The ID of the realm in which the user is residing
+          example: guo1bfiNtSnZYILxO0g4
+          x-okta-lifecycle:
+            features:
+              - UD_REALMS
+        type:
+          $ref: '#/components/schemas/UserType'
+      required:
+        - profile
+    Csr:
+      type: object
+      properties:
+        created:
+          type: string
+          format: date-time
+          readOnly: true
+        csr:
+          type: string
+          readOnly: true
+        id:
+          type: string
+          readOnly: true
+        kty:
+          type: string
+          readOnly: true
+    CsrMetadata:
+      type: object
+      properties:
+        subject:
+          $ref: '#/components/schemas/CsrMetadataSubject'
+        subjectAltNames:
+          $ref: '#/components/schemas/CsrMetadataSubjectAltNames'
+    CsrMetadataSubject:
+      type: object
+      properties:
+        commonName:
+          type: string
+        countryName:
+          type: string
+        localityName:
+          type: string
+        organizationalUnitName:
+          type: string
+        organizationName:
+          type: string
+        stateOrProvinceName:
+          type: string
+    CsrMetadataSubjectAltNames:
+      type: object
+      properties:
+        dnsNames:
+          type: array
+          items:
+            type: string
+    CustomHotpUserFactor:
+      allOf:
+        - $ref: '#/components/schemas/UserFactor'
+        - type: object
+          properties:
+            factorProfileId:
+              type: string
+            profile:
+              $ref: '#/components/schemas/CustomHotpUserFactorProfile'
+    CustomHotpUserFactorProfile:
+      type: object
+      properties:
+        sharedSecret:
+          type: string
+    CustomizablePage:
+      type: object
+      properties:
+        pageContent:
+          type: string
+    DNSRecord:
+      description: DNS TXT and CNAME records to be registered for the Domain
+      type: object
+      properties:
+        expiration:
+          description: DNS TXT record expiration
+          type: string
+        fqdn:
+          description: DNS record name
+          type: string
+          example: _oktaverification.login.example.com
+        recordType:
+          $ref: '#/components/schemas/DNSRecordType'
+        values:
+          description: DNS record value
+          type: array
+          items:
+            type: string
+          example:
+            - 79496f234c814638b1cc44f51a782781
+    DNSRecordType:
+      example: TXT
+      type: string
+      enum:
+        - CNAME
+        - TXT
+    DTCChromeOS:
+      description: Google Chrome Device Trust Connector provider
+      type: object
+      properties:
+        allowScreenLock:
+          description: Indicates whether the AllowScreenLock enterprise policy is enabled
+          type: boolean
+        browserVersion:
+          $ref: '#/components/schemas/ChromeBrowserVersion'
+        builtInDnsClientEnabled:
+          description: Indicates if a software stack is used to communicate with the DNS server
+          type: boolean
+        chromeRemoteDesktopAppBlocked:
+          description: Indicates whether access to the Chrome Remote Desktop application is blocked through a policy
+          type: boolean
+        deviceEnrollmentDomain:
+          description: Enrollment domain of the customer that is currently managing the device
+          type: string
+        diskEnrypted:
+          description: Indicates whether the main disk is encrypted
+          type: boolean
+        keyTrustLevel:
+          $ref: '#/components/schemas/KeyTrustLevelOSMode'
+        osFirewall:
+          description: Indicates whether a firewall is enabled at the OS-level on the device
+          type: boolean
+        osVersion:
+          $ref: '#/components/schemas/OSVersion'
+        passwordProtectionWarningTrigger:
+          $ref: '#/components/schemas/PasswordProtectionWarningTrigger'
+        realtimeUrlCheckMode:
+          description: Indicates whether enterprise-grade (custom) unsafe URL scanning is enabled
+          type: boolean
+        safeBrowsingProtectionLevel:
+          $ref: '#/components/schemas/SafeBrowsingProtectionLevel'
+        screenLockSecured:
+          description: Indicates whether the device is password-protected
+          type: boolean
+        siteIsolationEnabled:
+          description: Indicates whether the Site Isolation (also known as **Site Per Process**) setting is enabled
+          type: boolean
+    DTCMacOS:
+      description: Google Chrome Device Trust Connector provider
+      type: object
+      properties:
+        browserVersion:
+          $ref: '#/components/schemas/ChromeBrowserVersion'
+        builtInDnsClientEnabled:
+          description: Indicates if a software stack is used to communicate with the DNS server
+          type: boolean
+        chromeRemoteDesktopAppBlocked:
+          description: Indicates whether access to the Chrome Remote Desktop application is blocked through a policy
+          type: boolean
+        deviceEnrollmentDomain:
+          description: Enrollment domain of the customer that is currently managing the device
+          type: string
+        diskEnrypted:
+          description: Indicates whether the main disk is encrypted
+          type: boolean
+        keyTrustLevel:
+          $ref: '#/components/schemas/KeyTrustLevelBrowserKey'
+        osFirewall:
+          description: Indicates whether a firewall is enabled at the OS-level on the device
+          type: boolean
+        osVersion:
+          $ref: '#/components/schemas/OSVersion'
+        passwordProtectionWarningTrigger:
+          $ref: '#/components/schemas/PasswordProtectionWarningTrigger'
+        realtimeUrlCheckMode:
+          description: Indicates whether enterprise-grade (custom) unsafe URL scanning is enabled
+          type: boolean
+        safeBrowsingProtectionLevel:
+          $ref: '#/components/schemas/SafeBrowsingProtectionLevel'
+        screenLockSecured:
+          description: Indicates whether the device is password-protected
+          type: boolean
+        siteIsolationEnabled:
+          description: Indicates whether the Site Isolation (also known as **Site Per Process**) setting is enabled
+          type: boolean
+    DTCWindows:
+      description: Google Chrome Device Trust Connector provider
+      type: object
+      properties:
+        browserVersion:
+          $ref: '#/components/schemas/ChromeBrowserVersion'
+        builtInDnsClientEnabled:
+          description: Indicates if a software stack is used to communicate with the DNS server
+          type: boolean
+        chromeRemoteDesktopAppBlocked:
+          description: Indicates whether access to the Chrome Remote Desktop application is blocked through a policy
+          type: boolean
+        crowdStrikeAgentId:
+          description: Agent ID of an installed CrowdStrike agent
+          type: string
+        crowdStrikeCustomerId:
+          description: Customer ID of an installed CrowdStrike agent
+          type: string
+        deviceEnrollmentDomain:
+          description: Enrollment domain of the customer that is currently managing the device
+          type: string
+        diskEnrypted:
+          description: Indicates whether the main disk is encrypted
+          type: boolean
+        keyTrustLevel:
+          $ref: '#/components/schemas/KeyTrustLevelBrowserKey'
+        osFirewall:
+          description: Indicates whether a firewall is enabled at the OS-level on the device
+          type: boolean
+        osVersion:
+          $ref: '#/components/schemas/OSVersion'
+        passwordProtectionWarningTrigger:
+          $ref: '#/components/schemas/PasswordProtectionWarningTrigger'
+        realtimeUrlCheckMode:
+          description: Indicates whether enterprise-grade (custom) unsafe URL scanning is enabled
+          type: boolean
+        safeBrowsingProtectionLevel:
+          $ref: '#/components/schemas/SafeBrowsingProtectionLevel'
+        screenLockSecured:
+          description: Indicates whether the device is password-protected
+          type: boolean
+        secureBootEnabled:
+          description: Indicates whether the device's startup software has its Secure Boot feature enabled
+          type: boolean
+        siteIsolationEnabled:
+          description: Indicates whether the Site Isolation (also known as **Site Per Process**) setting is enabled
+          type: boolean
+        thirdPartyBlockingEnabled:
+          description: Indicates whether Chrome is blocking third-party software injection
+          type: boolean
+        windowsMachineDomain:
+          description: Windows domain that the current machine has joined
+          type: string
+        windowsUserDomain:
+          description: Windows domain for the current OS user
+          type: string
+    DefaultApp:
+      type: object
+      properties:
+        appInstanceId:
+          type: string
+        appLinkName:
+          type: string
+        classicApplicationUri:
+          type: string
+    Device:
+      type: object
+      properties:
+        created:
+          type: string
+          format: date-time
+          description: Timestamp when the device was created
+          readOnly: true
+        id:
+          type: string
+          description: Unique key for the device
+          readOnly: true
+        lastUpdated:
+          type: string
+          format: date-time
+          description: Timestamp when the device record was last updated. Updates occur when Okta collects and saves device signals during authentication, and when the lifecycle state of the device changes.
+          readOnly: true
+        profile:
+          $ref: '#/components/schemas/DeviceProfile'
+        resourceAlternateId:
+          type: string
+          readOnly: true
+        resourceDisplayName:
+          $ref: '#/components/schemas/DeviceDisplayName'
+        resourceId:
+          type: string
+          description: Alternate key for the `id`
+          readOnly: true
+        resourceType:
+          type: string
+          default: UDDevice
+          readOnly: true
+        status:
+          $ref: '#/components/schemas/DeviceStatus'
+        _links:
+          $ref: '#/components/schemas/LinksSelfAndFullUsersLifecycle'
+    DeviceAccessPolicyRuleCondition:
+      allOf:
+        - $ref: '#/components/schemas/DevicePolicyRuleCondition'
+        - type: object
+          properties:
+            managed:
+              type: boolean
+            registered:
+              type: boolean
+            assurance:
+              $ref: '#/components/schemas/DevicePolicyRuleConditionAssurance'
+    DevicePolicyRuleConditionAssurance:
+      type: object
+      properties:
+        include:
+          type: array
+          items:
+            type: string
+    DeviceAssurance:
+      title: DeviceAssurance
+      type: object
+      properties:
+        createdBy:
+          type: string
+          readOnly: true
+        createdDate:
+          type: string
+          readOnly: true
+        id:
+          type: string
+          readOnly: true
+        lastUpdatedBy:
+          type: string
+          readOnly: true
+        lastUpdatedDate:
+          type: string
+          readOnly: true
+        name:
+          type: string
+          description: Display name of the Device Assurance Policy
+        platform:
+          $ref: '#/components/schemas/Platform'
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+      discriminator:
+        propertyName: platform
+        mapping:
+          WINDOWS: '#/components/schemas/DeviceAssuranceWindowsPlatform'
+          MACOS: '#/components/schemas/DeviceAssuranceMacOSPlatform'
+          CHROMEOS: '#/components/schemas/DeviceAssuranceChromeOSPlatform'
+          IOS: '#/components/schemas/DeviceAssuranceIOSPlatform'
+          ANDROID: '#/components/schemas/DeviceAssuranceAndroidPlatform'
+    DeviceAssuranceAndroidPlatform:
+      allOf:
+        - $ref: '#/components/schemas/DeviceAssurance'
+        - type: object
+          properties:
+            diskEncryptionType:
+              type: object
+              properties:
+                include:
+                  type: array
+                  items:
+                    $ref: '#/components/schemas/DiskEncryptionType'
+            jailbreak:
+              type: boolean
+            osVersion:
+              $ref: '#/components/schemas/OSVersion'
+            screenLockType:
+              type: object
+              properties:
+                include:
+                  type: array
+                  items:
+                    $ref: '#/components/schemas/ScreenLockType'
+            secureHardwarePresent:
+              type: boolean
+    DeviceAssuranceChromeOSPlatform:
+      x-okta-lifecycle:
+        features:
+          - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+      allOf:
+        - $ref: '#/components/schemas/DeviceAssurance'
+        - type: object
+          properties:
+            thirdPartySignalProviders:
+              type: object
+              description: Settings for third-party signal providers (based on the `CHROMEOS` platform)
+              properties:
+                dtc:
+                  $ref: '#/components/schemas/DTCChromeOS'
+    DeviceAssuranceIOSPlatform:
+      allOf:
+        - $ref: '#/components/schemas/DeviceAssurance'
+        - type: object
+          properties:
+            diskEncryptionType:
+              type: object
+              properties:
+                include:
+                  type: array
+                  items:
+                    $ref: '#/components/schemas/DiskEncryptionType'
+            jailbreak:
+              type: boolean
+            osVersion:
+              $ref: '#/components/schemas/OSVersion'
+            screenLockType:
+              type: object
+              properties:
+                include:
+                  type: array
+                  items:
+                    $ref: '#/components/schemas/ScreenLockType'
+            secureHardwarePresent:
+              type: boolean
+    DeviceAssuranceMacOSPlatform:
+      allOf:
+        - $ref: '#/components/schemas/DeviceAssurance'
+        - type: object
+          properties:
+            diskEncryptionType:
+              type: object
+              properties:
+                include:
+                  type: array
+                  items:
+                    $ref: '#/components/schemas/DiskEncryptionType'
+            jailbreak:
+              type: boolean
+            osVersion:
+              $ref: '#/components/schemas/OSVersion'
+            screenLockType:
+              type: object
+              properties:
+                include:
+                  type: array
+                  items:
+                    $ref: '#/components/schemas/ScreenLockType'
+            secureHardwarePresent:
+              type: boolean
+            thirdPartySignalProviders:
+              x-okta-lifecycle:
+                features:
+                  - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+              type: object
+              description: Settings for third-party signal providers (based on the `MACOS` platform)
+              properties:
+                dtc:
+                  $ref: '#/components/schemas/DTCMacOS'
+    DeviceAssuranceWindowsPlatform:
+      allOf:
+        - $ref: '#/components/schemas/DeviceAssurance'
+        - type: object
+          properties:
+            diskEncryptionType:
+              type: object
+              properties:
+                include:
+                  type: array
+                  items:
+                    $ref: '#/components/schemas/DiskEncryptionType'
+            jailbreak:
+              type: boolean
+            osVersion:
+              $ref: '#/components/schemas/OSVersion'
+            screenLockType:
+              type: object
+              properties:
+                include:
+                  type: array
+                  items:
+                    $ref: '#/components/schemas/ScreenLockType'
+            secureHardwarePresent:
+              type: boolean
+            thirdPartySignalProviders:
+              x-okta-lifecycle:
+                features:
+                  - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+              type: object
+              description: Settings for third-party signal providers (based on the `WINDOWS` platform)
+              properties:
+                dtc:
+                  $ref: '#/components/schemas/DTCWindows'
+    DeviceDisplayName:
+      description: Display name of the device
+      type: object
+      properties:
+        sensitive:
+          type: boolean
+        value:
+          type: string
+    DevicePlatform:
+      description: OS platform of the device
+      type: string
+      enum:
+        - ANDROID
+        - IOS
+        - MACOS
+        - WINDOWS
+    DevicePolicyMDMFramework:
+      type: string
+      enum:
+        - AFW
+        - NATIVE
+        - SAFE
+    DevicePolicyPlatformType:
+      type: string
+      enum:
+        - ANDROID
+        - IOS
+        - OSX
+        - WINDOWS
+    DevicePolicyRuleCondition:
+      type: object
+      properties:
+        migrated:
+          type: boolean
+        platform:
+          $ref: '#/components/schemas/DevicePolicyRuleConditionPlatform'
+        rooted:
+          type: boolean
+        trustLevel:
+          $ref: '#/components/schemas/DevicePolicyTrustLevel'
+    DevicePolicyRuleConditionPlatform:
+      type: object
+      properties:
+        supportedMDMFrameworks:
+          type: array
+          items:
+            $ref: '#/components/schemas/DevicePolicyMDMFramework'
+        types:
+          type: array
+          items:
+            $ref: '#/components/schemas/DevicePolicyPlatformType'
+    DevicePolicyTrustLevel:
+      type: string
+      enum:
+        - ANY
+        - TRUSTED
+    DeviceProfile:
+      type: object
+      properties:
+        diskEncryptionType:
+          $ref: '#/components/schemas/DiskEncryptionTypeDef'
+        displayName:
+          type: string
+          description: Display name of the device
+          minLength: 1
+          maxLength: 255
+        imei:
+          type: string
+          description: International Mobile Equipment Identity (IMEI) of the device
+          minLength: 14
+          maxLength: 17
+        integrityJailbreak:
+          type: boolean
+          description: Indicates if the device is jailbroken or rooted. Only applicable to `IOS` and `ANDROID` platforms
+        manufacturer:
+          type: string
+          description: Name of the manufacturer of the device
+          maxLength: 127
+        meid:
+          type: string
+          description: Mobile equipment identifier of the device
+          maxLength: 14
+        model:
+          type: string
+          description: Model of the device
+          maxLength: 127
+        osVersion:
+          type: string
+          description: Version of the device OS
+          maxLength: 127
+        platform:
+          $ref: '#/components/schemas/DevicePlatform'
+        registered:
+          type: boolean
+          description: Indicates if the device is registered at Okta
+        secureHardwarePresent:
+          type: boolean
+          description: Indicates if the device contains a secure hardware functionality
+        serialNumber:
+          type: string
+          description: Serial number of the device
+          maxLength: 127
+        sid:
+          type: string
+          description: Windows Security identifier of the device
+          maxLength: 256
+        tpmPublicKeyHash:
+          type: string
+          description: Windows Trsted Platform Module hash value
+        udid:
+          type: string
+          description: macOS Unique Device identifier of the device
+          maxLength: 47
+      required:
+        - displayName
+        - platform
+        - registered
+    DeviceStatus:
+      description: The state object of the device
+      type: string
+      enum:
+        - ACTIVE
+        - DEACTIVATED
+        - SUSPENDED
+        - UNSUSPENDED
+      x-enumDescriptions:
+        ACTIVE: Use activated devices to create and delete Device user links
+        DEACTIVATED: Deactivation causes a Device to lose all device user links. Set the Device status to DEACTIVATED before deleting it.
+        SUSPENDED: Use suspended devices to create and delete device user links. You can only unsuspend or deactivate suspended devices.
+        UNSUSPENDED: Returns a suspended Device to ACTIVE.
+    DeviceUser:
+      type: object
+      properties:
+        created:
+          type: string
+          description: Timestamp when device was created
+        managementStatus:
+          type: string
+          description: The management status of the device
+          enum:
+            - MANAGED
+            - NOT_MANAGED
+          x-enumDescriptions:
+            MANAGED: The device has management software installed
+            NOT_MANAGED: The device doesn't have management software installed
+        screenLockType:
+          type: string
+          description: Screen lock type of the device
+          enum:
+            - NONE
+            - PASSCODE
+            - BIOMETRIC
+        user:
+          $ref: '#/components/schemas/User'
+    DigestAlgorithm:
+      type: string
+      enum:
+        - SHA256_HMAC
+        - SHA512_HMAC
+    DiskEncryptionType:
+      type: string
+      enum:
+        - ALL_INTERNAL_VOLUMES
+        - FULL
+        - USER
+    DiskEncryptionTypeDef:
+      description: |-
+        Type of encryption used on the device
+        > **Note:** The following values map to Disk Encryption ON: `FULL`, `USER`, `ALL_INTERNAL_VOLUMES`. All other values map to Disk Encryption OFF.
+      type: string
+      enum:
+        - ALL_INTERNAL_VOLUMES
+        - FULL
+        - NONE
+        - SYSTEM_VOLUME
+        - USER
+      x-enumDescriptions:
+        NONE: No encryption has been set.
+        FULL: Disk is fully encrypted. Only applicable to `IOS` and `ANDROID` platforms.
+        USER: Encryption key is tied to the user or profile. Only applicable to `ANDROID` platform.
+        ALL_INTERNAL_VOLUMES: All internal disks are encrypted. Only applicable to `WINDOWS` and `MACOS` platforms.
+        SYSTEM_VOLUME: Only the system volume is encrypted. Only applicable to `WINDOWS` and `MACOS` platforms.
+    DomainCertificate:
+      description: Defines the properties of the certificate
+      type: object
+      properties:
+        certificate:
+          description: Certificate content
+          type: string
+          example: '"-----BEGIN CERTIFICATE-----\nMIIFNzCCBB+gAwIBAgHTAAXomJWRama3ypu8TIxdA9wzMA0GCSqGSIb3DQEBCwUA\nMDIzCzAJCgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\nEwJSMzAeFw0yMTAyMTAwNTEzMDVaFw0yMTA1MTEwNTEzMDVaMCQxIjAgBgNVBAMT\nGWFuaXRhdGVzdC5zaWdtYW5ldGNvcnAudXMwggEiMA0GCSqGSIb3DQEBAQUAA4IB\nDwAwggEKAoIBAQC5cyk6x63iBJSWvtgsOBqIxfO8euPHcRnyWsL9dsvnbNyOnyvc\nqFWxdiW3sh2cItzYtoN1Zfgj5lWGOVXbHxP0VaNG9fHVX3+NHP6LFHQz92BzAYQm\npqi9zaP/aKJklk6LdPFbVLGhuZfm34+ijW9YsgLTKR2WTaZJK5QtamVVmP+VsSCl\na2ifFzjz2FCkMMEc/Y0zUyP+en/mbL71K+VnpZdlEC1s38EvjRTFKFZTKVw5wpWg\nCZQq/AZYj9RxR23IIuRcUJ8TQ2pyoc3kIXPWjiIarSgBlA8G9kCsxgzXP2RyLwKr\nIBIo+qyHweifpPYW28ipdSbPjiypAMdpbGLDAgMBAAGjggJTMIICTzAOBgNVHQ8B\nAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB\n/wQCMAAwHQYDVR0OBBYEFPVZKiovtIK4Av/IBUQeLUs29pT6MB8GA1UdIwQYMBaA\nFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcw\nAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMu\naS5sZW5jci5vcmcvMCQGA1UdEQQdMBuCGWFuaXRhdGVzdC5zaWdtYW5ldGNvcnAu\ndXMwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEF\nBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQC\nBIH0BIHxAO8AdgBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m9scOygAAAXeK\nkmOsAAAEAwBHMEUCIQDSudPEWXk969BT8yz3ag6BJWCMRU5tefEw9nXEQMsh5gIg\nUmfGIuUlcNNI5PydVIHj+zns+SR8P7zfd3FIxW4gK0QAdQD2XJQv0XcwIhRUGAgw\nlFaO400TGTO/3wwvIAvMTvFk4wAAAXeKkmOlAAAEAwBGMEQCIHQkr2qOGuInvonv\nW4vvdI61nraax5V6SC3E0D2JSO91AiBVhpX4BBafRAh36r7l8LrxAfxBM3CjBmAC\nq8fUrWfIWDANBgkqhkiG9w0BAQsFAAOCAQEAgGDMKXofKpDdv5kkID3s5GrKdzaj\njFmb/6kyqd1E6eGXZAewCP1EF5BVvR6lBP2aRXiZ6sJVZktoIfztZnbxBGgbPHfv\nR3iXIG6fxkklzR9Y8puPMBFadANE/QV78tIRAlyaqeSNsoxHi7ssQjHTP111B2lf\n3KmuTpsruut1UesEJcPReLk/1xTkRx262wAncach5Wp+6GWWduTZYJbsNFyrK1RP\nYQ0qYpP9wt2qR+DGaRUBG8i1XLnZS8pkyxtKhVw/a5Fowt+NqCpEBjjJiWJRSGnG\nNSgRtSXq11j8O4JONi8EXe7cEtvzUiLR5PL3itsK2svtrZ9jIwQ95wOPaA==\n-----END CERTIFICATE-----",'
+        certificateChain:
+          description: Certificate chain
+          type: string
+          example: '"-----BEGIN CERTIFICATE-----\nMIIFPjCCBCbjAwIBAgISA7RikMltj36DkLk1DUzjwfYBMA0GCSqGSIb3DQEBCwUA\nMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\nEwJSMzAeFw0yMTEwMTExOTQ3MjRaFw0yMjAxMDkxOTQ3MjNaMCgxJjAkBgNVBAMT\nHWFuaXRhdGVzdHJhaW4uc2lnbWFuZXRjb3JwLnVzMIIBIjANBgkqhkiG9w0BAQEF\nAAOCAQ8AMIIBCgKCAQEA40EsG7YrFlsH3XdZKirdKKOC7/cca5g9L4rwyA/PlfeU\nB7mJhbQI/a3yZbtY+GjHmedBx15aPtyq+NFZLOkiRCXx0k2zNIJB4yC6Jr/Yp8C2\nrXO6mrCcuqpX7SuDPBtrfdYcIg8G6m0wjj1V1p2/XR8G//CBe8I2XTaTpHsx/VC8\nMNOAA27aSbeX4Nz6TQ69rFuxRG+neUbcz2hQKwroCsCHi6iBmqRkg19Uh8315Cx2\nBUqY0JecpP42KMiktzIoSlqS9yZSuNQh1kP1tPwkEzbs/t3FrfCnnRx5RDr2pJpV\nnonL3sB3TVotS3nFgPNHCfp65O0Bg/3ZpU9IvUpcdQIDAQABo4ICVjCCAlIwDgYD\nVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV\nHRMBAf8EAjAAMB0GA1UdDgQWBBSzWt3Dvp71cKA2Z54ESjjyM4dp+jAfBgNVHSME\nGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYB\nBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDov\nL3IzLmkubGVuY3Iub3JnLzAoBgNVHREEITAfgh1hbml0YXRlc3RyYWluLnNpZ21h\nbmV0Y29ycC51czBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAo\nMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQIGCisG\nAQQB1nkCBAIEgfMEgfAA7gB1AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgia\nN9kTAAABfHEcLqAAAAQDAEYwRAIgMlyQ61FjuIKDfATjz0wfkskChD0csVe0TStq\nmC7NbLACICp3CYMvvDiWt1pr5pzCwTQO8F6v0/qNjmH4mjCutAgyAHUARqVV63X6\nkSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAF8cRwvRAAABAMARjBEAiAZd6Vn\n7MLXT7JeIxZrfbNARrf5oCM4UAVjjJeaUhB1MwIgSLW5cVAZvkiwbQW+vIutFjBz\na8cNb/i+nM7RxFW+JPgwDQYJKoZIhvcNAQELBQADggEBAIlHZiHIuOvYFteqpwvR\n0ElqinIpkYsfI+0O5FwHBXz7vMCPGtfdlcX5M10eW3aEBo9lR59mjDMsMufbTb60\nJuSnguelkUoq4WzqjZI+2uy/FTztI5GPpXmXW3IyzbqmCWQt7u8N607g1TYLBaLL\nrbFIhl+LbTJAa//mxI6bb4l/86j/kSjht6U0OIde7ylscb+3MHobbpIWJYp8Jr1D\nubm/0glL46ExnuLbIKojLhDBnG/wHVunB0rJxGh1vPvwD75O1nSIdxuNlVcGwws+\n7wsOyPA1s0VWzrMN1olLMyIPFCwPvfCm1E8Dje1AXMpmyDlqjEoQsoMUH//GKF0S\nTgM=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw\nTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\ncmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw\nWhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg\nRW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\nAoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP\nR5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx\nsxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm\nNHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg\nZ3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG\n/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC\nAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB\nAf8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA\nFHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw\nAoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw\nOi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB\ngt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W\nPTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl\nikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz\nCkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm\nlJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4\navAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2\nyJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O\nyK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids\nhCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+\nHlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv\nMldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX\nnLRbwHOoq7hHwg==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/\nMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\nDkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow\nTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\ncmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB\nAQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC\nov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL\nwYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D\nLtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK\n4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5\nbHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y\nsR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ\nXmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4\nFQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc\nSLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql\nPRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND\nTwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw\nSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1\nc3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx\n+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB\nATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu\nb3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E\nU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu\nMA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC\n5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW\n9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG\nWCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O\nhe8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC\nDfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5\n-----END CERTIFICATE-----"'
+        privateKey:
+          description: Certificate private key
+          type: string
+          example: '"-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0AAQEFAASCBKgwghSkAgEAAoIBAQC5cyk6y63iBJSW\nstgsOBqIxfO8euPHcRnyWsL9dsvnbNyOnyvcqFWxdiW3sh2cItzYtoN1Zfgj5lWG\nOVXbHxP0VaNG9fHVX3+NHP6LFHQz92BzAYQmpqi9zaP/aKJklk6LdPFbVLGhuZfm\n34+ijW9YsgLTKR2WTaZJK5QtamVVmP+VsSCla2ifFzjz2FCkMMEc/Y0zUyP+en/m\nbL71K+VnpZdlEC1s38EvjRTFKFZTKVw5wpWgCZQq/AZYj9RxR23IIuRcUJ8TQ2py\noc3kIXPWjiIarSgBlA8G9kCsxgzXP2RyLwKrIBIo+qyHweifpPYW28ipdSbPjiyp\nAMdpbGLDAgMBAAECggEAUXVfT91z6IqghhKwO8QtC5T/+fN06B8rCYSKj/FFoZL0\n0oTiLFuYwImoCadoUDQUE/Efj0rKE2LSgFHg/44IItQXE01m+5WmHmL1ADxsyoLH\nz9yDosKj7jNM7RyV8F8Bg0pL1hU+rU4rhhL/MaS0mx4eFYjC4UmcWBmXTdelSVJa\nkvXvQLT5y86bqh7tqMjM/kALTWRz5CgNJFk/ONA1yo5RTX9S7SIXimBgAvuGqP8i\nMPEhJou7U3DfzXVfvP8byqNdsZs6ZNhG3wXspl61mRyrY+51SOaNLA7Bkji7x4bH\nNw6mJI0IJTAP9oc1Z8fYeMuxT1bfuD7VOupSP0mAMQKBgQDk+KuyQkmPymeP/Wwu\nII4DUpleVzxTK9obMQQoCEEElbQ6+jTb+8ixP0bWLvBXg/rX734j7OWfn/bljWLH\nXLrSoqQZF1+XMVeY4g4wx9UuTK/D2n791zdOgQivxbIPdWL3a4ap86ar8uyMgJu8\nBLXfFBAOc+9myqUkbeO7wt0e6QKBgQDPV04jPtIJoMrggpQDNreGrANKOmsXWxj4\nOHW13QNdJ2KGQpoTdoqQ8ZmlxuA8Bf2RjHsnB2kgGVTVQR74zRib4MByhvsdhvVm\nF2LNsJoIDfqtv3c+oj13VonRUGuzUeJpwT/snyaL+jQ/ZZcYz0jDgDhIODTcFYj8\nDMSD5SHgywKBgHH6MwWuJ44TNBAiF2qyu959jGjAxf+k0ZI9iRMgYLUWjDvbdtqW\ncCWDGRDfFraJtSEuTz003GzkJPPJuIUC7OCTI1p2HxhU8ITi6itwHfdJJyk4J4TW\nT+qdIqTUpTk6tsPw23zYE3x+lS+viVZDhgEArKl1HpOthh0nMnixnH6ZAoGBAKGn\nV+xy1h9bldFk/TFkP8Jn6ki9MzGKfPVKT7vzDORcCJzU4Hu8OFy5gSmW3Mzvfrsz\n4/CR/oxgM5vwoc0pWr5thJ3GT5K93iYypX3o6q7M91zvonDa3UFl3x2qrc2pUfVS\nDhzWGJ+Z+5JSCnP1aK3EEh18dPoCcELTUYPj6X3xAoGBALAllTb3RCIaqIqk+s3Y\n6KDzikgwGM6j9lmOI2MH4XmCVym4Z40YGK5nxulDh2Ihn/n9zm13Z7ul2DJwgQSO\n0zBc7/CMOsMEBaNXuKL8Qj4enJXMtub4waQ/ywqHIdc50YaPI5Ax8dD/10h9M6Qc\nnUFLNE8pXSnsqb0eOL74f3uQ\n-----END PRIVATE KEY-----"'
+        type:
+          $ref: '#/components/schemas/DomainCertificateType'
+      required:
+        - certificate
+        - certificateChain
+        - privateKey
+        - type
+    DomainCertificateMetadata:
+      description: Certificate metadata for the domain
+      type: object
+      properties:
+        expiration:
+          description: Certificate expiration
+          type: string
+          example: '2021-05-11T05:13:05.000Z'
+        fingerprint:
+          description: Certificate fingerprint
+          type: string
+          example: 73:68:82:7B:83:2E:48:29:A5:5E:E8:40:41:80:B3:AA:03:C4:42:43:05:73:45:BC:AA:47:00:23:A3:70:E5:C4
+        subject:
+          description: Certificate subject
+          type: string
+          example: CN=login.example.com
+    DomainCertificateSourceType:
+      description: Certificate source type that indicates whether the certificate is provided by the user or Okta.
+      type: string
+      enum:
+        - MANUAL
+        - OKTA_MANAGED
+    DomainCertificateType:
+      description: Certificate type
+      type: string
+      enum:
+        - PEM
+    DomainLinks:
+      allOf:
+        - $ref: '#/components/schemas/LinksSelf'
+        - type: object
+          properties:
+            brand:
+              allOf:
+                - $ref: '#/components/schemas/HrefObject'
+                - description: The associated brand
+            certificate:
+              allOf:
+                - $ref: '#/components/schemas/HrefObject'
+                - description: The certificate link references the domain certificate
+            verify:
+              allOf:
+                - $ref: '#/components/schemas/HrefObject'
+                - description: The verify link verifies the domain and transitions the domain status to `VERIFIED`
+    DomainListResponse:
+      description: Defines a list of domains with a subset of the properties for each domain.
+      type: object
+      properties:
+        domains:
+          description: Each element of the array defines an individual domain.
+          type: array
+          items:
+            $ref: '#/components/schemas/DomainResponse'
+    DomainRequest:
+      type: object
+      properties:
+        certificateSourceType:
+          $ref: '#/components/schemas/DomainCertificateSourceType'
+        domain:
+          description: Custom domain name
+          type: string
+          example: login.example.com
+      required:
+        - certificateSourceType
+        - domain
+    DomainResponse:
+      description: The properties that define an individual domain.
+      type: object
+      properties:
+        brandId:
+          description: The ID number of the brand
+          type: string
+          example: bndul904tTZ6kWVhP0g3
+        certificateSourceType:
+          $ref: '#/components/schemas/DomainCertificateSourceType'
+        dnsRecords:
+          type: array
+          items:
+            $ref: '#/components/schemas/DNSRecord'
+        domain:
+          description: Custom domain name
+          type: string
+          example: login.example.com
+        id:
+          description: Unique ID of the domain
+          type: string
+          example: OcDz6iRyjkaCTXkdo0g3
+        publicCertificate:
+          $ref: '#/components/schemas/DomainCertificateMetadata'
+        validationStatus:
+          $ref: '#/components/schemas/DomainValidationStatus'
+        _links:
+          $ref: '#/components/schemas/DomainLinks'
+    DomainValidationStatus:
+      description: Status of the domain
+      example: VERIFIED
+      type: string
+      enum:
+        - COMPLETED
+        - IN_PROGRESS
+        - NOT_STARTED
+        - VERIFIED
+    Duration:
+      type: object
+      properties:
+        number:
+          type: integer
+        unit:
+          type: string
+    EmailContent:
+      type: object
+      properties:
+        body:
+          type: string
+          description: The email's HTML body. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
+        subject:
+          type: string
+          description: The email's subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
+      required:
+        - subject
+        - body
+    EmailCustomization:
+      allOf:
+        - $ref: '#/components/schemas/EmailContent'
+        - type: object
+          properties:
+            created:
+              type: string
+              format: date-time
+              readOnly: true
+              description: The UTC time at which this email customization was created.
+            id:
+              type: string
+              readOnly: true
+              description: A unique identifier for this email customization
+            isDefault:
+              type: boolean
+              description: Whether this is the default customization for the email template. Each customized email template must have exactly one default customization. Defaults to `true` for the first customization and `false` thereafter.
+            language:
+              $ref: '#/components/schemas/Language'
+            lastUpdated:
+              type: string
+              format: date-time
+              readOnly: true
+              description: The UTC time at which this email customization was last updated.
+            _links:
+              allOf:
+                - $ref: '#/components/schemas/LinksSelf'
+                - properties:
+                    self:
+                      $ref: '#/components/schemas/HrefObject'
+                    template:
+                      $ref: '#/components/schemas/HrefObject'
+                    preview:
+                      $ref: '#/components/schemas/HrefObject'
+                    test:
+                      $ref: '#/components/schemas/HrefObject'
+          required:
+            - language
+    EmailDefaultContent:
+      allOf:
+        - $ref: '#/components/schemas/EmailContent'
+        - type: object
+          properties:
+            _links:
+              type: object
+              allOf:
+                - $ref: '#/components/schemas/LinksSelf'
+                - properties:
+                    template:
+                      $ref: '#/components/schemas/HrefObject'
+                    preview:
+                      $ref: '#/components/schemas/HrefObject'
+                    test:
+                      $ref: '#/components/schemas/HrefObject'
+    EmailDomain:
+      allOf:
+        - $ref: '#/components/schemas/BaseEmailDomain'
+      type: object
+      properties:
+        brandId:
+          type: string
+        domain:
+          type: string
+      required:
+        - domain
+        - brandId
+    EmailDomainDNSRecord:
+      type: object
+      properties:
+        fqdn:
+          type: string
+        recordType:
+          $ref: '#/components/schemas/EmailDomainDNSRecordType'
+        verificationValue:
+          type: string
+    EmailDomainDNSRecordType:
+      type: string
+      enum:
+        - CNAME
+        - TXT
+    EmailDomainResponse:
+      allOf:
+        - $ref: '#/components/schemas/BaseEmailDomain'
+      type: object
+      properties:
+        dnsValidationRecords:
+          type: array
+          items:
+            $ref: '#/components/schemas/EmailDomainDNSRecord'
+        domain:
+          type: string
+        id:
+          type: string
+        validationStatus:
+          $ref: '#/components/schemas/EmailDomainStatus'
+    EmailDomainResponseWithEmbedded:
+      allOf:
+        - $ref: '#/components/schemas/EmailDomainResponse'
+      type: object
+      properties:
+        _embedded:
+          type: object
+          properties:
+            brands:
+              type: array
+              items:
+                $ref: '#/components/schemas/Brand'
+          readOnly: true
+    EmailDomainStatus:
+      type: string
+      enum:
+        - DELETED
+        - ERROR
+        - NOT_STARTED
+        - POLLING
+        - VERIFIED
+    EmailPreview:
+      type: object
+      properties:
+        body:
+          type: string
+          readOnly: true
+          description: The email's HTML body
+        subject:
+          type: string
+          readOnly: true
+          description: The email's subject
+        _links:
+          allOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - properties:
+                contentSource:
+                  $ref: '#/components/schemas/HrefObject'
+                template:
+                  $ref: '#/components/schemas/HrefObject'
+                test:
+                  $ref: '#/components/schemas/HrefObject'
+                defaultContent:
+                  $ref: '#/components/schemas/HrefObject'
+    EmailServerListResponse:
+      type: object
+      properties:
+        email-servers:
+          type: array
+          items:
+            $ref: '#/components/schemas/EmailServerResponse'
+    EmailServerPost:
+      allOf:
+        - $ref: '#/components/schemas/EmailServerRequest'
+        - required:
+            - host
+            - port
+            - username
+            - password
+            - alias
+    EmailServerRequest:
+      allOf:
+        - $ref: '#/components/schemas/BaseEmailServer'
+        - properties:
+            password:
+              type: string
+              description: The password to use with your SMTP server
+    EmailServerResponse:
+      allOf:
+        - $ref: '#/components/schemas/BaseEmailServer'
+        - properties:
+            id:
+              type: string
+    EmailSettings:
+      type: object
+      properties:
+        recipients:
+          type: string
+          enum:
+            - ALL_USERS
+            - ADMINS_ONLY
+            - NO_USERS
+      required:
+        - recipients
+    EmailTemplate:
+      type: object
+      properties:
+        name:
+          type: string
+          readOnly: true
+          description: The name of this email template
+        _embedded:
+          type: object
+          properties:
+            settings:
+              $ref: '#/components/schemas/EmailSettings'
+            customizationCount:
+              type: integer
+          readOnly: true
+        _links:
+          allOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - properties:
+                settings:
+                  $ref: '#/components/schemas/HrefObject'
+                defaultContent:
+                  $ref: '#/components/schemas/HrefObject'
+                customizations:
+                  $ref: '#/components/schemas/HrefObject'
+                test:
+                  $ref: '#/components/schemas/HrefObject'
+    EmailTemplateTouchPointVariant:
+      type: string
+      enum:
+        - FULL_THEME
+        - OKTA_DEFAULT
+    EmailTestAddresses:
+      type: object
+      properties:
+        from:
+          type: string
+          description: An email address to send the test email from
+        to:
+          type: string
+          description: An email address to send the test email to
+      required:
+        - from
+        - to
+    EmailUserFactor:
+      allOf:
+        - $ref: '#/components/schemas/UserFactor'
+        - type: object
+          properties:
+            profile:
+              $ref: '#/components/schemas/EmailUserFactorProfile'
+    EmailUserFactorProfile:
+      type: object
+      properties:
+        email:
+          type: string
+    EnabledStatus:
+      description: Setting status
+      type: string
+      enum:
+        - DISABLED
+        - ENABLED
+    EndUserDashboardTouchPointVariant:
+      type: string
+      enum:
+        - FULL_THEME
+        - LOGO_ON_FULL_WHITE_BACKGROUND
+        - OKTA_DEFAULT
+        - WHITE_LOGO_BACKGROUND
+    Error:
+      title: Error
+      type: object
+      properties:
+        errorCauses:
+          type: array
+          items:
+            type: object
+            properties:
+              errorSummary:
+                type: string
+        errorCode:
+          type: string
+          description: An Okta code for this type of error
+        errorId:
+          type: string
+          description: A unique identifier for this error. This can be used by Okta Support to help with troubleshooting.
+        errorLink:
+          type: string
+          description: An Okta code for this type of error
+        errorSummary:
+          type: string
+          description: A short description of what caused this error. Sometimes this contains dynamically-generated information about your specific error.
+    ErrorPage:
+      allOf:
+        - $ref: '#/components/schemas/CustomizablePage'
+        - type: object
+          properties:
+            contentSecurityPolicySetting:
+              $ref: '#/components/schemas/ContentSecurityPolicySetting'
+    ErrorPageTouchPointVariant:
+      type: string
+      enum:
+        - BACKGROUND_IMAGE
+        - BACKGROUND_SECONDARY_COLOR
+        - OKTA_DEFAULT
+    EventHook:
+      type: object
+      properties:
+        channel:
+          $ref: '#/components/schemas/EventHookChannel'
+        created:
+          type: string
+          format: date-time
+          readOnly: true
+        createdBy:
+          type: string
+        events:
+          $ref: '#/components/schemas/EventSubscriptions'
+        id:
+          type: string
+          readOnly: true
+        lastUpdated:
+          type: string
+          format: date-time
+          readOnly: true
+        name:
+          type: string
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+        verificationStatus:
+          $ref: '#/components/schemas/EventHookVerificationStatus'
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    EventHookChannel:
+      type: object
+      properties:
+        config:
+          $ref: '#/components/schemas/EventHookChannelConfig'
+        type:
+          $ref: '#/components/schemas/EventHookChannelType'
+        version:
+          type: string
+    EventHookChannelConfig:
+      type: object
+      properties:
+        authScheme:
+          $ref: '#/components/schemas/EventHookChannelConfigAuthScheme'
+        headers:
+          type: array
+          items:
+            $ref: '#/components/schemas/EventHookChannelConfigHeader'
+        uri:
+          type: string
+    EventHookChannelConfigAuthScheme:
+      type: object
+      properties:
+        key:
+          type: string
+        type:
+          $ref: '#/components/schemas/EventHookChannelConfigAuthSchemeType'
+        value:
+          type: string
+    EventHookChannelConfigAuthSchemeType:
+      type: string
+      enum:
+        - HEADER
+    EventHookChannelConfigHeader:
+      type: object
+      properties:
+        key:
+          type: string
+        value:
+          type: string
+    EventHookChannelType:
+      type: string
+      enum:
+        - HTTP
+    EventHookVerificationStatus:
+      type: string
+      enum:
+        - UNVERIFIED
+        - VERIFIED
+    EventSubscriptionType:
+      type: string
+      enum:
+        - EVENT_TYPE
+        - FLOW_EVENT
+    EventSubscriptions:
+      type: object
+      properties:
+        items:
+          type: array
+          items:
+            type: string
+        type:
+          $ref: '#/components/schemas/EventSubscriptionType'
+      discriminator:
+        propertyName: type
+    FCMConfiguration:
+      properties:
+        fileName:
+          type: string
+          description: (Optional) File name for Admin Console display
+        projectId:
+          type: string
+          description: Project ID of FCM configuration
+          readOnly: true
+        serviceAccountJson:
+          type: object
+          description: JSON containing the private service account key and service account details. See [Creating and managing service account keys](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) for more information on creating service account keys in JSON.
+          writeOnly: true
+    FCMPushProvider:
+      allOf:
+        - $ref: '#/components/schemas/PushProvider'
+        - type: object
+          properties:
+            configuration:
+              $ref: '#/components/schemas/FCMConfiguration'
+    FactorProvider:
+      type: string
+      enum:
+        - CUSTOM
+        - DUO
+        - FIDO
+        - GOOGLE
+        - OKTA
+        - RSA
+        - SYMANTEC
+        - YUBICO
+    FactorResultType:
+      type: string
+      enum:
+        - CANCELLED
+        - CHALLENGE
+        - ERROR
+        - FAILED
+        - PASSCODE_REPLAYED
+        - REJECTED
+        - SUCCESS
+        - TIMEOUT
+        - TIME_WINDOW_EXCEEDED
+        - WAITING
+    FactorStatus:
+      type: string
+      enum:
+        - ACTIVE
+        - DISABLED
+        - ENROLLED
+        - EXPIRED
+        - INACTIVE
+        - NOT_SETUP
+        - PENDING_ACTIVATION
+    FactorType:
+      type: string
+      enum:
+        - call
+        - email
+        - push
+        - question
+        - signed_nonce
+        - sms
+        - token
+        - token:hardware
+        - token:hotp
+        - token:software:totp
+        - u2f
+        - web
+        - webauthn
+    Feature:
+      type: object
+      properties:
+        description:
+          type: string
+        id:
+          type: string
+          readOnly: true
+        name:
+          type: string
+        stage:
+          $ref: '#/components/schemas/FeatureStage'
+        status:
+          $ref: '#/components/schemas/EnabledStatus'
+        type:
+          $ref: '#/components/schemas/FeatureType'
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    FeatureLifecycle:
+      example: enable
+      type: string
+      enum:
+        - disable
+        - enable
+    FeatureStage:
+      type: object
+      properties:
+        state:
+          $ref: '#/components/schemas/FeatureStageState'
+        value:
+          $ref: '#/components/schemas/FeatureStageValue'
+    FeatureStageState:
+      type: string
+      enum:
+        - CLOSED
+        - OPEN
+    FeatureStageValue:
+      type: string
+      enum:
+        - BETA
+        - EA
+    FeatureType:
+      type: string
+      enum:
+        - self-service
+    FipsEnum:
+      type: string
+      enum:
+        - OPTIONAL
+        - REQUIRED
+    ForgotPasswordResponse:
+      type: object
+      properties:
+        resetPasswordUrl:
+          type: string
+          readOnly: true
+    GrantOrTokenStatus:
+      description: Status
+      example: ACTIVE
+      type: string
+      enum:
+        - ACTIVE
+        - REVOKED
+      readOnly: true
+    GrantTypePolicyRuleCondition:
+      type: object
+      description: Array of grant types that this condition includes. Determines the mechanism that Okta uses to authorize the creation of the tokens.
+      properties:
+        include:
+          type: array
+          description: Array of grant types thagt this condition includes.
+          items:
+            type: string
+    Group:
+      type: object
+      properties:
+        created:
+          type: string
+          format: date-time
+          readOnly: true
+        id:
+          type: string
+          readOnly: true
+        lastMembershipUpdated:
+          type: string
+          format: date-time
+          readOnly: true
+        lastUpdated:
+          type: string
+          format: date-time
+          readOnly: true
+        objectClass:
+          type: array
+          readOnly: true
+          items:
+            type: string
+        profile:
+          $ref: '#/components/schemas/GroupProfile'
+        type:
+          $ref: '#/components/schemas/GroupType'
+        _embedded:
+          type: object
+          additionalProperties:
+            type: object
+            properties: {}
+          readOnly: true
+        _links:
+          allOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - properties:
+                apps:
+                  $ref: '#/components/schemas/HrefObject'
+                logo:
+                  type: array
+                  items:
+                    $ref: '#/components/schemas/HrefObject'
+                source:
+                  $ref: '#/components/schemas/HrefObject'
+                users:
+                  $ref: '#/components/schemas/HrefObject'
+    GroupCondition:
+      type: object
+      description: Specifies a set of Groups whose Users are to be included or excluded
+      properties:
+        exclude:
+          type: array
+          description: Groups to be excluded
+          items:
+            type: string
+        include:
+          type: array
+          description: Groups to be included
+          items:
+            type: string
+    GroupOwner:
+      type: object
+      properties:
+        displayName:
+          description: The display name of the group owner
+          type: string
+          readOnly: true
+        id:
+          description: The `id` of the group owner
+          type: string
+        lastUpdated:
+          description: Timestamp when the group owner was last updated
+          type: string
+          format: date-time
+          readOnly: true
+        originId:
+          description: The ID of the app instance if the `originType` is `APPLICATION`. This value is `NULL` if `originType` is `OKTA_DIRECTORY`.
+          type: string
+        originType:
+          $ref: '#/components/schemas/GroupOwnerOriginType'
+        resolved:
+          description: If `originType`is APPLICATION, this parameter is set to `FALSE` until the owner’s `originId` is reconciled with an associated Okta ID.
+          type: boolean
+        type:
+          $ref: '#/components/schemas/GroupOwnerType'
+    GroupOwnerOriginType:
+      description: The source where group ownership is managed
+      type: string
+      enum:
+        - APPLICATION
+        - OKTA_DIRECTORY
+    GroupOwnerType:
+      description: The entity type of the owner
+      type: string
+      enum:
+        - GROUP
+        - USER
+    GroupPolicyRuleCondition:
+      type: object
+      description: Specifies a set of Groups whose Users are to be included or excluded
+      properties:
+        exclude:
+          type: array
+          description: Groups to be excluded
+          items:
+            type: string
+        include:
+          type: array
+          description: Groups to be included
+          items:
+            type: string
+    GroupProfile:
+      additionalProperties: true
+      type: object
+      properties:
+        description:
+          type: string
+        name:
+          type: string
+      x-okta-extensible: true
+    GroupRule:
+      type: object
+      properties:
+        actions:
+          $ref: '#/components/schemas/GroupRuleAction'
+        conditions:
+          $ref: '#/components/schemas/GroupRuleConditions'
+        created:
+          type: string
+          format: date-time
+          readOnly: true
+        id:
+          type: string
+          readOnly: true
+        lastUpdated:
+          type: string
+          format: date-time
+          readOnly: true
+        name:
+          type: string
+        status:
+          $ref: '#/components/schemas/GroupRuleStatus'
+        type:
+          type: string
+    GroupRuleAction:
+      type: object
+      properties:
+        assignUserToGroups:
+          $ref: '#/components/schemas/GroupRuleGroupAssignment'
+    GroupRuleConditions:
+      type: object
+      properties:
+        expression:
+          $ref: '#/components/schemas/GroupRuleExpression'
+        people:
+          $ref: '#/components/schemas/GroupRulePeopleCondition'
+    GroupRuleExpression:
+      type: object
+      properties:
+        type:
+          type: string
+        value:
+          type: string
+    GroupRuleGroupAssignment:
+      type: object
+      properties:
+        groupIds:
+          type: array
+          items:
+            type: string
+    GroupRuleGroupCondition:
+      type: object
+      properties:
+        exclude:
+          type: array
+          items:
+            type: string
+        include:
+          type: array
+          items:
+            type: string
+    GroupRulePeopleCondition:
+      type: object
+      properties:
+        groups:
+          $ref: '#/components/schemas/GroupRuleGroupCondition'
+        users:
+          $ref: '#/components/schemas/GroupRuleUserCondition'
+    GroupRuleStatus:
+      type: string
+      enum:
+        - ACTIVE
+        - INACTIVE
+        - INVALID
+    GroupRuleUserCondition:
+      type: object
+      properties:
+        exclude:
+          type: array
+          items:
+            type: string
+        include:
+          type: array
+          items:
+            type: string
+    GroupSchema:
+      type: object
+      properties:
+        $schema:
+          readOnly: true
+          type: string
+        created:
+          readOnly: true
+          type: string
+        definitions:
+          $ref: '#/components/schemas/GroupSchemaDefinitions'
+        description:
+          type: string
+        id:
+          readOnly: true
+          type: string
+        lastUpdated:
+          readOnly: true
+          type: string
+        name:
+          readOnly: true
+          type: string
+        properties:
+          $ref: '#/components/schemas/UserSchemaProperties'
+        title:
+          type: string
+        type:
+          readOnly: true
+          type: string
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+      x-okta-allow-null-property-value-for-updates: true
+    GroupSchemaAttribute:
+      type: object
+      properties:
+        description:
+          type: string
+        enum:
+          items:
+            type: string
+          type: array
+        externalName:
+          type: string
+        externalNamespace:
+          type: string
+        items:
+          $ref: '#/components/schemas/UserSchemaAttributeItems'
+        master:
+          $ref: '#/components/schemas/UserSchemaAttributeMaster'
+        maxLength:
+          type: integer
+        minLength:
+          type: integer
+        mutability:
+          type: string
+        oneOf:
+          items:
+            $ref: '#/components/schemas/UserSchemaAttributeEnum'
+          type: array
+        permissions:
+          items:
+            $ref: '#/components/schemas/UserSchemaAttributePermission'
+          type: array
+        required:
+          type: boolean
+        scope:
+          $ref: '#/components/schemas/UserSchemaAttributeScope'
+        title:
+          type: string
+        type:
+          $ref: '#/components/schemas/UserSchemaAttributeType'
+        union:
+          $ref: '#/components/schemas/UserSchemaAttributeUnion'
+        unique:
+          type: string
+    GroupSchemaBase:
+      type: object
+      properties:
+        id:
+          readOnly: true
+          type: string
+        properties:
+          $ref: '#/components/schemas/GroupSchemaBaseProperties'
+        required:
+          items:
+            type: string
+          type: array
+        type:
+          type: string
+    GroupSchemaBaseProperties:
+      type: object
+      properties:
+        description:
+          $ref: '#/components/schemas/GroupSchemaAttribute'
+        name:
+          $ref: '#/components/schemas/GroupSchemaAttribute'
+    GroupSchemaCustom:
+      type: object
+      properties:
+        id:
+          readOnly: true
+          type: string
+        properties:
+          additionalProperties:
+            $ref: '#/components/schemas/GroupSchemaAttribute'
+          type: object
+        required:
+          items:
+            type: string
+          type: array
+        type:
+          type: string
+    GroupSchemaDefinitions:
+      type: object
+      properties:
+        base:
+          $ref: '#/components/schemas/GroupSchemaBase'
+        custom:
+          $ref: '#/components/schemas/GroupSchemaCustom'
+    GroupType:
+      type: string
+      enum:
+        - APP_GROUP
+        - BUILT_IN
+        - OKTA_GROUP
+    HardwareUserFactor:
+      allOf:
+        - $ref: '#/components/schemas/UserFactor'
+        - type: object
+          properties:
+            profile:
+              $ref: '#/components/schemas/HardwareUserFactorProfile'
+    HardwareUserFactorProfile:
+      type: object
+      properties:
+        credentialId:
+          type: string
+    HookKey:
+      type: object
+      properties:
+        created:
+          type: string
+          format: date-time
+          description: Timestamp when the key was created.
+          readOnly: true
+        id:
+          type: string
+          description: The unique identifier for the key.
+          readOnly: true
+        isUsed:
+          type: string
+          format: boolean
+          description: Whether this key is currently in use by other hooks.
+        keyId:
+          type: string
+          description: The alias of the public key.
+          readOnly: true
+        lastUpdated:
+          type: string
+          format: date-time
+          description: Timestamp when the key was updated.
+          readOnly: true
+        name:
+          type: string
+          description: Display name of the key.
+          readOnly: false
+        _embedded:
+          $ref: '#/components/schemas/JsonWebKey'
+    HostedPage:
+      type: object
+      properties:
+        type:
+          $ref: '#/components/schemas/HostedPageType'
+        url:
+          type: string
+      required:
+        - type
+    HostedPageType:
+      type: string
+      enum:
+        - EXTERNALLY_HOSTED
+        - OKTA_DEFAULT
+    HrefObject:
+      title: Link Object
+      type: object
+      additionalProperties: true
+      properties:
+        hints:
+          type: object
+          description: Describes allowed HTTP verbs for the `href`
+          properties:
+            allow:
+              type: array
+              items:
+                $ref: '#/components/schemas/HttpMethod'
+        href:
+          type: string
+          description: Link URI
+        name:
+          type: string
+          description: Link name
+        type:
+          type: string
+          description: The media type of the link. If omitted, it is implicitly `application/json`.
+        templated:
+          type: boolean
+          description: Indicates whether the Link Object's "href" property is a URI Template.
+      required:
+        - href
+      readOnly: true
+    HrefObjectMappingsLink:
+      allOf:
+        - $ref: '#/components/schemas/HrefObject'
+        - description: Link to the mappings resource
+    HrefObjectRulesLink:
+      allOf:
+        - $ref: '#/components/schemas/HrefObject'
+        - description: Link to the rules resource    
+    HrefObjectActivateLink:
+      allOf:
+        - $ref: '#/components/schemas/HrefObject'
+        - description: Link to activate the resource
+    HrefObjectAppLink:
+      allOf:
+        - $ref: '#/components/schemas/HrefObject'
+        - description: Link to the app resource
+    HrefObjectClientLink:
+      allOf:
+        - $ref: '#/components/schemas/HrefObject'
+        - description: Link to the client resource
+    HrefObjectDeactivateLink:
+      allOf:
+        - $ref: '#/components/schemas/HrefObject'
+        - description: Link to deactivate the resource
+    HrefObjectDeleteLink:
+      allOf:
+        - $ref: '#/components/schemas/HrefObject'
+        - description: Link to delete the resource
+    HrefObjectLogoLink:
+      allOf:
+        - $ref: '#/components/schemas/HrefObject'
+        - description: Link to the logo resource
+    HrefObjectSelfLink:
+      allOf:
+        - $ref: '#/components/schemas/HrefObject'
+        - description: Link to the resource (self)
+    HrefObjectSuspendLink:
+      allOf:
+        - $ref: '#/components/schemas/HrefObject'
+        - description: Link to suspend the resource
+    HrefObjectUnsuspendLink:
+      allOf:
+        - $ref: '#/components/schemas/HrefObject'
+        - description: Link to unsuspend the resource
+    HrefObjectUserLink:
+      allOf:
+        - $ref: '#/components/schemas/HrefObject'
+        - description: Link to the user resource
+    HttpMethod:
+      type: string
+      enum:
+        - DELETE
+        - GET
+        - POST
+        - PUT
+    IamRole:
+      type: object
+      properties:
+        created:
+          type: string
+          format: date-time
+          description: Timestamp when the role was created
+          readOnly: true
+        description:
+          type: string
+          description: Description of the role
+        id:
+          type: string
+          description: Unique key for the role
+          readOnly: true
+        label:
+          type: string
+          description: Unique label for the role
+        lastUpdated:
+          type: string
+          format: date-time
+          description: Timestamp when the role was last updated
+          readOnly: true
+        _links:
+          allOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - properties:
+                permissions:
+                  $ref: '#/components/schemas/HrefObject'
+      required:
+        - label
+        - description
+    IamRoles:
+      type: object
+      properties:
+        roles:
+          type: array
+          items:
+            $ref: '#/components/schemas/IamRole'
+        _links:
+          $ref: '#/components/schemas/LinksNext'
+    IdentityProvider:
+      type: object
+      properties:
+        created:
+          type: string
+          format: date-time
+          readOnly: true
+          nullable: true
+        id:
+          type: string
+          readOnly: true
+        issuerMode:
+          $ref: '#/components/schemas/IssuerMode'
+        lastUpdated:
+          type: string
+          format: date-time
+          readOnly: true
+        name:
+          type: string
+        policy:
+          $ref: '#/components/schemas/IdentityProviderPolicy'
+        properties:
+          $ref: '#/components/schemas/IdentityProviderProperties'
+        protocol:
+          $ref: '#/components/schemas/Protocol'
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+        type:
+          $ref: '#/components/schemas/IdentityProviderType'
+        _links:
+          type: object
+          additionalProperties: true
+          allOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - properties:
+                acs:
+                  description: SAML 2.0 Assertion Consumer Service URL for the Okta SP
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+                authorize:
+                  description: OAuth 2.0 authorization endpoint for the IdP OAuth 2.0 Authorization Code flow
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+                clientRedirectUri:
+                  description: Redirect URI for the OAuth 2.0 Authorization Code flow
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+                metadata:
+                  description: 'Federation metadata document for the IdP (for example: SAML 2.0 Metadata)'
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'                           
+                users:
+                  description: IdP users
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+                deactivate:
+                  description: Deactivate IdP
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+                activate:
+                  description: Activate IdP
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+                keys:
+                  description: IdP keys
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+    IdentityProviderApplicationUser:
+      type: object
+      properties:
+        created:
+          type: string
+        externalId:
+          type: string
+        id:
+          type: string
+          readOnly: true
+        lastUpdated:
+          type: string
+        profile:
+          type: object
+          additionalProperties:
+            type: object
+            properties: {}
+        _embedded:
+          type: object
+          additionalProperties:
+            type: object
+            properties: {}
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    IdentityProviderCredentials:
+      type: object
+      properties:
+        client:
+          $ref: '#/components/schemas/IdentityProviderCredentialsClient'
+        signing:
+          $ref: '#/components/schemas/IdentityProviderCredentialsSigning'
+        trust:
+          $ref: '#/components/schemas/IdentityProviderCredentialsTrust'
+    IdentityProviderCredentialsClient:
+      type: object
+      properties:
+        client_id:
+          type: string
+        client_secret:
+          type: string
+    IdentityProviderCredentialsSigning:
+      type: object
+      properties:
+        kid:
+          type: string
+    IdentityProviderCredentialsTrust:
+      type: object
+      properties:
+        audience:
+          type: string
+        issuer:
+          type: string
+        kid:
+          type: string
+        revocation:
+          $ref: '#/components/schemas/IdentityProviderCredentialsTrustRevocation'
+        revocationCacheLifetime:
+          type: integer
+    IdentityProviderCredentialsTrustRevocation:
+      type: string
+      enum:
+        - CRL
+        - DELTA_CRL
+        - OCSP
+    IdentityProviderPolicy:
+      allOf:
+        - type: object
+          properties:
+            accountLink:
+              $ref: '#/components/schemas/PolicyAccountLink'
+            mapAMRClaims:
+              type: boolean
+              description: Enable mapping AMR from IdP to Okta to downstream apps
+              default: false
+              x-okta-lifecycle:
+                features:
+                  - IDP_AMR_CLAIMS_MAPPING
+            maxClockSkew:
+              type: integer
+            provisioning:
+              $ref: '#/components/schemas/Provisioning'
+            subject:
+              $ref: '#/components/schemas/PolicySubject'
+    IdpDiscoveryPolicy:
+      allOf:
+        - $ref: '#/components/schemas/Policy'
+        - type: object
+          properties:
+            conditions:
+              type: object
+              nullable: true
+    IdentityProviderPolicyProvider:
+      type: string
+      enum:
+        - ANY
+        - OKTA
+        - SPECIFIC_IDP
+    IdpSelectionType:
+      type: string
+      enum:
+        - DYNAMIC
+        - SPECIFIC
+    IdentityProviderPolicyRuleCondition:
+      type: object
+      properties:
+        idpIds:
+          type: array
+          items:
+            type: string
+        provider:
+          $ref: '#/components/schemas/IdentityProviderPolicyProvider'
+    IdentityProviderProperties:
+      nullable: true
+      type: object
+      properties:
+        additionalAmr:
+          type: array
+          nullable: true
+          items:
+            type: string
+    IdentityProviderType:
+      type: string
+      enum:
+        - AgentlessDSSO
+        - FACEBOOK
+        - GOOGLE
+        - IWA
+        - LINKEDIN
+        - MICROSOFT
+        - OIDC
+        - OKTA
+        - SAML2
+        - X509
+    IdentitySourceSession:
+      type: object
+      properties:
+        created:
+          type: string
+          format: date-time
+          readOnly: true
+        id:
+          type: string
+          readOnly: true
+        identitySourceId:
+          type: string
+          readOnly: true
+        importType:
+          type: string
+          readOnly: true
+        lastUpdated:
+          type: string
+          format: date-time
+          readOnly: true
+        status:
+          $ref: '#/components/schemas/IdentitySourceSessionStatus'
+    IdentitySourceSessionStatus:
+      type: string
+      enum:
+        - CLOSED
+        - COMPLETED
+        - CREATED
+        - ERROR
+        - EXPIRED
+        - IN_PROGRESS
+        - TRIGGERED
+    IdentitySourceUserProfileForDelete:
+      type: object
+      properties:
+        externalId:
+          type: string
+          maxLength: 512
+    IdentitySourceUserProfileForUpsert:
+      additionalProperties: {}
+      type: object
+      properties:
+        email:
+          type: string
+          format: email
+          minLength: 5
+          maxLength: 100
+        firstName:
+          type: string
+          minLength: 1
+          maxLength: 50
+          nullable: true
+        homeAddress:
+          type: string
+          maxLength: 4096
+          nullable: true
+        lastName:
+          type: string
+          minLength: 1
+          maxLength: 50
+          nullable: true
+        mobilePhone:
+          type: string
+          maxLength: 100
+          nullable: true
+        secondEmail:
+          type: string
+          format: email
+          minLength: 5
+          maxLength: 100
+        userName:
+          type: string
+          maxLength: 100
+    IdpPolicyRuleAction:
+      type: object
+      properties:
+        idp:
+          type: object
+          properties:
+            providers:
+              items:
+                $ref: '#/components/schemas/IdpPolicyRuleActionProvider'
+              type: array
+              description: List of configured Identity Providers that a given Rule can route to. Ability to define multiple providers is a part of the Okta Identity Engine. This allows users to choose a Provider when they sign in. Contact support for information on the Identity Engine.
+            idpSelectionType:
+              description: Determines whether the rule should use expression language or a specific IdP
+              $ref: '#/components/schemas/IdpSelectionType'
+            matchCriteria:
+              items:
+                $ref: '#/components/schemas/IdpPolicyRuleActionMatchCriteria'
+              type: array
+              description: Required if `idpSelectionType` is set to `DYNAMIC`
+    IdpPolicyRuleActionMatchCriteria:
+      type: object
+      properties:
+        providerExpression:
+          type: string
+          description: |
+            You can provide an Okta Expression Language expression with the Login Context that's evaluated with the IdP. For example, the value `login.identifier` refers to the user's username. If the user is signing in with the username `john.doe@mycompany.com`, the expression `login.identifier.substringAfter(@))` is evaluated to the domain name of the user, for example: `mycompany.com`.
+        propertyName:
+          type: string
+          description: The IdP property that the evaluated string should match to              
+    IdpPolicyRuleActionProvider:
+      type: object
+      properties:
+        id:
+          type: string
+          description: IdP types of `OKTA`, `AgentlessDSSO`, and `IWA` don't require an ID.
+        name:
+          type: string
+          description: Provider `name` in Okta. Optional. Supported in `IDENTITY ENGINE`.
+        type:
+          $ref: '#/components/schemas/IdentityProviderType'
+    IframeEmbedScopeAllowedApps:
+      type: string
+      enum:
+        - OKTA_ENDUSER
+    ImageUploadResponse:
+      type: object
+      properties:
+        url:
+          readOnly: true
+          type: string
+    InactivityPolicyRuleCondition:
+      type: object
+      properties:
+        number:
+          type: integer
+        unit:
+          type: string
+    InlineHook:
+      type: object
+      properties:
+        channel:
+          $ref: '#/components/schemas/InlineHookChannel'
+        created:
+          type: string
+          format: date-time
+          readOnly: true
+        id:
+          type: string
+          readOnly: true
+        lastUpdated:
+          type: string
+          format: date-time
+          readOnly: true
+        name:
+          type: string
+        status:
+          $ref: '#/components/schemas/InlineHookStatus'
+        type:
+          $ref: '#/components/schemas/InlineHookType'
+        version:
+          type: string
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    InlineHookChannel:
+      type: object
+      properties:
+        type:
+          $ref: '#/components/schemas/InlineHookChannelType'
+        version:
+          type: string
+      discriminator:
+        propertyName: type
+        mapping:
+          HTTP: '#/components/schemas/InlineHookChannelHttp'
+          OAUTH: '#/components/schemas/InlineHookChannelOAuth'
+    InlineHookChannelConfig:
+      type: object
+      properties:
+        authScheme:
+          $ref: '#/components/schemas/InlineHookChannelConfigAuthScheme'
+        headers:
+          type: array
+          items:
+            $ref: '#/components/schemas/InlineHookChannelConfigHeaders'
+        method:
+          type: string
+        uri:
+          type: string
+    InlineHookChannelConfigAuthScheme:
+      type: object
+      properties:
+        key:
+          type: string
+        type:
+          type: string
+        value:
+          type: string
+    InlineHookChannelConfigHeaders:
+      type: object
+      properties:
+        key:
+          type: string
+        value:
+          type: string
+    InlineHookChannelHttp:
+      allOf:
+        - $ref: '#/components/schemas/InlineHookChannel'
+        - type: object
+          properties:
+            config:
+              $ref: '#/components/schemas/InlineHookChannelConfig'
+    InlineHookChannelOAuth:
+      allOf:
+        - $ref: '#/components/schemas/InlineHookChannel'
+        - type: object
+          properties:
+            config:
+              $ref: '#/components/schemas/InlineHookOAuthChannelConfig'
+    InlineHookChannelType:
+      type: string
+      enum:
+        - HTTP
+        - OAUTH
+    InlineHookOAuthBasicConfig:
+      allOf:
+        - $ref: '#/components/schemas/InlineHookChannelConfig'
+      type: object
+      properties:
+        authType:
+          type: string
+        clientId:
+          type: string
+        scope:
+          type: string
+        tokenUrl:
+          type: string
+    InlineHookOAuthChannelConfig:
+      type: object
+      properties:
+        authType:
+          type: string
+      discriminator:
+        propertyName: authType
+        mapping:
+          client_secret_post: '#/components/schemas/InlineHookOAuthClientSecretConfig'
+          private_key_jwt: '#/components/schemas/InlineHookOAuthPrivateKeyJwtConfig'
+    InlineHookOAuthClientSecretConfig:
+      allOf:
+        - $ref: '#/components/schemas/InlineHookOAuthBasicConfig'
+      type: object
+      properties:
+        clientSecret:
+          type: string
+    InlineHookOAuthPrivateKeyJwtConfig:
+      allOf:
+        - $ref: '#/components/schemas/InlineHookOAuthBasicConfig'
+      type: object
+      properties:
+        hookKeyId:
+          type: string
+    InlineHookPayload:
+      type: object
+      x-okta-extensible: true
+    InlineHookResponse:
+      type: object
+      properties:
+        commands:
+          type: array
+          items:
+            $ref: '#/components/schemas/InlineHookResponseCommands'
+    InlineHookResponseCommandValue:
+      type: object
+      properties:
+        op:
+          type: string
+        path:
+          type: string
+        value:
+          type: string
+    InlineHookResponseCommands:
+      type: object
+      properties:
+        type:
+          type: string
+        value:
+          type: array
+          items:
+            $ref: '#/components/schemas/InlineHookResponseCommandValue'
+    InlineHookStatus:
+      type: string
+      enum:
+        - ACTIVE
+        - INACTIVE
+    InlineHookType:
+      type: string
+      enum:
+        - com.okta.import.transform
+        - com.okta.oauth2.tokens.transform
+        - com.okta.saml.tokens.transform
+        - com.okta.user.credential.password.import
+        - com.okta.user.pre-registration
+    IssuerMode:
+      type: string
+      enum:
+        - CUSTOM_URL
+        - DYNAMIC
+        - ORG_URL
+    JsonWebKey:
+      type: object
+      properties:
+        alg:
+          type: string
+        created:
+          type: string
+          format: date-time
+        e:
+          type: string
+        expiresAt:
+          type: string
+          format: date-time
+        key_ops:
+          type: array
+          items:
+            type: string
+        kid:
+          type: string
+        kty:
+          type: string
+        lastUpdated:
+          type: string
+          format: date-time
+        'n':
+          type: string
+        status:
+          type: string
+        use:
+          type: string
+        x5c:
+          type: array
+          items:
+            type: string
+        x5t:
+          type: string
+        x5t#S256:
+          type: string
+        x5u:
+          type: string
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    JwkUse:
+      type: object
+      properties:
+        use:
+          $ref: '#/components/schemas/JwkUseType'
+    JwkUseType:
+      type: string
+      enum:
+        - sig
+    KeyRequest:
+      type: object
+      properties:
+        name:
+          type: string
+    KeyTrustLevelBrowserKey:
+      description: Represents the attestation strength used by the Chrome Verified Access API
+      example: CHROME_BROWSER_HW_KEY
+      type: string
+      enum:
+        - CHROME_BROWSER_HW_KEY
+        - CHROME_BROWSER_OS_KEY
+      x-enumDescriptions:
+        CHROME_BROWSER_HW_KEY: Identity of the device was attested using a key pair that is OS encapsulated by a hardware layer
+        CHROME_BROWSER_OS_KEY: Identity of the device was attested using a key pair that is simply stored on the device but not in any specific hardware layer
+    KeyTrustLevelOSMode:
+      description: Represents the attestation strength used by the Chrome Verified Access API
+      example: CHROME_OS_VERIFIED_MODE
+      type: string
+      enum:
+        - CHROME_OS_DEVELOPER_MODE
+        - CHROME_OS_VERIFIED_MODE
+      x-enumDescriptions:
+        CHROME_OS_VERIFIED_MODE: Identity of the device was attested using an enterprise-emitted certificate, and the device is in Verified mode
+        CHROME_OS_DEVELOPER_MODE: Identity of the device was attested using an enterprise-emitted certificate, and the device is in Developer mode
+    KnowledgeConstraint:
+      allOf:
+        - $ref: '#/components/schemas/AccessPolicyConstraint'
+    Language:
+      description: The language specified as an [IETF BCP 47 language tag](https://datatracker.ietf.org/doc/html/rfc5646)
+      type: string
+    LifecycleCreateSettingObject:
+      description: Determines whether to update a user in the application when a user in Okta is updated
+      type: object
+      properties:
+        status:
+          allOf:
+            - $ref: '#/components/schemas/EnabledStatus'
+            - default: DISABLED
+    LifecycleDeactivateSettingObject:
+      description: Determines whether deprovisioning occurs when the app is unassigned
+      type: object
+      properties:
+        status:
+          allOf:
+            - $ref: '#/components/schemas/EnabledStatus'
+            - default: DISABLED
+    LifecycleExpirationPolicyRuleCondition:
+      type: object
+      properties:
+        lifecycleStatus:
+          type: string
+        number:
+          type: integer
+        unit:
+          type: string
+    LifecycleStatus:
+      type: string
+      enum:
+        - ACTIVE
+        - INACTIVE
+    LinkedObject:
+      type: object
+      properties:
+        associated:
+          $ref: '#/components/schemas/LinkedObjectDetails'
+        primary:
+          $ref: '#/components/schemas/LinkedObjectDetails'
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    LinkedObjectDetails:
+      type: object
+      properties:
+        description:
+          type: string
+        name:
+          type: string
+        title:
+          type: string
+        type:
+          $ref: '#/components/schemas/LinkedObjectDetailsType'
+    LinkedObjectDetailsType:
+      type: string
+      enum:
+        - USER
+    LinksAppAndUser:
+      description: Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. This object is used for dynamic discovery of resources related to the App User.
+      type: object
+      properties:
+        app:
+          $ref: '#/components/schemas/HrefObjectAppLink'
+        user:
+          $ref: '#/components/schemas/HrefObjectUserLink'
+      readOnly: true
+    LinksNext:
+      description: Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of an application using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. Use the `LinksNext` object for dynamic discovery of related resources and lifecycle operations.
+      type: object
+      properties:
+        next:
+          $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+    LinksSelf:
+      description: Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of an application using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. This object is used for dynamic discovery of related resources and lifecycle operations.
+      type: object
+      properties:
+        self:
+          $ref: '#/components/schemas/HrefObjectSelfLink'
+      readOnly: true
+    LinksSelfAndFullUsersLifecycle:
+      allOf:
+        - $ref: '#/components/schemas/LinksSelfAndLifecycle'
+        - type: object
+          properties:
+            suspend:
+              $ref: '#/components/schemas/HrefObjectSuspendLink'
+            unsuspend:
+              $ref: '#/components/schemas/HrefObjectUnsuspendLink'
+            users:
+              description: Link to Device users
+              allOf:
+                - $ref: '#/components/schemas/HrefObject'
+    LinksSelfAndLifecycle:
+      allOf:
+        - $ref: '#/components/schemas/LinksSelf'
+        - type: object
+          properties:
+            activate:
+              $ref: '#/components/schemas/HrefObjectActivateLink'
+            deactivate:
+              $ref: '#/components/schemas/HrefObjectDeactivateLink'
+    LinksSelfAndRoles:
+      allOf:
+        - $ref: '#/components/schemas/LinksSelf'
+        - type: object
+          properties:
+            roles:
+              $ref: '#/components/schemas/HrefObject'
+    ListProfileMappings:
+      description: |-
+        A collection of the profile mappings that include a subset of the profile mapping object's properties. The Profile Mapping object describes a mapping between an Okta User's and an App User's properties using [JSON Schema Draft 4](https://datatracker.ietf.org/doc/html/draft-zyp-json-schema-04).
+
+        > **Note:** Same type source/target mappings aren't supported by this API. Profile mappings must either be Okta->App or App->Okta.
+      type: object
+      properties:
+        id:
+          type: string
+          description: Unique identifier for profile mapping
+          readOnly: true
+        source:
+          type: object
+          description: Source of the schema property expressions (Okta object or App Instance object)
+          $ref: '#/components/schemas/ProfileMappingSource'
+        target:
+          type: object
+          description: Target of the schema property expressions (Okta object or App Instance object)
+          $ref: '#/components/schemas/ProfileMappingTarget'
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    LoadingPageTouchPointVariant:
+      type: string
+      enum:
+        - NONE
+        - OKTA_DEFAULT
+    LocationGranularity:
+      type: string
+      enum:
+        - CITY
+        - COUNTRY
+        - LAT_LONG
+        - SUBDIVISION
+    LogActor:
+      type: object
+      properties:
+        alternateId:
+          type: string
+          readOnly: true
+        detailEntry:
+          type: object
+          additionalProperties:
+            type: object
+            properties: {}
+          readOnly: true
+        displayName:
+          type: string
+          readOnly: true
+        id:
+          type: string
+          readOnly: true
+        type:
+          type: string
+          readOnly: true
+    LogAuthenticationContext:
+      type: object
+      properties:
+        authenticationProvider:
+          $ref: '#/components/schemas/LogAuthenticationProvider'
+        authenticationStep:
+          type: integer
+          readOnly: true
+        credentialProvider:
+          $ref: '#/components/schemas/LogCredentialProvider'
+        credentialType:
+          $ref: '#/components/schemas/LogCredentialType'
+        externalSessionId:
+          type: string
+          readOnly: true
+        interface:
+          type: string
+          readOnly: true
+        issuer:
+          $ref: '#/components/schemas/LogIssuer'
+    LogAuthenticationProvider:
+      type: string
+      enum:
+        - ACTIVE_DIRECTORY
+        - FACTOR_PROVIDER
+        - FEDERATION
+        - LDAP
+        - OKTA_AUTHENTICATION_PROVIDER
+        - SOCIAL
+    LogClient:
+      type: object
+      properties:
+        device:
+          type: string
+          readOnly: true
+        geographicalContext:
+          $ref: '#/components/schemas/LogGeographicalContext'
+        id:
+          type: string
+          readOnly: true
+        ipAddress:
+          type: string
+          readOnly: true
+        userAgent:
+          $ref: '#/components/schemas/LogUserAgent'
+        zone:
+          type: string
+          readOnly: true
+    LogCredentialProvider:
+      type: string
+      enum:
+        - DUO
+        - GOOGLE
+        - OKTA_AUTHENTICATION_PROVIDER
+        - OKTA_CREDENTIAL_PROVIDER
+        - RSA
+        - SYMANTEC
+        - YUBIKEY
+    LogCredentialType:
+      type: string
+      enum:
+        - ASSERTION
+        - EMAIL
+        - IWA
+        - JWT
+        - OAuth 2.0
+        - OTP
+        - PASSWORD
+        - SMS
+    LogDebugContext:
+      type: object
+      properties:
+        debugData:
+          type: object
+          additionalProperties:
+            type: object
+            properties: {}
+          readOnly: true
+    LogEvent:
+      type: object
+      properties:
+        actor:
+          $ref: '#/components/schemas/LogActor'
+        authenticationContext:
+          $ref: '#/components/schemas/LogAuthenticationContext'
+        client:
+          $ref: '#/components/schemas/LogClient'
+        debugContext:
+          $ref: '#/components/schemas/LogDebugContext'
+        displayMessage:
+          type: string
+          readOnly: true
+        eventType:
+          type: string
+          readOnly: true
+        legacyEventType:
+          type: string
+          readOnly: true
+        outcome:
+          $ref: '#/components/schemas/LogOutcome'
+        published:
+          type: string
+          format: date-time
+          readOnly: true
+        request:
+          $ref: '#/components/schemas/LogRequest'
+        securityContext:
+          $ref: '#/components/schemas/LogSecurityContext'
+        severity:
+          $ref: '#/components/schemas/LogSeverity'
+        target:
+          type: array
+          readOnly: true
+          items:
+            $ref: '#/components/schemas/LogTarget'
+        transaction:
+          $ref: '#/components/schemas/LogTransaction'
+        uuid:
+          type: string
+          readOnly: true
+        version:
+          type: string
+          readOnly: true
+    LogGeographicalContext:
+      type: object
+      properties:
+        city:
+          type: string
+          readOnly: true
+        country:
+          type: string
+          readOnly: true
+        geolocation:
+          $ref: '#/components/schemas/LogGeolocation'
+        postalCode:
+          type: string
+          readOnly: true
+        state:
+          type: string
+          readOnly: true
+    LogGeolocation:
+      type: object
+      properties:
+        lat:
+          type: number
+          format: double
+          readOnly: true
+        lon:
+          type: number
+          format: double
+          readOnly: true
+    LogIpAddress:
+      type: object
+      properties:
+        geographicalContext:
+          $ref: '#/components/schemas/LogGeographicalContext'
+        ip:
+          type: string
+          readOnly: true
+        source:
+          type: string
+          readOnly: true
+        version:
+          type: string
+          readOnly: true
+    LogIssuer:
+      type: object
+      properties:
+        id:
+          type: string
+          readOnly: true
+        type:
+          type: string
+          readOnly: true
+    LogOutcome:
+      type: object
+      properties:
+        reason:
+          type: string
+          readOnly: true
+        result:
+          type: string
+          readOnly: true
+    LogRequest:
+      type: object
+      properties:
+        ipChain:
+          type: array
+          readOnly: true
+          items:
+            $ref: '#/components/schemas/LogIpAddress'
+    LogSecurityContext:
+      type: object
+      properties:
+        asNumber:
+          type: integer
+          readOnly: true
+        asOrg:
+          type: string
+          readOnly: true
+        domain:
+          type: string
+          readOnly: true
+        isp:
+          type: string
+          readOnly: true
+        isProxy:
+          type: boolean
+          readOnly: true
+    LogSeverity:
+      type: string
+      enum:
+        - DEBUG
+        - ERROR
+        - INFO
+        - WARN
+    LogStream:
+      type: object
+      properties:
+        created:
+          type: string
+          format: date-time
+          description: Timestamp when the Log Stream object was created
+          readOnly: true
+          example: '2022-10-21T16:59:59.000Z'
+        id:
+          type: string
+          description: Unique identifier for the Log Stream
+          readOnly: true
+          example: 0oa1orzg0CHSgPcjZ0g4
+        lastUpdated:
+          type: string
+          format: date-time
+          description: Timestamp when the Log Stream object was last updated
+          readOnly: true
+          example: '2022-10-21T17:15:10.000Z'
+        name:
+          $ref: '#/components/schemas/LogStreamName'
+        status:
+          type: string
+          description: Lifecycle status of the Log Stream object
+          enum:
+            - ACTIVE
+            - INACTIVE
+          readOnly: true
+        type:
+          $ref: '#/components/schemas/LogStreamType'
+        _links:
+          $ref: '#/components/schemas/LogStreamLinksSelfAndLifecycle'
+      required:
+        - created
+        - id
+        - lastUpdated
+        - name
+        - status
+        - type
+        - _links
+      discriminator:
+        propertyName: type
+        mapping:
+          aws_eventbridge: '#/components/schemas/LogStreamAws'
+          splunk_cloud_logstreaming: '#/components/schemas/LogStreamSplunk'
+    LogStreamActivateLink:
+      allOf:
+        - $ref: '#/components/schemas/LogStreamLinkObject'
+        - description: Link to activate the resource
+    LogStreamAws:
+      allOf:
+        - $ref: '#/components/schemas/LogStream'
+        - type: object
+          properties:
+            settings:
+              $ref: '#/components/schemas/LogStreamSettingsAws'
+          required:
+            - settings
+    LogStreamAwsPutSchema:
+      allOf:
+        - $ref: '#/components/schemas/LogStreamPutSchema'
+        - type: object
+          properties:
+            settings:
+              $ref: '#/components/schemas/LogStreamSettingsAws'
+          required:
+            - settings
+    LogStreamDeactivateLink:
+      allOf:
+        - $ref: '#/components/schemas/LogStreamLinkObject'
+        - description: Link to deactivate the resource
+    LogStreamLinkObject:
+      title: Log Stream Link object
+      type: object
+      properties:
+        href:
+          type: string
+          description: The URI of the resource
+        method:
+          type: string
+          description: HTTP method allowed for the resource
+          enum:
+            - GET
+            - POST
+      required:
+        - href
+      readOnly: true
+    LogStreamLinksSelfAndLifecycle:
+      description: Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of an application using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. This object is used for dynamic discovery of related resources and lifecycle operations.
+      type: object
+      properties:
+        activate:
+          $ref: '#/components/schemas/LogStreamActivateLink'
+        deactivate:
+          $ref: '#/components/schemas/LogStreamDeactivateLink'
+        self:
+          $ref: '#/components/schemas/LogStreamSelfLink'
+      required:
+        - self
+      readOnly: true
+    LogStreamName:
+      description: Unique name for the Log Stream object
+      example: My AWS EventBridge log stream
+      type: string
+    LogStreamPutSchema:
+      type: object
+      properties:
+        name:
+          $ref: '#/components/schemas/LogStreamName'
+        type:
+          $ref: '#/components/schemas/LogStreamType'
+      required:
+        - name
+        - type
+      discriminator:
+        propertyName: type
+        mapping:
+          aws_eventbridge: '#/components/schemas/LogStreamAwsPutSchema'
+          splunk_cloud_logstreaming: '#/components/schemas/LogStreamSplunkPutSchema'
+    LogStreamSchema:
+      type: object
+      properties:
+        $schema:
+          type: string
+          readOnly: true
+        created:
+          type: string
+          readOnly: true
+        errorMessage:
+          type: object
+        id:
+          type: string
+          readOnly: true
+        lastUpdated:
+          type: string
+          readOnly: true
+        name:
+          type: string
+          readOnly: true
+        properties:
+          type: object
+        required:
+          type: array
+          items:
+            type: string
+        title:
+          type: string
+        type:
+          type: string
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    LogStreamSelfLink:
+      allOf:
+        - $ref: '#/components/schemas/LogStreamLinkObject'
+        - description: Link to the resource (self)
+    LogStreamSettingsAws:
+      description: Specifies the configuration for the `aws_eventbridge` Log Stream type. This configuration can't be modified after creation.
+      type: object
+      properties:
+        accountId:
+          $ref: '#/components/schemas/AwsAccountId'
+        eventSourceName:
+          $ref: '#/components/schemas/AwsEventSourceName'
+        region:
+          $ref: '#/components/schemas/AwsRegion'
+      required:
+        - accountId
+        - eventSourceName
+        - region
+    LogStreamSettingsSplunk:
+      description: Specifies the configuration for the `splunk_cloud_logstreaming` Log Stream type.
+      type: object
+      properties:
+        edition:
+          $ref: '#/components/schemas/SplunkEdition'
+        host:
+          $ref: '#/components/schemas/SplunkHost'
+        token:
+          $ref: '#/components/schemas/SplunkToken'
+      required:
+        - edition
+        - host
+        - token
+    LogStreamSettingsSplunkPut:
+      description: Specifies the configuration for the `splunk_cloud_logstreaming` Log Stream type.
+      type: object
+      properties:
+        edition:
+          $ref: '#/components/schemas/SplunkEdition'
+        host:
+          $ref: '#/components/schemas/SplunkHost'
+      required:
+        - edition
+        - host
+    LogStreamSplunk:
+      allOf:
+        - $ref: '#/components/schemas/LogStream'
+        - type: object
+          properties:
+            settings:
+              $ref: '#/components/schemas/LogStreamSettingsSplunk'
+          required:
+            - settings
+    LogStreamSplunkPutSchema:
+      allOf:
+        - $ref: '#/components/schemas/LogStreamPutSchema'
+        - type: object
+          properties:
+            settings:
+              $ref: '#/components/schemas/LogStreamSettingsSplunkPut'
+          required:
+            - settings
+    LogStreamType:
+      description: |-
+        Specifies the streaming provider used
+
+        Supported providers:
+          * `aws_eventbridge` ([AWS EventBridge](https://aws.amazon.com/eventbridge))
+          * `splunk_cloud_logstreaming` ([Splunk Cloud](https://www.splunk.com/en_us/software/splunk-cloud-platform.html))
+
+        Select the provider type to see provider-specific configurations in the `settings` property:
+      type: string
+      enum:
+        - aws_eventbridge
+        - splunk_cloud_logstreaming
+    LogTarget:
+      type: object
+      properties:
+        alternateId:
+          type: string
+          readOnly: true
+        detailEntry:
+          type: object
+          additionalProperties:
+            type: object
+            properties: {}
+          readOnly: true
+        displayName:
+          type: string
+          readOnly: true
+        id:
+          type: string
+          readOnly: true
+        type:
+          type: string
+          readOnly: true
+    LogTransaction:
+      type: object
+      properties:
+        detail:
+          type: object
+          additionalProperties:
+            type: object
+            properties: {}
+          readOnly: true
+        id:
+          type: string
+          readOnly: true
+        type:
+          type: string
+          readOnly: true
+    LogUserAgent:
+      type: object
+      properties:
+        browser:
+          type: string
+          readOnly: true
+        os:
+          type: string
+          readOnly: true
+        rawUserAgent:
+          type: string
+          readOnly: true
+    MDMEnrollmentPolicyEnrollment:
+      type: string
+      enum:
+        - ANY_OR_NONE
+        - OMM
+    MDMEnrollmentPolicyRuleCondition:
+      type: object
+      properties:
+        blockNonSafeAndroid:
+          type: boolean
+        enrollment:
+          $ref: '#/components/schemas/MDMEnrollmentPolicyEnrollment'
+    MultifactorEnrollmentPolicy:
+      allOf:
+        - $ref: '#/components/schemas/Policy'
+        - type: object
+          properties:
+            conditions:
+              $ref: '#/components/schemas/PolicyRuleConditions'
+            settings:
+              $ref: '#/components/schemas/MultifactorEnrollmentPolicySettings'
+    MultifactorEnrollmentPolicyAuthenticatorSettings:
+      type: object
+      properties:
+        constraints:
+          nullable: true
+          minimum: 0
+          type: object
+          properties:
+            aaguidGroups:
+              type: array
+              items:
+                type: string
+                uniqueItems: true
+          x-okta-lifecycle:
+            features:
+              - WEBAUTHN_MDS_CATALOG_BASED_AAGUID_ALLOWLIST
+        enroll:
+          type: object
+          properties:
+            self:
+              $ref: '#/components/schemas/MultifactorEnrollmentPolicyAuthenticatorStatus'
+        key:
+          $ref: '#/components/schemas/MultifactorEnrollmentPolicyAuthenticatorType'
+    MultifactorEnrollmentPolicyAuthenticatorStatus:
+      type: string
+      enum:
+        - NOT_ALLOWED
+        - OPTIONAL
+        - REQUIRED
+    MultifactorEnrollmentPolicyAuthenticatorType:
+      type: string
+      enum:
+        - custom_app
+        - custom_otp
+        - duo
+        - external_idp
+        - google_otp
+        - okta_email
+        - okta_password
+        - okta_verify
+        - onprem_mfa
+        - phone_number
+        - rsa_token
+        - security_question
+        - symantec_vip
+        - webauthn
+        - yubikey_token
+    MultifactorEnrollmentPolicySettings:
+      type: object
+      properties:
+        authenticators:
+          items:
+            $ref: '#/components/schemas/MultifactorEnrollmentPolicyAuthenticatorSettings'
+          type: array
+        type:
+          $ref: '#/components/schemas/MultifactorEnrollmentPolicySettingsType'
+    MultifactorEnrollmentPolicySettingsType:
+      type: string
+      enum:
+        - AUTHENTICATORS
+    NetworkZone:
+      type: object
+      properties:
+        asns:
+          type: array
+          items:
+            type: string
+          description: Dynamic network zone property. array of strings that represent an ASN numeric value
+          maximum: 75
+        created:
+          type: string
+          format: date-time
+          description: Timestamp when the network zone was created
+          readOnly: true
+        gateways:
+          type: array
+          items:
+            $ref: '#/components/schemas/NetworkZoneAddress'
+          description: |-
+            IP network zone property: the IP addresses (range or CIDR form) of this zone.
+            The maximum array length is 150 entries for admin-created IP zones, 1000 entries for IP blocklist zones, and 5000 entries for the default system IP Zone.
+        id:
+          type: string
+          description: Unique identifier for the network zone
+          readOnly: true
+        lastUpdated:
+          type: string
+          format: date-time
+          description: Timestamp when the network zone was last modified
+          readOnly: true
+        locations:
+          type: array
+          items:
+            $ref: '#/components/schemas/NetworkZoneLocation'
+          description: 'Dynamic network zone property: an array of geolocations of this network zone'
+          maximum: 75
+        name:
+          type: string
+          description: Unique name for this network zone. Maximum of 128 characters.
+        proxies:
+          type: array
+          items:
+            $ref: '#/components/schemas/NetworkZoneAddress'
+          nullable: true
+          description: |-
+            IP network zone property: the IP addresses (range or CIDR form) that are allowed to forward a request from gateway addresses
+            These proxies are automatically trusted by Threat Insights, and used to identify the client IP of a request.
+            The maximum array length is 150 entries for admin-created zones and 5000 entries for the default system IP Zone.
+        proxyType:
+          type: string
+          description: 'Dynamic network zone property: the proxy type used'
+          enum:
+            - 'null'
+            - Any
+            - Tor
+            - NotTorAnonymizer
+          x-enumDescriptions:
+            'null': (Or `""`) No proxy used
+            Any: Use any proxy type for the dynamic zone.
+            Tor: Use TorAnonymizer as the proxy type for the dynamic zone.
+            NotTorAnonymizer: Use NotTorAnonymizer as the proxy type for the dynamic zone.
+        status:
+          $ref: '#/components/schemas/NetworkZoneStatus'
+        system:
+          type: boolean
+          description: |-
+            Indicates if this is a system network zone. For admin-created zones, this is always `false`.
+            The system IP Policy Network Zone (`LegacyIpZone`) is included by default in your Okta org. Notice that `system=true` for the `LegacyIpZone` object. Admin users can modify the name of this default system Zone and can add up to 5000 gateway or proxy IP entries.
+        type:
+          $ref: '#/components/schemas/NetworkZoneType'
+        usage:
+          $ref: '#/components/schemas/NetworkZoneUsage'
+        _links:
+          allOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - properties:
+                deactivate:
+                  $ref: '#/components/schemas/HrefObject'
+    NetworkZoneAddress:
+      description: Specifies the value of an IP address expressed using either `range` or `CIDR` form.
+      type: object
+      properties:
+        type:
+          $ref: '#/components/schemas/NetworkZoneAddressType'
+        value:
+          type: string
+          description: Value in CIDR/range form depending on the type specified
+    NetworkZoneAddressType:
+      description: Format of the value
+      type: string
+      enum:
+        - CIDR
+        - RANGE
+    NetworkZoneLocation:
+      type: object
+      properties:
+        country:
+          type: string
+          description: |-
+            Format of the country value: length 2 [ISO-3166-1](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) country code.
+            Do not use continent codes as they are treated as generic codes for undesignated countries.
+          example: US
+        region:
+          type: string
+          description: |-
+            Format of the region value (optional): region code [ISO-3166-2](https://en.wikipedia.org/wiki/ISO_3166-2) appended to country code (`countryCode-regionCode`), or `null` if empty.
+            Do not use continent codes as they are treated as generic codes for undesignated regions.
+          example: US-CA
+    NetworkZoneStatus:
+      description: Network zone status
+      type: string
+      enum:
+        - ACTIVE
+        - INACTIVE
+    NetworkZoneType:
+      description: The type of network zone
+      type: string
+      enum:
+        - DYNAMIC
+        - IP
+    NetworkZoneUsage:
+      description: The usage of the network zone
+      type: string
+      enum:
+        - BLOCKLIST
+        - POLICY
+    NotificationType:
+      description: The type of notification
+      type: string
+      enum:
+        - AD_AGENT
+        - AGENT_AUTO_UPDATE_NOTIFICATION
+        - APP_IMPORT
+        - CONNECTOR_AGENT
+        - IWA_AGENT
+        - LDAP_AGENT
+        - OKTA_ANNOUNCEMENT
+        - OKTA_ISSUE
+        - OKTA_UPDATE
+        - RATELIMIT_NOTIFICATION
+        - REPORT_SUSPICIOUS_ACTIVITY
+        - USER_DEPROVISION
+        - USER_LOCKED_OUT
+      x-enumDescriptions:
+        AD_AGENT: System notification sent when an AD agent disconnects or reconnects
+        AGENT_AUTO_UPDATE_NOTIFICATION: System notification sent when an agent automatically updates
+        APP_IMPORT: System notification sent with the status of an app user import
+        CONNECTOR_AGENT: System notification sent when an on-premises provisioning or Okta on-prem MFA agent disconnects or reconnects
+        IWA_AGENT: System notification sent when an IGA agent disconnects or reconnects
+        LDAP_AGENT: System notification sent when an LDAP agent disconnects or reconnects
+        OKTA_ANNOUNCEMENT: Okta communication sent for announcements and release notes
+        OKTA_ISSUE: Okta communication sent for trust incident alerts and updates
+        OKTA_UPDATE: Okta communication sent for scheduled system updates
+        RATELIMIT_NOTIFICATION: System notification sent when an org reaches rate limit warning or violation thresholds
+        REPORT_SUSPICIOUS_ACTIVITY: System notification sent when a user reports suspicious activity
+        USER_DEPROVISION: System notification sent when a user is deprovisioned from apps
+        USER_LOCKED_OUT: System notification sent when a user is locked out from logging in to Okta
+    OAuth2Actor:
+      description: User that created the object
+      type: object
+      properties:
+        id:
+          type: string
+          description: User ID
+          example: 00uu3u0ujW1P6AfZC1d7
+          readOnly: true
+        type:
+          type: string
+          description: Type of user
+          example: User
+      readOnly: true
+    OAuth2Claim:
+      type: object
+      properties:
+        alwaysIncludeInToken:
+          type: boolean
+        claimType:
+          $ref: '#/components/schemas/OAuth2ClaimType'
+        conditions:
+          $ref: '#/components/schemas/OAuth2ClaimConditions'
+        group_filter_type:
+          $ref: '#/components/schemas/OAuth2ClaimGroupFilterType'
+        id:
+          type: string
+          readOnly: true
+        name:
+          type: string
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+        system:
+          type: boolean
+        value:
+          type: string
+        valueType:
+          $ref: '#/components/schemas/OAuth2ClaimValueType'
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    OAuth2ClaimConditions:
+      type: object
+      properties:
+        scopes:
+          type: array
+          items:
+            type: string
+    OAuth2ClaimGroupFilterType:
+      type: string
+      enum:
+        - CONTAINS
+        - EQUALS
+        - REGEX
+        - STARTS_WITH
+    OAuth2ClaimType:
+      type: string
+      enum:
+        - IDENTITY
+        - RESOURCE
+    OAuth2ClaimValueType:
+      type: string
+      enum:
+        - EXPRESSION
+        - GROUPS
+        - SYSTEM
+    OAuth2Client:
+      type: object
+      properties:
+        client_id:
+          type: string
+          readOnly: true
+        client_name:
+          type: string
+          readOnly: true
+        client_uri:
+          type: string
+          readOnly: true
+        logo_uri:
+          type: string
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    OAuth2RefreshToken:
+      type: object
+      properties:
+        clientId:
+          type: string
+        created:
+          type: string
+          format: date-time
+          readOnly: true
+        createdBy:
+          $ref: '#/components/schemas/OAuth2Actor'
+        expiresAt:
+          type: string
+          format: date-time
+          readOnly: true
+        id:
+          type: string
+          readOnly: true
+        issuer:
+          type: string
+        lastUpdated:
+          type: string
+          format: date-time
+          readOnly: true
+        scopes:
+          type: array
+          items:
+            type: string
+        status:
+          $ref: '#/components/schemas/GrantOrTokenStatus'
+        userId:
+          type: string
+        _embedded:
+          type: object
+          additionalProperties:
+            type: object
+            properties: {}
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    OAuth2Scope:
+      type: object
+      properties:
+        consent:
+          $ref: '#/components/schemas/OAuth2ScopeConsentType'
+        default:
+          type: boolean
+        description:
+          type: string
+        displayName:
+          type: string
+        id:
+          type: string
+          readOnly: true
+        metadataPublish:
+          $ref: '#/components/schemas/OAuth2ScopeMetadataPublish'
+        name:
+          type: string
+        system:
+          type: boolean
+    OAuth2ScopeConsentGrant:
+      description: Grant object that represents an app consent scope grant
+      type: object
+      properties:
+        clientId:
+          type: string
+          description: Client ID of the app integration
+          example: 0oafxqCAJWWGELFTYASJ
+          readOnly: true
+        created:
+          type: string
+          description: Timestamp when the Grant object was created
+          format: date-time
+          example: '2023-06-28T16:40:10.000Z'
+          readOnly: true
+        createdBy:
+          $ref: '#/components/schemas/OAuth2Actor'
+        id:
+          type: string
+          description: ID of the Grant object
+          example: oagsebt2ltaSlR6t81d6
+          readOnly: true
+        issuer:
+          type: string
+          description: The issuer of your org authorization server. This is typically your Okta domain.
+          example: https://my_test_okta_org.oktapreview.com
+        lastUpdated:
+          type: string
+          description: Timestamp when the Grant object was last updated
+          format: date-time
+          example: '2023-06-28T16:40:10.000Z'
+          readOnly: true
+        scopeId:
+          type: string
+          description: The name of the [Okta scope](https://developer.okta.com/docs/api/oauth2/#oauth-20-scopes) for which consent is granted
+          example: okta.users.read
+        source:
+          $ref: '#/components/schemas/OAuth2ScopeConsentGrantSource'
+        status:
+          $ref: '#/components/schemas/GrantOrTokenStatus'
+        userId:
+          type: string
+          description: User ID that granted consent (if `source` is `END_USER`)
+          readOnly: true
+        _embedded:
+          type: object
+          description: Embedded resources related to the Grant
+          properties:
+            scope:
+              type: object
+              properties:
+                id:
+                  type: string
+                  description: The name of the Okta scope for which consent is granted
+                  example: okta.users.read
+          readOnly: true
+        _links:
+          allOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - type: object
+              properties:
+                app:
+                  description: Link to app
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+                client:
+                  description: Link to client
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+            - readOnly: true
+      required:
+        - issuer
+        - scopeId
+    OAuth2ScopeConsentGrantSource:
+      description: User type source that granted consent
+      example: ADMIN
+      type: string
+      enum:
+        - ADMIN
+        - END_USER
+      readOnly: true
+    OAuth2ScopeConsentType:
+      type: string
+      enum:
+        - ADMIN
+        - IMPLICIT
+        - REQUIRED
+    OAuth2ScopeMetadataPublish:
+      type: string
+      enum:
+        - ALL_CLIENTS
+        - NO_CLIENTS
+    OAuth2ScopesMediationPolicyRuleCondition:
+      type: object
+      properties:
+        include:
+          type: array
+          items:
+            type: string
+    OAuth2Token:
+      type: object
+      properties:
+        clientId:
+          type: string
+        created:
+          type: string
+          format: date-time
+          readOnly: true
+        expiresAt:
+          type: string
+          format: date-time
+          readOnly: true
+        id:
+          type: string
+          readOnly: true
+        issuer:
+          type: string
+        lastUpdated:
+          type: string
+          format: date-time
+          readOnly: true
+        scopes:
+          type: array
+          items:
+            type: string
+        status:
+          $ref: '#/components/schemas/GrantOrTokenStatus'
+        userId:
+          type: string
+        _embedded:
+          type: object
+          additionalProperties:
+            type: object
+            properties: {}
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    OAuthApplicationCredentials:
+      allOf:
+        - $ref: '#/components/schemas/ApplicationCredentials'
+        - type: object
+          properties:
+            oauthClient:
+              $ref: '#/components/schemas/ApplicationCredentialsOAuthClient'
+    OAuthEndpointAuthenticationMethod:
+      type: string
+      enum:
+        - client_secret_basic
+        - client_secret_jwt
+        - client_secret_post
+        - none
+        - private_key_jwt
+    OAuthGrantType:
+      type: string
+      enum:
+        - authorization_code
+        - client_credentials
+        - implicit
+        - interaction_code
+        - password
+        - refresh_token
+        - urn:ietf:params:oauth:grant-type:device_code
+        - urn:ietf:params:oauth:grant-type:jwt-bearer
+        - urn:ietf:params:oauth:grant-type:saml2-bearer
+        - urn:ietf:params:oauth:grant-type:token-exchange
+    OAuthResponseType:
+      type: string
+      enum:
+        - code
+        - id_token
+        - token
+    OSVersion:
+      description: Current version of the operating system
+      type: object
+      properties:
+        minimum:
+          type: string
+    OktaSignOnPolicy:
+      allOf:
+        - $ref: '#/components/schemas/Policy'
+        - type: object
+          properties:
+            conditions:
+              $ref: '#/components/schemas/OktaSignOnPolicyConditions'
+    OktaSignOnPolicyConditions:
+      allOf:
+        - $ref: '#/components/schemas/PolicyRuleConditions'
+        - type: object
+          properties:
+            people:
+              $ref: '#/components/schemas/PolicyPeopleCondition'
+    OktaSignOnPolicyFactorPromptMode:
+      type: string
+      enum:
+        - ALWAYS
+        - DEVICE
+        - SESSION
+    OktaSignOnPolicyRule:
+      allOf:
+        - $ref: '#/components/schemas/PolicyRule'
+        - type: object
+          properties:
+            actions:
+              $ref: '#/components/schemas/OktaSignOnPolicyRuleActions'
+            conditions:
+              $ref: '#/components/schemas/OktaSignOnPolicyRuleConditions'
+    OktaSignOnPolicyRuleActions:
+      allOf:
+        - $ref: '#/components/schemas/PolicyRuleActions'
+        - type: object
+          properties:
+            signon:
+              $ref: '#/components/schemas/OktaSignOnPolicyRuleSignonActions'
+    OktaSignOnPolicyRuleConditions:
+      allOf:
+        - $ref: '#/components/schemas/PolicyRuleConditions'
+        - type: object
+          properties:
+            authContext:
+              $ref: '#/components/schemas/PolicyRuleAuthContextCondition'
+            network:
+              $ref: '#/components/schemas/PolicyNetworkCondition'
+            people:
+              $ref: '#/components/schemas/PolicyPeopleCondition'
+    OktaSignOnPolicyRuleSignonActions:
+      type: object
+      properties:
+        access:
+          $ref: '#/components/schemas/PolicyAccess'
+        factorLifetime:
+          type: integer
+        factorPromptMode:
+          $ref: '#/components/schemas/OktaSignOnPolicyFactorPromptMode'
+        rememberDeviceByDefault:
+          type: boolean
+          default: false
+        requireFactor:
+          type: boolean
+          default: false
+        session:
+          $ref: '#/components/schemas/OktaSignOnPolicyRuleSignonSessionActions'
+    OktaSignOnPolicyRuleSignonSessionActions:
+      type: object
+      properties:
+        maxSessionIdleMinutes:
+          type: integer
+        maxSessionLifetimeMinutes:
+          type: integer
+        usePersistentCookie:
+          type: boolean
+          default: false
+    OpenIdConnectApplication:
+      x-okta-defined-as:
+        name: oidc_client
+      allOf:
+        - $ref: '#/components/schemas/Application'
+        - type: object
+          properties:
+            credentials:
+              $ref: '#/components/schemas/OAuthApplicationCredentials'
+            name:
+              type: string
+              default: oidc_client
+            settings:
+              $ref: '#/components/schemas/OpenIdConnectApplicationSettings'
+    OpenIdConnectApplicationConsentMethod:
+      type: string
+      enum:
+        - REQUIRED
+        - TRUSTED
+    OpenIdConnectApplicationIdpInitiatedLogin:
+      type: object
+      properties:
+        default_scope:
+          type: array
+          items:
+            type: string
+        mode:
+          type: string
+    OpenIdConnectApplicationIssuerMode:
+      type: string
+      enum:
+        - CUSTOM_URL
+        - DYNAMIC
+        - ORG_URL
+    OpenIdConnectApplicationSettings:
+      allOf:
+        - $ref: '#/components/schemas/ApplicationSettings'
+        - type: object
+          properties:
+            oauthClient:
+              $ref: '#/components/schemas/OpenIdConnectApplicationSettingsClient'
+    OpenIdConnectApplicationSettingsClient:
+      type: object
+      properties:
+        application_type:
+          $ref: '#/components/schemas/OpenIdConnectApplicationType'
+        client_uri:
+          type: string
+        consent_method:
+          $ref: '#/components/schemas/OpenIdConnectApplicationConsentMethod'
+        dpop_bound_access_tokens:
+          type: boolean
+          description: Indicates that the client application uses Demonstrating Proof-of-Possession (DPoP) for token requests. If `true`, the authorization server rejects token requests from this client that don't contain the DPoP header.
+          default: false
+          x-okta-lifecycle:
+            features:
+              - OAUTH2_DPOP
+        frontchannel_logout_session_required:
+          description: Include user session details.
+          type: boolean
+        frontchannel_logout_uri:
+          description: URL where Okta sends the logout request.
+          type: string
+        grant_types:
+          type: array
+          items:
+            $ref: '#/components/schemas/OAuthGrantType'
+        idp_initiated_login:
+          $ref: '#/components/schemas/OpenIdConnectApplicationIdpInitiatedLogin'
+        initiate_login_uri:
+          type: string
+        issuer_mode:
+          $ref: '#/components/schemas/OpenIdConnectApplicationIssuerMode'
+        jwks:
+          $ref: '#/components/schemas/OpenIdConnectApplicationSettingsClientKeys'
+        jwks_uri:
+          description: URL string that references a JSON Web Key Set for validating JWTs presented to Okta.
+          type: string
+        logo_uri:
+          type: string
+        participate_slo:
+          description: Allows the app to participate in front-channel single logout.
+          type: boolean
+        policy_uri:
+          type: string
+        post_logout_redirect_uris:
+          type: array
+          items:
+            type: string
+        redirect_uris:
+          type: array
+          items:
+            type: string
+        refresh_token:
+          $ref: '#/components/schemas/OpenIdConnectApplicationSettingsRefreshToken'
+        response_types:
+          type: array
+          items:
+            $ref: '#/components/schemas/OAuthResponseType'
+        tos_uri:
+          type: string
+        wildcard_redirect:
+          type: string
+    OpenIdConnectApplicationSettingsClientKeys:
+      type: object
+      properties:
+        keys:
+          type: array
+          items:
+            $ref: '#/components/schemas/JsonWebKey'
+    OpenIdConnectApplicationSettingsRefreshToken:
+      type: object
+      properties:
+        leeway:
+          type: integer
+        rotation_type:
+          $ref: '#/components/schemas/OpenIdConnectRefreshTokenRotationType'
+    OpenIdConnectApplicationType:
+      type: string
+      enum:
+        - browser
+        - native
+        - service
+        - web
+    OpenIdConnectRefreshTokenRotationType:
+      type: string
+      enum:
+        - ROTATE
+        - STATIC
+    OperationalStatus:
+      description: Operational status of a given agent
+      type: string
+      enum:
+        - DEGRADED
+        - DISRUPTED
+        - INACTIVE
+        - OPERATIONAL
+    OrgCAPTCHASettings:
+      title: OrgCAPTCHASettings
+      description: ''
+      type: object
+      properties:
+        captchaId:
+          description: The unique key of the associated CAPTCHA instance
+          type: string
+        enabledPages:
+          description: An array of pages that have CAPTCHA enabled
+          type: array
+          items:
+            $ref: '#/components/schemas/enabledPagesType'
+        _links:
+          type: object
+          description: Link relations for the CAPTCHA settings object
+          properties:
+            self:
+              $ref: '#/components/schemas/HrefObject'
+          readOnly: true
+    OrgContactType:
+      type: string
+      enum:
+        - BILLING
+        - TECHNICAL
+    OrgContactTypeObj:
+      type: object
+      properties:
+        contactType:
+          $ref: '#/components/schemas/OrgContactType'
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    OrgContactUser:
+      type: object
+      properties:
+        userId:
+          type: string
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    OrgOktaCommunicationSetting:
+      type: object
+      properties:
+        optOutEmailUsers:
+          type: boolean
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    OrgOktaSupportSetting:
+      type: string
+      enum:
+        - DISABLED
+        - ENABLED
+    OrgOktaSupportSettingsObj:
+      type: object
+      properties:
+        expiration:
+          format: date-time
+          type: string
+          readOnly: true
+        support:
+          $ref: '#/components/schemas/OrgOktaSupportSetting'
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    OrgPreferences:
+      type: object
+      properties:
+        showEndUserFooter:
+          type: boolean
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    OrgSetting:
+      type: object
+      properties:
+        address1:
+          type: string
+        address2:
+          type: string
+        city:
+          type: string
+        companyName:
+          type: string
+        country:
+          type: string
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        endUserSupportHelpURL:
+          type: string
+        expiresAt:
+          format: date-time
+          readOnly: true
+          type: string
+        id:
+          readOnly: true
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        phoneNumber:
+          type: string
+        postalCode:
+          type: string
+        state:
+          type: string
+        status:
+          readOnly: true
+          type: string
+        subdomain:
+          readOnly: true
+          type: string
+        supportPhoneNumber:
+          type: string
+        website:
+          type: string
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    OtpProtocol:
+      type: string
+      enum:
+        - SYMANTEC
+        - TOTP
+        - YUBICO
+    OtpTotpAlgorithm:
+      description: HMAC algorithm
+      type: string
+      enum:
+        - HMacSHA1
+        - HMacSHA256
+        - HMacSHA512
+    OtpTotpEncoding:
+      type: string
+      enum:
+        - base32
+        - base64
+        - hexadecimal
+    PageRoot:
+      type: object
+      properties:
+        _embedded:
+          type: object
+          properties:
+            default:
+              $ref: '#/components/schemas/CustomizablePage'
+            customized:
+              $ref: '#/components/schemas/CustomizablePage'
+            customizedUrl:
+              type: string
+              format: uri
+            preview:
+              $ref: '#/components/schemas/CustomizablePage'
+            previewUrl:
+              type: string
+              format: uri
+          readOnly: true
+        _links:
+          allOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - properties:
+                default:
+                  $ref: '#/components/schemas/HrefObject'
+                customized:
+                  $ref: '#/components/schemas/HrefObject'
+                preview:
+                  $ref: '#/components/schemas/HrefObject'
+    PasswordCredential:
+      type: object
+      properties:
+        hash:
+          $ref: '#/components/schemas/PasswordCredentialHash'
+        hook:
+          $ref: '#/components/schemas/PasswordCredentialHook'
+        value:
+          type: string
+          format: password
+    PasswordCredentialHash:
+      type: object
+      properties:
+        algorithm:
+          $ref: '#/components/schemas/PasswordCredentialHashAlgorithm'
+        digestAlgorithm:
+          $ref: '#/components/schemas/DigestAlgorithm'
+        iterationCount:
+          type: integer
+        keySize:
+          type: integer
+        salt:
+          type: string
+        saltOrder:
+          type: string
+        value:
+          type: string
+        workFactor:
+          type: integer
+    PasswordCredentialHashAlgorithm:
+      type: string
+      enum:
+        - BCRYPT
+        - MD5
+        - PBKDF2
+        - SHA-1
+        - SHA-256
+        - SHA-512
+    PasswordCredentialHook:
+      type: object
+      properties:
+        type:
+          type: string
+    PasswordDictionary:
+      type: object
+      properties:
+        common:
+          $ref: '#/components/schemas/PasswordDictionaryCommon'
+    PasswordDictionaryCommon:
+      type: object
+      properties:
+        exclude:
+          type: boolean
+          default: false
+    PasswordExpirationPolicyRuleCondition:
+      type: object
+      properties:
+        number:
+          type: integer
+        unit:
+          type: string
+    PasswordPolicy:
+      allOf:
+        - $ref: '#/components/schemas/Policy'
+        - type: object
+          properties:
+            conditions:
+              $ref: '#/components/schemas/PasswordPolicyConditions'
+            settings:
+              $ref: '#/components/schemas/PasswordPolicySettings'
+    PasswordPolicyAuthenticationProviderCondition:
+      type: object
+      properties:
+        include:
+          type: array
+          items:
+            type: string
+        provider:
+          $ref: '#/components/schemas/PasswordPolicyAuthenticationProviderType'
+    PasswordPolicyAuthenticationProviderType:
+      type: string
+      enum:
+        - ACTIVE_DIRECTORY
+        - ANY
+        - LDAP
+        - OKTA
+    PasswordPolicyConditions:
+      allOf:
+        - $ref: '#/components/schemas/PolicyRuleConditions'
+        - type: object
+          properties:
+            authProvider:
+              $ref: '#/components/schemas/PasswordPolicyAuthenticationProviderCondition'
+            people:
+              $ref: '#/components/schemas/PolicyPeopleCondition'
+    PasswordPolicyDelegationSettings:
+      type: object
+      properties:
+        options:
+          $ref: '#/components/schemas/PasswordPolicyDelegationSettingsOptions'
+    PasswordPolicyDelegationSettingsOptions:
+      type: object
+      properties:
+        skipUnlock:
+          type: boolean
+    PasswordPolicyPasswordSettings:
+      type: object
+      properties:
+        age:
+          $ref: '#/components/schemas/PasswordPolicyPasswordSettingsAge'
+        complexity:
+          $ref: '#/components/schemas/PasswordPolicyPasswordSettingsComplexity'
+        lockout:
+          $ref: '#/components/schemas/PasswordPolicyPasswordSettingsLockout'
+    PasswordPolicyPasswordSettingsAge:
+      type: object
+      properties:
+        expireWarnDays:
+          type: integer
+        historyCount:
+          type: integer
+        maxAgeDays:
+          type: integer
+        minAgeMinutes:
+          type: integer
+    PasswordPolicyPasswordSettingsComplexity:
+      type: object
+      properties:
+        dictionary:
+          $ref: '#/components/schemas/PasswordDictionary'
+        excludeAttributes:
+          type: array
+          items:
+            type: string
+        excludeUsername:
+          type: boolean
+          default: true
+        minLength:
+          type: integer
+        minLowerCase:
+          type: integer
+        minNumber:
+          type: integer
+        minSymbol:
+          type: integer
+        minUpperCase:
+          type: integer
+    PasswordPolicyPasswordSettingsLockout:
+      type: object
+      properties:
+        autoUnlockMinutes:
+          type: integer
+        maxAttempts:
+          type: integer
+        showLockoutFailures:
+          type: boolean
+        userLockoutNotificationChannels:
+          type: array
+          items:
+            type: string
+    PasswordPolicyRecoveryEmail:
+      type: object
+      properties:
+        properties:
+          $ref: '#/components/schemas/PasswordPolicyRecoveryEmailProperties'
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+    PasswordPolicyRecoveryEmailProperties:
+      type: object
+      properties:
+        recoveryToken:
+          $ref: '#/components/schemas/PasswordPolicyRecoveryEmailRecoveryToken'
+    PasswordPolicyRecoveryEmailRecoveryToken:
+      type: object
+      properties:
+        tokenLifetimeMinutes:
+          type: integer
+    PasswordPolicyRecoveryFactorSettings:
+      type: object
+      properties:
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+    PasswordPolicyRecoveryFactors:
+      type: object
+      properties:
+        okta_call:
+          $ref: '#/components/schemas/PasswordPolicyRecoveryFactorSettings'
+        okta_email:
+          $ref: '#/components/schemas/PasswordPolicyRecoveryEmail'
+        okta_sms:
+          $ref: '#/components/schemas/PasswordPolicyRecoveryFactorSettings'
+        recovery_question:
+          $ref: '#/components/schemas/PasswordPolicyRecoveryQuestion'
+    PasswordPolicyRecoveryQuestion:
+      type: object
+      properties:
+        properties:
+          $ref: '#/components/schemas/PasswordPolicyRecoveryQuestionProperties'
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+    PasswordPolicyRecoveryQuestionComplexity:
+      type: object
+      properties:
+        minLength:
+          type: integer
+          readOnly: true
+    PasswordPolicyRecoveryQuestionProperties:
+      type: object
+      properties:
+        complexity:
+          $ref: '#/components/schemas/PasswordPolicyRecoveryQuestionComplexity'
+    PasswordPolicyRecoverySettings:
+      type: object
+      properties:
+        factors:
+          $ref: '#/components/schemas/PasswordPolicyRecoveryFactors'
+    PasswordPolicyRule:
+      allOf:
+        - $ref: '#/components/schemas/PolicyRule'
+        - type: object
+          properties:
+            actions:
+              $ref: '#/components/schemas/PasswordPolicyRuleActions'
+            conditions:
+              $ref: '#/components/schemas/PasswordPolicyRuleConditions'
+    PasswordPolicyRuleAction:
+      type: object
+      properties:
+        access:
+          $ref: '#/components/schemas/PolicyAccess'
+    PasswordPolicyRuleActions:
+      allOf:
+        - $ref: '#/components/schemas/PolicyRuleActions'
+        - type: object
+          properties:
+            passwordChange:
+              $ref: '#/components/schemas/PasswordPolicyRuleAction'
+            selfServicePasswordReset:
+              $ref: '#/components/schemas/SelfServicePasswordResetAction'
+            selfServiceUnlock:
+              $ref: '#/components/schemas/PasswordPolicyRuleAction'
+    PasswordPolicyRuleConditions:
+      allOf:
+        - $ref: '#/components/schemas/PolicyRuleConditions'
+        - type: object
+          properties:
+            network:
+              $ref: '#/components/schemas/PolicyNetworkCondition'
+            people:
+              $ref: '#/components/schemas/PolicyPeopleCondition'
+    PasswordPolicySettings:
+      type: object
+      properties:
+        delegation:
+          $ref: '#/components/schemas/PasswordPolicyDelegationSettings'
+        password:
+          $ref: '#/components/schemas/PasswordPolicyPasswordSettings'
+        recovery:
+          $ref: '#/components/schemas/PasswordPolicyRecoverySettings'
+    PasswordProtectionWarningTrigger:
+      description: Indicates whether the Password Protection Warning feature is enabled
+      example: PHISHING_REUSE
+      type: string
+      enum:
+        - PASSWORD_PROTECTION_OFF
+        - PASSWORD_REUSE
+        - PHISHING_REUSE
+      x-enumDescriptions:
+        PASSWORD_PROTECTION_OFF: Password protection warning is off
+        PASSWORD_REUSE: Password protection warning is triggered by password reuse
+        PHISHING_REUSE: Password protection warning is triggered by password reuse on a phishing page
+    PasswordSettingObject:
+      description: Determines whether Okta creates and pushes a password in the application for each assigned user
+      type: object
+      properties:
+        change:
+          $ref: '#/components/schemas/ChangeEnum'
+        seed:
+          $ref: '#/components/schemas/SeedEnum'
+        status:
+          allOf:
+            - $ref: '#/components/schemas/EnabledStatus'
+            - default: DISABLED
+            - example: ENABLED
+    PerClientRateLimitMode:
+      type: string
+      enum:
+        - DISABLE
+        - ENFORCE
+        - PREVIEW
+    PerClientRateLimitSettings:
+      title: PerClientRateLimitSettings
+      description: ''
+      type: object
+      properties:
+        defaultMode:
+          $ref: '#/components/schemas/PerClientRateLimitMode'
+          description: The default PerClientRateLimitMode that applies to any use case in the absence of a more specific override
+        useCaseModeOverrides:
+          description: A map of Per-Client Rate Limit Use Case to the applicable PerClientRateLimitMode. Overrides the `defaultMode` property for the specified use cases.
+          type: object
+          properties:
+            LOGIN_PAGE:
+              $ref: '#/components/schemas/PerClientRateLimitMode'
+            OAUTH2_AUTHORIZE:
+              $ref: '#/components/schemas/PerClientRateLimitMode'
+            OIE_APP_INTENT:
+              $ref: '#/components/schemas/PerClientRateLimitMode'
+      required:
+        - defaultMode
+    Permission:
+      type: object
+      properties:
+        conditions:
+          $ref: '#/components/schemas/PermissionConditions'
+        created:
+          type: string
+          format: date-time
+          description: Timestamp when the role was created
+          readOnly: true
+        label:
+          type: string
+          description: The permission type
+          readOnly: true
+        lastUpdated:
+          type: string
+          format: date-time
+          description: Timestamp when the role was last updated
+          readOnly: true
+        _links:
+          allOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - properties:
+                role:
+                  $ref: '#/components/schemas/HrefObject'
+    PermissionConditions:
+      x-okta-lifecycle:
+        features:
+          - CUSTOM_ADMIN_ROLES_CONDITIONS
+      description: Conditions for further restricting a permission
+      nullable: true
+      type: object
+    Permissions:
+      type: object
+      properties:
+        permissions:
+          type: array
+          items:
+            $ref: '#/components/schemas/Permission'
+    PipelineType:
+      description: The authentication pipeline of the org. `idx` means the org is using the Identity Engine, while `v1` means the org is using the Classic authentication pipeline.
+      type: string
+      enum:
+        - idx
+        - v1
+    Platform:
+      type: string
+      enum:
+        - ANDROID
+        - CHROMEOS
+        - IOS
+        - MACOS
+        - WINDOWS
+    PlatformConditionEvaluatorPlatform:
+      type: object
+      properties:
+        os:
+          $ref: '#/components/schemas/PlatformConditionEvaluatorPlatformOperatingSystem'
+        type:
+          $ref: '#/components/schemas/PolicyPlatformType'
+    PlatformConditionEvaluatorPlatformOperatingSystem:
+      type: object
+      properties:
+        expression:
+          type: string
+        type:
+          $ref: '#/components/schemas/PolicyPlatformOperatingSystemType'
+        version:
+          $ref: '#/components/schemas/PlatformConditionEvaluatorPlatformOperatingSystemVersion'
+    PlatformConditionEvaluatorPlatformOperatingSystemVersion:
+      type: object
+      properties:
+        matchType:
+          $ref: '#/components/schemas/PlatformConditionOperatingSystemVersionMatchType'
+        value:
+          type: string
+    PlatformConditionOperatingSystemVersionMatchType:
+      type: string
+      enum:
+        - EXPRESSION
+        - SEMVER
+    PlatformPolicyRuleCondition:
+      type: object
+      properties:
+        exclude:
+          type: array
+          items:
+            $ref: '#/components/schemas/PlatformConditionEvaluatorPlatform'
+        include:
+          type: array
+          items:
+            $ref: '#/components/schemas/PlatformConditionEvaluatorPlatform'
+    Policy:
+      type: object
+      properties:
+        created:
+          description: Timestamp when the Policy was created
+          type: string
+          format: date-time
+          readOnly: true
+        description:
+          description: Policy description
+          type: string
+        id:
+          description: Policy ID
+          type: string
+          readOnly: true
+        lastUpdated:
+          description: Timestamp when the Policy was last updated
+          type: string
+          format: date-time
+          readOnly: true
+        name:
+          description: Policy name
+          type: string
+        priority:
+          description: Specifies the order in which this Policy is evaluated in relation to the other policies
+          type: integer
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+        system:
+          description: Specifies whether Okta created the Policy
+          type: boolean
+        type:
+          $ref: '#/components/schemas/PolicyType'
+        _embedded:
+          type: object
+          additionalProperties:
+            type: object
+            properties: {}
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/PolicyLinks'
+      discriminator:
+        propertyName: type
+        mapping:
+          ACCESS_POLICY: '#/components/schemas/AccessPolicy'
+          IDP_DISCOVERY: '#/components/schemas/IdpDiscoveryPolicy'
+          MFA_ENROLL: '#/components/schemas/MultifactorEnrollmentPolicy'
+          OKTA_SIGN_ON: '#/components/schemas/OktaSignOnPolicy'
+          PASSWORD: '#/components/schemas/PasswordPolicy'
+          PROFILE_ENROLLMENT: '#/components/schemas/ProfileEnrollmentPolicy'
+    PolicyLinks:
+      type: object
+      properties:
+        self:
+          $ref: '#/components/schemas/HrefObjectSelfLink'
+        activate:
+          $ref: '#/components/schemas/HrefObjectActivateLink'
+        deactivate:
+          $ref: '#/components/schemas/HrefObjectDeactivateLink'
+        rules:
+          $ref: '#/components/schemas/HrefObjectRulesLink'
+        mappings:
+          $ref: '#/components/schemas/HrefObjectMappingsLink'
+    PolicyAccess:
+      type: string
+      enum:
+        - ALLOW
+        - DENY
+    PolicyAccountLink:
+      type: object
+      properties:
+        action:
+          $ref: '#/components/schemas/PolicyAccountLinkAction'
+        filter:
+          $ref: '#/components/schemas/PolicyAccountLinkFilter'
+    PolicyAccountLinkAction:
+      type: string
+      enum:
+        - AUTO
+        - DISABLED
+    PolicyAccountLinkFilter:
+      type: object
+      properties:
+        groups:
+          $ref: '#/components/schemas/PolicyAccountLinkFilterGroups'
+    PolicyAccountLinkFilterGroups:
+      type: object
+      properties:
+        include:
+          type: array
+          items:
+            type: string
+    PolicyContext:
+      type: object
+      properties:
+        user:
+          type: object
+          description: The user ID for the simulate operation. Only user IDs or Group IDs are allowed, not both.
+          properties:
+            id:
+              type: string
+              description: The unique ID number for the user.
+          required:
+            -  id
+        groups:
+          type: object
+          description: An array of Group IDs for the simulate operation. Only user IDs or Group IDs are allowed, not both.
+          properties:
+            ids:
+              type: array
+              items:
+                type: string
+                uniqueItems: true
+          required:
+            -  ids
+        risk:
+          type: object
+          description: The risk rule condition level
+          properties:
+            level:
+              type: string
+              enum:
+                - LOW
+                - MEDIUM
+                - HIGH
+        ip:
+          type: string
+          description: The network rule condition, zone, or IP address
+        zones:
+          type: object
+          properties:
+            ids:
+              type: array
+              items:
+                type: string
+        device:
+          type: object
+          properties:
+            platform:
+              type: string
+              description: The platform of the device, for example, IOS.
+            registered:
+              type: boolean
+              description: If the device is registered
+            managed:
+              type: boolean
+              description: If the device is managed
+      required:
+        - user
+        - groups
+    PolicyMapping:
+      type: object
+      properties:
+        id:
+          type: string
+        _links:
+          allOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - properties:
+                application:
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+                    - description: Link to the mapped application
+                authenticator:
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+                    - description: Link to the mapped authenticator
+                policy:
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+                    - description: Link to the mapped policy
+    PolicyMappingRequest:
+      type: object
+      properties:
+        resourceId:
+          type: string
+        resourceType:
+          $ref: '#/components/schemas/PolicyMappingResourceType'
+    PolicyMappingResourceType:
+      type: string
+      enum:
+        - APP
+    PolicyNetworkCondition:
+      type: object
+      properties:
+        connection:
+          $ref: '#/components/schemas/PolicyNetworkConnection'
+        exclude:
+          type: array
+          items:
+            type: string
+        include:
+          type: array
+          items:
+            type: string
+    PolicyNetworkConnection:
+      type: string
+      enum:
+        - ANYWHERE
+        - ZONE
+    PolicyPeopleCondition:
+      type: object
+      properties:
+        groups:
+          $ref: '#/components/schemas/GroupCondition'
+        users:
+          $ref: '#/components/schemas/UserCondition'
+    PolicyPlatformOperatingSystemType:
+      type: string
+      enum:
+        - ANDROID
+        - ANY
+        - IOS
+        - OSX
+        - OTHER
+        - WINDOWS
+    PolicyPlatformType:
+      type: string
+      enum:
+        - ANY
+        - DESKTOP
+        - MOBILE
+        - OTHER
+    PolicyRule:
+      type: object
+      properties:
+        created:
+          type: string
+          description: Timestamp when the rule was created
+          format: date-time
+          readOnly: true
+          nullable: true
+        id:
+          type: string
+          description: Identifier for the rule
+        lastUpdated:
+          type: string
+          description: Timestamp when the rule was last modified
+          format: date-time
+          readOnly: true
+          nullable: true
+        name:
+          type: string
+          description: Name of the rule
+        priority:
+          type: integer
+          description: Priority of the rule
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+        system:
+          type: boolean
+          description: Specifies whether Okta created the Policy Rule (`system=true`). You can't delete Policy Rules that have `system` set to `true`.
+          default: false
+        type:
+          $ref: '#/components/schemas/PolicyRuleType'
+      discriminator:
+        propertyName: type
+        mapping:
+          ACCESS_POLICY: '#/components/schemas/AccessPolicyRule'
+          PASSWORD: '#/components/schemas/PasswordPolicyRule'
+          PROFILE_ENROLLMENT: '#/components/schemas/ProfileEnrollmentPolicyRule'
+          RESOURCE_ACCESS: '#/components/schemas/AuthorizationServerPolicyRule'
+          SIGN_ON: '#/components/schemas/OktaSignOnPolicyRule'
+          IDP_DISCOVERY: '#/components/schemas/IdpDiscoveryPolicyRule'
+    PolicyRuleActions:
+      type: object
+    PolicyRuleActionsEnroll:
+      type: object
+      properties:
+        self:
+          $ref: '#/components/schemas/PolicyRuleActionsEnrollSelf'
+    PolicyRuleActionsEnrollSelf:
+      type: string
+      enum:
+        - CHALLENGE
+        - LOGIN
+        - NEVER
+    PolicyRuleAuthContextCondition:
+      type: object
+      properties:
+        authType:
+          $ref: '#/components/schemas/PolicyRuleAuthContextType'
+    PolicyRuleAuthContextType:
+      type: string
+      enum:
+        - ANY
+        - RADIUS
+    PolicyRuleConditions:
+      type: object
+      properties:
+        app:
+          $ref: '#/components/schemas/AppAndInstancePolicyRuleCondition'
+        apps:
+          $ref: '#/components/schemas/AppInstancePolicyRuleCondition'
+        authContext:
+          $ref: '#/components/schemas/PolicyRuleAuthContextCondition'
+        authProvider:
+          $ref: '#/components/schemas/PasswordPolicyAuthenticationProviderCondition'
+        beforeScheduledAction:
+          $ref: '#/components/schemas/BeforeScheduledActionPolicyRuleCondition'
+        clients:
+          $ref: '#/components/schemas/ClientPolicyCondition'
+        context:
+          $ref: '#/components/schemas/ContextPolicyRuleCondition'
+        device:
+          $ref: '#/components/schemas/DevicePolicyRuleCondition'
+        grantTypes:
+          $ref: '#/components/schemas/GrantTypePolicyRuleCondition'
+        groups:
+          $ref: '#/components/schemas/GroupPolicyRuleCondition'
+        identityProvider:
+          $ref: '#/components/schemas/IdentityProviderPolicyRuleCondition'
+        mdmEnrollment:
+          $ref: '#/components/schemas/MDMEnrollmentPolicyRuleCondition'
+        network:
+          $ref: '#/components/schemas/PolicyNetworkCondition'
+        people:
+          $ref: '#/components/schemas/PolicyPeopleCondition'
+        platform:
+          $ref: '#/components/schemas/PlatformPolicyRuleCondition'
+        risk:
+          $ref: '#/components/schemas/RiskPolicyRuleCondition'
+        riskScore:
+          $ref: '#/components/schemas/RiskScorePolicyRuleCondition'
+        scopes:
+          $ref: '#/components/schemas/OAuth2ScopesMediationPolicyRuleCondition'
+        userIdentifier:
+          $ref: '#/components/schemas/UserIdentifierPolicyRuleCondition'
+        users:
+          $ref: '#/components/schemas/UserPolicyRuleCondition'
+        userStatus:
+          $ref: '#/components/schemas/UserStatusPolicyRuleCondition'
+    PolicyRuleType:
+      type: string
+      enum:
+        - ACCESS_POLICY
+        - IDP_DISCOVERY
+        - MFA_ENROLL
+        - PASSWORD
+        - PROFILE_ENROLLMENT
+        - RESOURCE_ACCESS
+        - SIGN_ON
+    PolicySubject:
+      type: object
+      properties:
+        filter:
+          type: string
+        format:
+          type: array
+          items:
+            type: string
+        matchAttribute:
+          type: string
+        matchType:
+          $ref: '#/components/schemas/PolicySubjectMatchType'
+        userNameTemplate:
+          $ref: '#/components/schemas/PolicyUserNameTemplate'
+    PolicySubjectMatchType:
+      type: string
+      enum:
+        - CUSTOM_ATTRIBUTE
+        - EMAIL
+        - USERNAME
+        - USERNAME_OR_EMAIL
+    PolicyType:
+      type: string
+      enum:
+        - ACCESS_POLICY
+        - IDP_DISCOVERY
+        - MFA_ENROLL
+        - OKTA_SIGN_ON
+        - PASSWORD
+        - PROFILE_ENROLLMENT
+    PolicyUserNameTemplate:
+      type: object
+      properties:
+        template:
+          type: string
+    PolicyUserStatus:
+      type: string
+      enum:
+        - ACTIVATING
+        - ACTIVE
+        - DELETED
+        - DELETING
+        - EXPIRED_PASSWORD
+        - INACTIVE
+        - PENDING
+        - SUSPENDED
+    PossessionConstraint:
+      allOf:
+        - $ref: '#/components/schemas/AccessPolicyConstraint'
+        - type: object
+          properties:
+            deviceBound:
+              type: string
+              description: Indicates if device-bound Factors are required. This property is only set for `POSSESSION` constraints.
+              enum:
+                - OPTIONAL
+                - REQUIRED
+              default: OPTIONAL
+            hardwareProtection:
+              type: string
+              description: Indicates if any secrets or private keys used during authentication must be hardware protected and not exportable. This property is only set for `POSSESSION` constraints.
+              enum:
+                - OPTIONAL
+                - REQUIRED
+              default: OPTIONAL
+            phishingResistant:
+              type: string
+              description: Indicates if phishing-resistant Factors are required. This property is only set for `POSSESSION` constraints.
+              enum:
+                - OPTIONAL
+                - REQUIRED
+              default: OPTIONAL
+            userPresence:
+              type: string
+              description: Indicates if the user needs to approve an Okta Verify prompt or provide biometrics (meets NIST AAL2 requirements). This property is only set for `POSSESSION` constraints.
+              enum:
+                - OPTIONAL
+                - REQUIRED
+              default: REQUIRED
+            userVerification:
+              type: string
+              description: Indicates the user interaction requirement (PIN or biometrics) to ensure verification of a possession factor
+              enum:
+                - OPTIONAL
+                - REQUIRED
+              default: OPTIONAL
+    PreRegistrationInlineHook:
+      type: object
+      properties:
+        inlineHookId:
+          type: string
+    PrincipalRateLimitEntity:
+      title: PrincipalRateLimitEntity
+      description: ''
+      type: object
+      properties:
+        createdBy:
+          type: string
+          readOnly: true
+        createdDate:
+          type: string
+          format: date-time
+          readOnly: true
+        defaultConcurrencyPercentage:
+          type: integer
+          readOnly: true
+        defaultPercentage:
+          type: integer
+          readOnly: true
+        id:
+          type: string
+          readOnly: true
+        lastUpdate:
+          type: string
+          format: date-time
+          readOnly: true
+        lastUpdatedBy:
+          type: string
+          readOnly: true
+        orgId:
+          type: string
+          readOnly: true
+        principalId:
+          type: string
+        principalType:
+          $ref: '#/components/schemas/PrincipalType'
+      required:
+        - principalId
+        - principalType
+    PrincipalType:
+      type: string
+      enum:
+        - SSWS_TOKEN
+    ProfileEnrollmentPolicy:
+      allOf:
+        - $ref: '#/components/schemas/Policy'
+        - type: object
+          properties:
+            conditions:
+              $ref: '#/components/schemas/PolicyRuleConditions'
+    ProfileEnrollmentPolicyRule:
+      allOf:
+        - $ref: '#/components/schemas/PolicyRule'
+        - type: object
+          properties:
+            actions:
+              $ref: '#/components/schemas/ProfileEnrollmentPolicyRuleActions'
+            conditions:
+              $ref: '#/components/schemas/PolicyRuleConditions'
+    ProfileEnrollmentPolicyRuleAction:
+      type: object
+      properties:
+        access:
+          type: string
+        activationRequirements:
+          $ref: '#/components/schemas/ProfileEnrollmentPolicyRuleActivationRequirement'
+        preRegistrationInlineHooks:
+          items:
+            $ref: '#/components/schemas/PreRegistrationInlineHook'
+          type: array
+        profileAttributes:
+          items:
+            $ref: '#/components/schemas/ProfileEnrollmentPolicyRuleProfileAttribute'
+          type: array
+        targetGroupIds:
+          items:
+            type: string
+          type: array
+        unknownUserAction:
+          type: string
+          enum:
+            - DENY
+            - REGISTER
+        progressiveProfilingAction:
+          type: string
+          enum:
+            - ENABLED
+            - DISABLED
+    ProfileEnrollmentPolicyRuleActions:
+      allOf:
+        - $ref: '#/components/schemas/PolicyRuleActions'
+        - type: object
+          properties:
+            profileEnrollment:
+              $ref: '#/components/schemas/ProfileEnrollmentPolicyRuleAction'
+    ProfileEnrollmentPolicyRuleActivationRequirement:
+      type: object
+      properties:
+        emailVerification:
+          type: boolean          
+    ProfileEnrollmentPolicyRuleProfileAttribute:
+      type: object
+      properties:
+        label:
+          type: string
+        name:
+          type: string
+        required:
+          type: boolean
+    IdpDiscoveryPolicyRule:
+      allOf:
+        - $ref: '#/components/schemas/PolicyRule'
+        - type: object
+          properties:
+            actions:
+              $ref: '#/components/schemas/IdpPolicyRuleAction'
+            conditions:
+              $ref: '#/components/schemas/IdpDiscoveryPolicyRuleCondition'
+    IdpDiscoveryPolicyRuleCondition:
+      allOf:
+        - type: object
+          properties:
+            app:
+              $ref: '#/components/schemas/AppAndInstancePolicyRuleCondition'
+            network:
+              $ref: '#/components/schemas/PolicyNetworkCondition'
+            userIdentifier:
+              $ref: '#/components/schemas/UserIdentifierPolicyRuleCondition'
+            platform:
+              $ref: '#/components/schemas/PlatformPolicyRuleCondition'          
+    ProfileMapping:
+      description: |-
+        The Profile Mapping object describes a mapping between an Okta User's and an App User's properties using [JSON Schema Draft 4](https://datatracker.ietf.org/doc/html/draft-zyp-json-schema-04).
+
+        > **Note:** Same type source/target mappings aren't supported by this API. Profile mappings must either be Okta->App or App->Okta.
+      type: object
+      properties:
+        id:
+          type: string
+          description: Unique identifier for a profile mapping
+          readOnly: true
+        properties:
+          type: object
+          additionalProperties:
+            $ref: '#/components/schemas/ProfileMappingProperty'
+          readOnly: false
+        source:
+          type: object
+          $ref: '#/components/schemas/ProfileMappingSource'
+        target:
+          type: object
+          $ref: '#/components/schemas/ProfileMappingTarget'
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    ProfileMappingProperty:
+      description: A target property, in string form, that maps to a valid [JSON Schema Draft](https://tools.ietf.org/html/draft-zyp-json-schema-04) document.
+      type: object
+      properties:
+        expression:
+          description: Combination or single source properties that are mapped to the target property
+          type: string
+        pushStatus:
+          $ref: '#/components/schemas/ProfileMappingPropertyPushStatus'
+    ProfileMappingPropertyPushStatus:
+      description: |-
+        Indicates whether to update target properties for user create and update or just for user create.
+
+        Having a pushStatus of `PUSH` causes properties in the target to be updated on create and update. Having a pushStatus of `DONT_PUSH` causes properties in the target to be updated only on create.
+      type: string
+      enum:
+        - DONT_PUSH
+        - PUSH
+    ProfileMappingRequest:
+      description: The updated request body properties
+      type: object
+      properties:
+        properties:
+          type: object
+          additionalProperties:
+            $ref: '#/components/schemas/ProfileMappingProperty'
+      required:
+        - properties
+        - additionalProperties
+        - expression
+        - pushStatus
+    ProfileMappingSource:
+      description: |-
+        The parameter is the source of a profile mapping and is a valid [JSON Schema Draft 4](https://datatracker.ietf.org/doc/html/draft-zyp-json-schema-04) document with the following properties. The data type can be an app instance or an Okta object.
+
+        > **Note:** If the source is Okta and the UserTypes feature isn't enabled, then the source `_links` only has a link to the schema.
+      type: object
+      properties:
+        id:
+          type: string
+          description: Unique identifier for the application instance or userType
+          readOnly: true
+        name:
+          type: string
+          description: Variable name of the application instance or name of the referenced UserType
+          readOnly: true
+        type:
+          type: string
+          description: Type of user referenced in the mapping
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/SourceLinks'
+    ProfileMappingTarget:
+      description: |-
+        The parameter is the target of a profile mapping and is a valid [JSON Schema Draft 4](https://datatracker.ietf.org/doc/html/draft-zyp-json-schema-04) document with the following properties. The data type can be an app instance or an Okta object.
+
+         > **Note:** If the target is Okta and the UserTypes feature isn't enabled, then the target `_links` only has a link to the schema.
+      type: object
+      properties:
+        id:
+          type: string
+          description: Unique identifier for the application instance or UserType
+          readOnly: true
+        name:
+          type: string
+          description: Variable name of the application instance or name of the referenced userType
+          readOnly: true
+        type:
+          type: string
+          description: Type of user referenced in the mapping
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/SourceLinks'
+    ProfileSettingObject:
+      description: |
+        This setting determines whether a user in the application gets updated when they're updated in Okta.
+
+        If enabled, Okta updates a user's attributes in the application when the application is assigned.
+        Future changes made to the Okta user's profile automatically overwrite the corresponding attribute value in the application.
+      type: object
+      properties:
+        status:
+          allOf:
+            - $ref: '#/components/schemas/EnabledStatus'
+            - example: DISABLED
+            - default: DISABLED
+    Protocol:
+      type: object
+      properties:
+        algorithms:
+          $ref: '#/components/schemas/ProtocolAlgorithms'
+        credentials:
+          $ref: '#/components/schemas/IdentityProviderCredentials'
+        endpoints:
+          $ref: '#/components/schemas/ProtocolEndpoints'
+        issuer:
+          $ref: '#/components/schemas/ProtocolEndpoint'
+        relayState:
+          $ref: '#/components/schemas/ProtocolRelayState'
+        scopes:
+          type: array
+          items:
+            type: string
+        settings:
+          $ref: '#/components/schemas/ProtocolSettings'
+        type:
+          $ref: '#/components/schemas/ProtocolType'
+    ProtocolAlgorithmType:
+      type: object
+      properties:
+        signature:
+          $ref: '#/components/schemas/ProtocolAlgorithmTypeSignature'
+    ProtocolAlgorithmTypeSignature:
+      type: object
+      properties:
+        algorithm:
+          type: string
+        scope:
+          $ref: '#/components/schemas/ProtocolAlgorithmTypeSignatureScope'
+    ProtocolAlgorithmTypeSignatureScope:
+      type: string
+      enum:
+        - ANY
+        - NONE
+        - REQUEST
+        - RESPONSE
+        - TOKEN
+    ProtocolAlgorithms:
+      type: object
+      properties:
+        request:
+          $ref: '#/components/schemas/ProtocolAlgorithmType'
+        response:
+          $ref: '#/components/schemas/ProtocolAlgorithmType'
+    ProtocolEndpoint:
+      type: object
+      properties:
+        binding:
+          $ref: '#/components/schemas/ProtocolEndpointBinding'
+        destination:
+          type: string
+        type:
+          $ref: '#/components/schemas/ProtocolEndpointType'
+        url:
+          type: string
+    ProtocolEndpointBinding:
+      type: string
+      enum:
+        - HTTP-POST
+        - HTTP-REDIRECT
+    ProtocolEndpointType:
+      type: string
+      enum:
+        - INSTANCE
+        - ORG
+    ProtocolEndpoints:
+      type: object
+      properties:
+        acs:
+          $ref: '#/components/schemas/ProtocolEndpoint'
+        authorization:
+          $ref: '#/components/schemas/ProtocolEndpoint'
+        jwks:
+          $ref: '#/components/schemas/ProtocolEndpoint'
+        metadata:
+          $ref: '#/components/schemas/ProtocolEndpoint'
+        slo:
+          $ref: '#/components/schemas/ProtocolEndpoint'
+        sso:
+          $ref: '#/components/schemas/ProtocolEndpoint'
+        token:
+          $ref: '#/components/schemas/ProtocolEndpoint'
+        userInfo:
+          $ref: '#/components/schemas/ProtocolEndpoint'
+    ProtocolRelayState:
+      type: object
+      properties:
+        format:
+          $ref: '#/components/schemas/ProtocolRelayStateFormat'
+    ProtocolRelayStateFormat:
+      type: string
+      enum:
+        - FROM_URL
+        - OPAQUE
+    ProtocolSettings:
+      type: object
+      properties:
+        nameFormat:
+          type: string
+    ProtocolType:
+      type: string
+      enum:
+        - MTLS
+        - OAUTH2
+        - OIDC
+        - SAML2
+    ProviderType:
+      type: string
+      enum:
+        - APNS
+        - FCM
+    Provisioning:
+      type: object
+      properties:
+        action:
+          $ref: '#/components/schemas/ProvisioningAction'
+        conditions:
+          $ref: '#/components/schemas/ProvisioningConditions'
+        groups:
+          $ref: '#/components/schemas/ProvisioningGroups'
+        profileMaster:
+          type: boolean
+    ProvisioningAction:
+      type: string
+      enum:
+        - AUTO
+        - CALLOUT
+        - DISABLED
+    ProvisioningConditions:
+      type: object
+      properties:
+        deprovisioned:
+          $ref: '#/components/schemas/ProvisioningDeprovisionedCondition'
+        suspended:
+          $ref: '#/components/schemas/ProvisioningSuspendedCondition'
+    ProvisioningConnection:
+      type: object
+      properties:
+        authScheme:
+          $ref: '#/components/schemas/ProvisioningConnectionAuthScheme'
+        profile:
+          $ref: '#/components/schemas/ProvisioningConnectionProfile'
+        status:
+          $ref: '#/components/schemas/ProvisioningConnectionStatus'
+        _links:
+          $ref: '#/components/schemas/LinksSelfAndLifecycle'
+      required:
+        - authScheme
+        - status
+    ProvisioningConnectionAuthScheme:
+      description: Defines the method of authentication
+      type: string
+      enum:
+        - OAUTH2
+        - TOKEN
+        - UNKNOWN
+      x-enumDescriptions:
+        TOKEN: A token is used to authenticate with the app.
+        OAUTH2: OAuth 2.0 is used to authenticate with the app.
+        UNKNOWN: The authentication scheme used by the app isn't supported, or the app doesn't support provisioning.
+    ProvisioningConnectionProfile:
+      description: |
+        The profile used to configure the connection method of authentication and the credentials.
+        Currently, token-based and OAuth 2.0-based authentication are supported.
+      type: object
+      properties:
+        authScheme:
+          $ref: '#/components/schemas/ProvisioningConnectionAuthScheme'
+      discriminator:
+        propertyName: authScheme
+        mapping:
+          TOKEN: '#/components/schemas/ProvisioningConnectionProfileToken'
+          OAUTH2: '#/components/schemas/ProvisioningConnectionProfileOauth'
+          UNKNOWN: '#/components/schemas/ProvisioningConnectionProfileUnknown'
+    ProvisioningConnectionProfileOauth:
+      description: |
+        The app provisioning connection profile used to configure the method of authentication and the credentials.
+        Currently, token-based and OAuth 2.0-based authentication are supported.
+      allOf:
+        - $ref: '#/components/schemas/ProvisioningConnectionProfile'
+        - type: object
+          properties:
+            clientId:
+              type: string
+              description: Unique client identifier for the OAuth 2.0 service app from the target org
+          required:
+            - authScheme
+            - clientId
+    ProvisioningConnectionProfileToken:
+      description: |
+        The app provisioning connection profile used to configure the method of authentication and the credentials.
+        Currently, token-based and OAuth 2.0-based authentication are supported.
+      allOf:
+        - $ref: '#/components/schemas/ProvisioningConnectionProfile'
+        - type: object
+          properties:
+            token:
+              type: string
+              description: Token used to authenticate with the app
+          required:
+            - authScheme
+            - token
+    ProvisioningConnectionProfileUnknown:
+      description: Unknown provisioning connection
+      allOf:
+        - $ref: '#/components/schemas/ProvisioningConnectionProfile'
+        - type: object
+    ProvisioningConnectionRequest:
+      type: object
+      properties:
+        profile:
+          $ref: '#/components/schemas/ProvisioningConnectionProfile'
+      required:
+        - profile
+    ProvisioningConnectionStatus:
+      description: Provisioning connection status
+      default: DISABLED
+      type: string
+      enum:
+        - DISABLED
+        - ENABLED
+        - UNKNOWN
+      x-enumDescriptions:
+        DISABLED: The provisioning connection is disabled.
+        ENABLED: The provisioning connection is enabled.
+        UNKNOWN: Provisioning isn't supported by the app, or the authentication method is unknown.
+    ProvisioningDeprovisionedAction:
+      type: string
+      enum:
+        - NONE
+        - REACTIVATE
+    ProvisioningDeprovisionedCondition:
+      type: object
+      properties:
+        action:
+          $ref: '#/components/schemas/ProvisioningDeprovisionedAction'
+    ProvisioningGroups:
+      type: object
+      properties:
+        action:
+          $ref: '#/components/schemas/ProvisioningGroupsAction'
+        assignments:
+          type: array
+          items:
+            type: string
+        filter:
+          type: array
+          items:
+            type: string
+        sourceAttributeName:
+          type: string
+    ProvisioningGroupsAction:
+      type: string
+      enum:
+        - APPEND
+        - ASSIGN
+        - NONE
+        - SYNC
+    ProvisioningSuspendedAction:
+      type: string
+      enum:
+        - NONE
+        - UNSUSPEND
+    ProvisioningSuspendedCondition:
+      type: object
+      properties:
+        action:
+          $ref: '#/components/schemas/ProvisioningSuspendedAction'
+    PushMethodKeyProtection:
+      type: string
+      enum:
+        - ANY
+        - HARDWARE
+    PushProvider:
+      title: PushProvider
+      type: object
+      properties:
+        id:
+          type: string
+          readOnly: true
+        lastUpdatedDate:
+          type: string
+          readOnly: true
+        name:
+          type: string
+          description: Display name of the push provider
+        providerType:
+          $ref: '#/components/schemas/ProviderType'
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+      discriminator:
+        propertyName: providerType
+        mapping:
+          APNS: '#/components/schemas/APNSPushProvider'
+          FCM: '#/components/schemas/FCMPushProvider'
+    PushUserFactor:
+      allOf:
+        - $ref: '#/components/schemas/UserFactor'
+        - type: object
+          properties:
+            expiresAt:
+              type: string
+              format: date-time
+            factorResult:
+              $ref: '#/components/schemas/FactorResultType'
+            profile:
+              $ref: '#/components/schemas/PushUserFactorProfile'
+    PushUserFactorProfile:
+      type: object
+      properties:
+        credentialId:
+          type: string
+        deviceToken:
+          type: string
+        deviceType:
+          type: string
+        name:
+          type: string
+        platform:
+          type: string
+        version:
+          type: string
+    RateLimitAdminNotifications:
+      title: RateLimitAdminNotifications
+      description: ''
+      type: object
+      properties:
+        notificationsEnabled:
+          type: boolean
+      required:
+        - notificationsEnabled
+    RateLimitWarningThresholdRequest:
+      title: RateLimitWarningThreshold
+      description: ''
+      type: object
+      properties:
+        warningThreshold:
+          description: The threshold value (percentage) of a rate limit that, when exceeded, triggers a warning notification. By default, this value is 90 for Workforce orgs and 60 for CIAM orgs.
+          type: integer
+          minimum: 30
+          maximum: 90
+      required:
+        - warningThreshold
+    RateLimitWarningThresholdResponse:
+      title: RateLimitWarningThreshold
+      description: ''
+      type: object
+      properties:
+        warningThreshold:
+          description: The threshold value (percentage) of a rate limit that, when exceeded, triggers a warning notification. By default, this value is 90 for Workforce orgs and 60 for CIAM orgs.
+          type: integer
+          minimum: 30
+          maximum: 90
+    Realm:
+      type: object
+      properties:
+        created:
+          type: string
+          format: date-time
+          description: Timestamp when the Realm was created
+          readOnly: true
+        id:
+          type: string
+          description: Unique key for the Realm
+          readOnly: true
+        isDefault:
+          type: boolean
+          description: Conveys whether the Realm is the default
+          readOnly: true
+        lastUpdated:
+          type: string
+          format: date-time
+          description: Timestamp when the Realm was last updated
+          readOnly: true
+        profile:
+          $ref: '#/components/schemas/RealmProfile'
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    RealmProfile:
+      type: object
+      properties:
+        name:
+          type: string
+          description: Name of a Realm
+    RecoveryQuestionCredential:
+      type: object
+      properties:
+        answer:
+          type: string
+        question:
+          type: string
+    ReleaseChannel:
+      description: Release channel for auto-update
+      type: string
+      enum:
+        - BETA
+        - EA
+        - GA
+        - TEST
+    RequiredEnum:
+      type: string
+      enum:
+        - ALWAYS
+        - HIGH_RISK_ONLY
+        - NEVER
+    ResetPasswordToken:
+      type: object
+      properties:
+        resetPasswordUrl:
+          type: string
+          readOnly: true
+    ResourceSet:
+      type: object
+      properties:
+        created:
+          type: string
+          format: date-time
+          description: Timestamp when the role was created
+          readOnly: true
+        description:
+          type: string
+          description: Description of the Resource Set
+        id:
+          type: string
+          description: Unique key for the role
+          readOnly: true
+        label:
+          type: string
+          description: Unique label for the Resource Set
+        lastUpdated:
+          type: string
+          format: date-time
+          description: Timestamp when the role was last updated
+          readOnly: true
+        _links:
+          allOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - properties:
+                resources:
+                  $ref: '#/components/schemas/HrefObject'
+                bindings:
+                  $ref: '#/components/schemas/HrefObject'
+    ResourceSetBindingAddMembersRequest:
+      type: object
+      properties:
+        additions:
+          type: array
+          items:
+            type: string
+    ResourceSetBindingCreateRequest:
+      type: object
+      properties:
+        members:
+          type: array
+          items:
+            type: string
+        role:
+          type: string
+          description: Unique key for the role
+    ResourceSetBindingMember:
+      type: object
+      properties:
+        created:
+          type: string
+          format: date-time
+          description: Timestamp when the role was created
+          readOnly: true
+        id:
+          type: string
+          description: Unique key for the role
+          readOnly: true
+        lastUpdated:
+          type: string
+          format: date-time
+          description: Timestamp when the role was last updated
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    ResourceSetBindingMembers:
+      type: object
+      properties:
+        members:
+          type: array
+          items:
+            $ref: '#/components/schemas/ResourceSetBindingMember'
+        _links:
+          allOf:
+            - $ref: '#/components/schemas/LinksNext'
+            - properties:
+                binding:
+                  $ref: '#/components/schemas/HrefObject'
+    ResourceSetBindingResponse:
+      type: object
+      properties:
+        id:
+          type: string
+          description: '`id` of the role'
+        _links:
+          allOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - properties:
+                bindings:
+                  $ref: '#/components/schemas/HrefObject'
+                resource-set:
+                  $ref: '#/components/schemas/HrefObject'
+    ResourceSetBindingRole:
+      type: object
+      properties:
+        id:
+          type: string
+        _links:
+          allOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - properties:
+                members:
+                  $ref: '#/components/schemas/HrefObject'
+    ResourceSetBindings:
+      type: object
+      properties:
+        roles:
+          type: array
+          items:
+            $ref: '#/components/schemas/ResourceSetBindingRole'
+        _links:
+          allOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - properties:
+                bindings:
+                  $ref: '#/components/schemas/HrefObject'
+                resource-set:
+                  $ref: '#/components/schemas/HrefObject'
+    ResourceSetResource:
+      type: object
+      properties:
+        created:
+          type: string
+          format: date-time
+          description: Timestamp when the role was created
+          readOnly: true
+        description:
+          type: string
+          description: Description of the Resource Set
+        id:
+          type: string
+          description: Unique key for the role
+          readOnly: true
+        lastUpdated:
+          type: string
+          format: date-time
+          description: Timestamp when the role was last updated
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    ResourceSetResourcePatchRequest:
+      type: object
+      properties:
+        additions:
+          type: array
+          items:
+            type: string
+    ResourceSetResources:
+      type: object
+      properties:
+        resources:
+          type: array
+          items:
+            $ref: '#/components/schemas/ResourceSetResource'
+        _links:
+          allOf:
+            - $ref: '#/components/schemas/LinksNext'
+            - properties:
+                resource-set:
+                  $ref: '#/components/schemas/HrefObject'
+    ResourceSets:
+      type: object
+      properties:
+        resource-sets:
+          type: array
+          items:
+            $ref: '#/components/schemas/ResourceSet'
+        _links:
+          $ref: '#/components/schemas/LinksNext'
+    ResponseLinks:
+      type: object
+    RiskEvent:
+      type: object
+      properties:
+        expiresAt:
+          type: string
+          format: date-time
+          description: 'Timestamp at which the event expires (expressed as a UTC time zone using ISO 8601 format: yyyy-MM-dd`T`HH:mm:ss.SSS`Z`). If this optional field is not included, Okta automatically expires the event 24 hours after the event is consumed.'
+        subjects:
+          type: array
+          description: List of Risk Event Subjects
+          items:
+            $ref: '#/components/schemas/RiskEventSubject'
+        timestamp:
+          type: string
+          format: date-time
+          description: 'Timestamp of when the event is produced (expressed as a UTC time zone using ISO 8601 format: yyyy-MM-dd`T`HH:mm:ss.SSS`Z`)'
+      required:
+        - subjects
+    RiskEventSubject:
+      type: object
+      properties:
+        ip:
+          type: string
+          description: The risk event subject IP address (either an IPv4 or IPv6 address)
+        message:
+          type: string
+          description: Additional reasons for the risk level of the IP
+          maxLength: 512
+          pattern: ^[a-zA-Z0-9 .\-_]*$
+        riskLevel:
+          $ref: '#/components/schemas/RiskEventSubjectRiskLevel'
+      required:
+        - ip
+        - riskLevel
+    RiskEventSubjectRiskLevel:
+      description: The risk level associated with the IP
+      type: string
+      enum:
+        - HIGH
+        - LOW
+        - MEDIUM
+    RiskPolicyRuleCondition:
+      type: object
+      properties:
+        behaviors:
+          uniqueItems: true
+          type: array
+          items:
+            type: string
+    RiskProvider:
+      type: object
+      properties:
+        action:
+          $ref: '#/components/schemas/RiskProviderAction'
+        clientId:
+          type: string
+          description: The ID of the [OAuth service app](https://developer.okta.com/docs/guides/implement-oauth-for-okta-serviceapp/main/#create-a-service-app-and-grant-scopes) that is used to send risk events to Okta
+          example: 00cjkjjkkgjkdkjdkkljjsd
+        created:
+          type: string
+          format: date-time
+          description: Timestamp when the Risk Provider object was created
+          readOnly: true
+          example: '2021-01-05 22:18:30'
+        id:
+          type: string
+          description: The ID of the Risk Provider object
+          readOnly: true
+          example: 00rp12r4skkjkjgsn
+        lastUpdated:
+          type: string
+          format: date-time
+          description: Timestamp when the Risk Provider object was last updated
+          readOnly: true
+          example: '2021-01-05 22:18:30'
+        name:
+          type: string
+          description: Name of the risk provider
+          maxLength: 50
+          example: Risk-Partner-X
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+      required:
+        - name
+        - clientId
+        - action
+        - id
+        - _links
+    RiskProviderAction:
+      description: Action taken by Okta during authentication attempts based on the risk events sent by this provider
+      default: log_only
+      type: string
+      enum:
+        - enforce_and_log
+        - log_only
+        - none
+      x-enumDescriptions:
+        log_only: Include risk event information in the System Log
+        none: No action
+        enforce_and_log: Use risk event information to evaluate risks during authentication attempts and include risk event information in the System Log
+    RiskScorePolicyRuleCondition:
+      type: object
+      properties:
+        level:
+          type: string
+    Role:
+      type: object
+      properties:
+        assignmentType:
+          $ref: '#/components/schemas/RoleAssignmentType'
+        created:
+          type: string
+          format: date-time
+          readOnly: true
+        description:
+          type: string
+        id:
+          type: string
+          readOnly: true
+        label:
+          type: string
+          readOnly: true
+        lastUpdated:
+          type: string
+          format: date-time
+          readOnly: true
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+        type:
+          $ref: '#/components/schemas/RoleType'
+        _embedded:
+          type: object
+          additionalProperties:
+            type: object
+            properties: {}
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    RoleAssignedUser:
+      type: object
+      properties:
+        id:
+          type: string
+          readOnly: true
+        orn:
+          type: string
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/LinksSelfAndRoles'
+    RoleAssignedUsers:
+      type: object
+      properties:
+        value:
+          type: array
+          items:
+            $ref: '#/components/schemas/RoleAssignedUser'
+        _links:
+          $ref: '#/components/schemas/LinksNext'
+    RoleAssignmentType:
+      type: string
+      enum:
+        - GROUP
+        - USER
+    RolePermissionType:
+      type: string
+      enum:
+        - okta.apps.assignment.manage
+        - okta.apps.manage
+        - okta.apps.manageFirstPartyApps
+        - okta.apps.read
+        - okta.authzServers.manage
+        - okta.authzServers.read
+        - okta.customizations.manage
+        - okta.customizations.read
+        - okta.governance.accessCertifications.manage
+        - okta.governance.accessRequests.manage
+        - okta.groups.appAssignment.manage
+        - okta.groups.create
+        - okta.groups.manage
+        - okta.groups.members.manage
+        - okta.groups.read
+        - okta.identityProviders.manage
+        - okta.identityProviders.read
+        - okta.profilesources.import.run
+        - okta.users.appAssignment.manage
+        - okta.users.create
+        - okta.users.credentials.expirePassword
+        - okta.users.credentials.manage
+        - okta.users.credentials.resetFactors
+        - okta.users.credentials.resetPassword
+        - okta.users.groupMembership.manage
+        - okta.users.lifecycle.activate
+        - okta.users.lifecycle.clearSessions
+        - okta.users.lifecycle.deactivate
+        - okta.users.lifecycle.delete
+        - okta.users.lifecycle.manage
+        - okta.users.lifecycle.suspend
+        - okta.users.lifecycle.unlock
+        - okta.users.lifecycle.unsuspend
+        - okta.users.manage
+        - okta.users.read
+        - okta.users.userprofile.manage
+    RoleType:
+      type: string
+      enum:
+        - API_ACCESS_MANAGEMENT_ADMIN
+        - API_ADMIN
+        - APP_ADMIN
+        - CUSTOM
+        - GROUP_MEMBERSHIP_ADMIN
+        - HELP_DESK_ADMIN
+        - MOBILE_ADMIN
+        - ORG_ADMIN
+        - READ_ONLY_ADMIN
+        - REPORT_ADMIN
+        - SUPER_ADMIN
+        - USER_ADMIN
+      x-enumDescriptions:
+        - API_ACCESS_MANAGEMENT_ADMIN: Access Management Administrator
+        - API_ADMIN: Access Management Administrator
+        - APP_ADMIN: Application Administrator
+        - CUSTOM: Custom Label specified by the client
+        - GROUP_MEMBERSHIP_ADMIN: Group Membership Administrator
+        - HELP_DESK_ADMIN: Help Desk Administrator
+        - MOBILE_ADMIN: Mobile Administrator
+        - ORG_ADMIN: Organizational Administrator
+        - READ_ONLY_ADMIN: Read-Only Administrator
+        - REPORT_ADMIN: Report Administrator
+        - SUPER_ADMIN: Super Administrator
+        - USER_ADMIN: Group Administrator
+    SafeBrowsingProtectionLevel:
+      description: Represents the current value of the Safe Browsing protection level
+      example: ENHANCED_PROTECTION
+      type: string
+      enum:
+        - ENHANCED_PROTECTION
+        - NO_SAFE_BROWSING
+        - STANDARD_PROTECTION
+      x-enumDescriptions:
+        NO_SAFE_BROWSING: Safe Browsing is never active
+        STANDARD_PROTECTION: Safe Browsing is active in the standard mode
+        ENHANCED_PROTECTION: Safe Browsing is active in the enhanced mode
+    SamlApplication:
+      allOf:
+        - $ref: '#/components/schemas/Application'
+        - type: object
+          properties:
+            credentials:
+              $ref: '#/components/schemas/ApplicationCredentials'
+            name:
+              type: string
+            settings:
+              $ref: '#/components/schemas/SamlApplicationSettings'
+    SamlApplicationSettings:
+      allOf:
+        - $ref: '#/components/schemas/ApplicationSettings'
+        - type: object
+          properties:
+            app:
+              $ref: '#/components/schemas/SamlApplicationSettingsApplication'
+            signOn:
+              $ref: '#/components/schemas/SamlApplicationSettingsSignOn'
+    SamlApplicationSettingsApplication:
+      type: object
+      additionalProperties: true
+      properties:
+        acsUrl:
+          type: string
+        audRestriction:
+          type: string
+        baseUrl:
+          type: string
+    SamlApplicationSettingsSignOn:
+      type: object
+      properties:
+        acsEndpoints:
+          type: array
+          items:
+            $ref: '#/components/schemas/AcsEndpoint'
+        allowMultipleAcsEndpoints:
+          type: boolean
+        assertionSigned:
+          type: boolean
+        attributeStatements:
+          type: array
+          items:
+            $ref: '#/components/schemas/SamlAttributeStatement'
+        audience:
+          type: string
+        audienceOverride:
+          type: string
+        authnContextClassRef:
+          type: string
+        configuredAttributeStatements:
+          type: array
+          items:
+            $ref: '#/components/schemas/SamlAttributeStatement'
+        defaultRelayState:
+          type: string
+        destination:
+          type: string
+        destinationOverride:
+          type: string
+        digestAlgorithm:
+          type: string
+        honorForceAuthn:
+          type: boolean
+        idpIssuer:
+          type: string
+        inlineHooks:
+          items:
+            $ref: '#/components/schemas/SignOnInlineHook'
+          type: array
+        participateSlo:
+          $ref: '#/components/schemas/SloParticipate'
+        recipient:
+          type: string
+        recipientOverride:
+          type: string
+        requestCompressed:
+          type: boolean
+        responseSigned:
+          type: boolean
+        signatureAlgorithm:
+          type: string
+        slo:
+          $ref: '#/components/schemas/SingleLogout'
+        spCertificate:
+          $ref: '#/components/schemas/SpCertificate'
+        spIssuer:
+          type: string
+        ssoAcsUrl:
+          type: string
+        ssoAcsUrlOverride:
+          type: string
+        subjectNameIdFormat:
+          type: string
+        subjectNameIdTemplate:
+          type: string
+    SamlAttributeStatement:
+      type: object
+      properties:
+        filterType:
+          type: string
+        filterValue:
+          type: string
+        name:
+          type: string
+        namespace:
+          type: string
+        type:
+          type: string
+        values:
+          type: array
+          items:
+            type: string
+    ScheduledUserLifecycleAction:
+      type: object
+      properties:
+        status:
+          $ref: '#/components/schemas/PolicyUserStatus'
+    SchemeApplicationCredentials:
+      allOf:
+        - $ref: '#/components/schemas/ApplicationCredentials'
+        - type: object
+          properties:
+            password:
+              $ref: '#/components/schemas/PasswordCredential'
+            revealPassword:
+              type: boolean
+            scheme:
+              $ref: '#/components/schemas/ApplicationCredentialsScheme'
+            signing:
+              $ref: '#/components/schemas/ApplicationCredentialsSigning'
+            userName:
+              type: string
+    ScreenLockType:
+      type: string
+      enum:
+        - BIOMETRIC
+        - PASSCODE
+    SecurePasswordStoreApplication:
+      x-okta-defined-as:
+        name: template_sps
+      allOf:
+        - $ref: '#/components/schemas/Application'
+        - type: object
+          properties:
+            credentials:
+              $ref: '#/components/schemas/SchemeApplicationCredentials'
+            name:
+              type: string
+              default: template_sps
+            settings:
+              $ref: '#/components/schemas/SecurePasswordStoreApplicationSettings'
+    SecurePasswordStoreApplicationSettings:
+      allOf:
+        - $ref: '#/components/schemas/ApplicationSettings'
+        - type: object
+          properties:
+            app:
+              $ref: '#/components/schemas/SecurePasswordStoreApplicationSettingsApplication'
+    SecurePasswordStoreApplicationSettingsApplication:
+      type: object
+      properties:
+        optionalField1:
+          type: string
+        optionalField1Value:
+          type: string
+        optionalField2:
+          type: string
+        optionalField2Value:
+          type: string
+        optionalField3:
+          type: string
+        optionalField3Value:
+          type: string
+        passwordField:
+          type: string
+        url:
+          type: string
+        usernameField:
+          type: string
+    SecurityQuestion:
+      type: object
+      properties:
+        answer:
+          type: string
+        question:
+          type: string
+        questionText:
+          type: string
+    SecurityQuestionUserFactor:
+      allOf:
+        - $ref: '#/components/schemas/UserFactor'
+        - type: object
+          properties:
+            profile:
+              $ref: '#/components/schemas/SecurityQuestionUserFactorProfile'
+    SecurityQuestionUserFactorProfile:
+      type: object
+      properties:
+        answer:
+          type: string
+        question:
+          type: string
+        questionText:
+          type: string
+    SeedEnum:
+      description: Determines whether the generated password is the user's Okta password or a randomly generated password
+      default: RANDOM
+      example: OKTA
+      type: string
+      enum:
+        - OKTA
+        - RANDOM
+    SelfServicePasswordResetAction:
+      allOf:
+        - $ref: '#/components/schemas/PasswordPolicyRuleAction'
+        - type: object
+        - description: Enables or disables users to reset their own password and defines the authenticators and constraints needed to complete the reset
+          properties:
+            type:
+              type: string
+              readOnly: true
+              description: The type of rule action
+              enum:
+                - selfServicePasswordReset
+            requirement:
+              $ref: '#/components/schemas/SsprRequirement'
+    Session:
+      type: object
+      properties:
+        amr:
+          type: array
+          readOnly: true
+          description: Authentication method reference
+          items:
+            $ref: '#/components/schemas/SessionAuthenticationMethod'
+        createdAt:
+          type: string
+          format: date-time
+          readOnly: true
+        expiresAt:
+          type: string
+          format: date-time
+          readOnly: true
+          description: A timestamp when the Session expires
+        id:
+          type: string
+          readOnly: true
+          description: A unique key for the Session
+        idp:
+          $ref: '#/components/schemas/SessionIdentityProvider'
+        lastFactorVerification:
+          type: string
+          format: date-time
+          readOnly: true
+          description: A timestamp when the user last performed multifactor authentication
+        lastPasswordVerification:
+          type: string
+          format: date-time
+          readOnly: true
+          description: A timestamp when the user last performed the primary or step-up authentication with a password
+        login:
+          type: string
+          readOnly: true
+          description: A unique identifier for the user (username)
+        status:
+          $ref: '#/components/schemas/SessionStatus'
+          description: Current Session status
+        userId:
+          type: string
+          readOnly: true
+          description: A unique key for the user
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    SessionAuthenticationMethod:
+      type: string
+      enum:
+        - fpt
+        - geo
+        - hwk
+        - kba
+        - mca
+        - mfa
+        - otp
+        - pwd
+        - sc
+        - sms
+        - swk
+        - tel
+      x-enumDescriptions:
+        pwd: Password authentication. **Inline hook value:** `PASSWORD` **Example:** Standard password-based sign-in
+        swk: Proof-of-possession (PoP) of a software key. **Inline hook value:** `POP_SOFTWARE_KEY` **Example:** Okta Verify with Push
+        hwk: Proof-of-possession (PoP) of a hardware key. **Inline hook value:** `POP_HARDWARE_KEY` **Example:** Yubikey factor
+        opt: One-time password. **Inline hook value:** `ONE_TIME_PASSWORD`. **Example:** Okta Verify, Google Authenticator
+        sms: SMS text message to the user at a registered number. **Inline hook value:** `SMS_MESSAGE`. **Example:** SMS factor
+        tel: Telephone call to the user at a registered number. **Inline hook value:** `TELEPHONE_CALL`. **Example:** Phone call factor
+        geo: Use of geo-location information. **Inline hook value:** `GEOLOCATION`. **Example:** IP Trust and Network Zone policy conditions
+        fpt: Fingerprint biometric authentication. **Inline hook value:** `BIO_FINGERPRINT`. **Example:** Okta Verify with Touch ID
+        kba: Knowledge-based authentication. **Inline hook value:** `KNOWLEDGE_BASED_AUTHENTICATION`. **Example:** Security Question factor
+        mfa: Multifactor authentication. **Inline hook value:** `MULTIFACTOR_AUTHENTICATION`. **Example:** This value is present whenever any MFA factor verification is performed.
+        mca: Multiple-channel authentication. **Inline hook value:** `MULTIPLE_CHANNEL_AUTHENTICATION`. **Example:** Authentication requires communication over more than one channel, such as Internet and mobile network
+        sc: Smart card authentication. **Inline hook value:** `SMART_CARD. **Example:** User authenticated using a smart card, such as a Personal Identity Verification (PIV) card or Common Access Card (CAC)
+    SessionIdentityProvider:
+      type: object
+      properties:
+        id:
+          type: string
+          readOnly: true
+          description: Identity Provider ID. If the `type` is `OKTA`, then the `id` is the org ID.
+        type:
+          $ref: '#/components/schemas/SessionIdentityProviderType'
+    SessionIdentityProviderType:
+      type: string
+      enum:
+        - ACTIVE_DIRECTORY
+        - FEDERATION
+        - LDAP
+        - OKTA
+        - SOCIAL
+    SessionStatus:
+      type: string
+      enum:
+        - ACTIVE
+        - MFA_ENROLL
+        - MFA_REQUIRED
+      x-enumDescriptions:
+        ACTIVE: The Session is established and fully validated.
+        MFA_REQUIRED: The Session is established, but requires second factor verification.
+        MFA_ENROLL: The Session is established, but the user needs to enroll a second factor.
+    ShowSignInWithOV:
+      type: string
+      enum:
+        - ALWAYS
+        - NEVER
+    SignInPage:
+      allOf:
+        - $ref: '#/components/schemas/CustomizablePage'
+        - type: object
+          properties:
+            contentSecurityPolicySetting:
+              $ref: '#/components/schemas/ContentSecurityPolicySetting'
+            widgetCustomizations:
+              type: object
+              properties:
+                signInLabel:
+                  type: string
+                usernameLabel:
+                  type: string
+                usernameInfoTip:
+                  type: string
+                passwordLabel:
+                  type: string
+                passwordInfoTip:
+                  type: string
+                showPasswordVisibilityToggle:
+                  type: boolean
+                showUserIdentifier:
+                  type: boolean
+                forgotPasswordLabel:
+                  type: string
+                forgotPasswordUrl:
+                  type: string
+                unlockAccountLabel:
+                  type: string
+                unlockAccountUrl:
+                  type: string
+                helpLabel:
+                  type: string
+                helpUrl:
+                  type: string
+                customLink1Label:
+                  type: string
+                customLink1Url:
+                  type: string
+                customLink2Label:
+                  type: string
+                customLink2Url:
+                  type: string
+                authenticatorPageCustomLinkLabel:
+                  type: string
+                authenticatorPageCustomLinkUrl:
+                  type: string
+                classicRecoveryFlowEmailOrUsernameLabel:
+                  type: string
+            widgetVersion:
+              $ref: '#/components/schemas/Version'
+    SignInPageTouchPointVariant:
+      type: string
+      enum:
+        - BACKGROUND_IMAGE
+        - BACKGROUND_SECONDARY_COLOR
+        - OKTA_DEFAULT
+    SignOnInlineHook:
+      properties:
+        id:
+          type: string
+          readOnly: false
+    SimulatePolicyBody:
+      type: object
+      description: The request body required for a simulate policy operation.
+      properties:
+        policyTypes:
+          type: array
+          description: Supported policy types for a simulate operation. The default value, `null`, returns all types.
+          items:
+            $ref: '#/components/schemas/PolicyType'
+        appInstance:
+          type: string
+          description: The application instance ID for a simulate operation
+        policyContext:
+          $ref: '#/components/schemas/PolicyContext'
+      required:
+        -  appInstance
+    SimulatePolicyEvaluations:
+      type: object
+      properties:
+        status:
+          type: string
+          description: The result of this entity evaluation
+          enum:
+            - MATCH
+            - NOT_MATCH
+            - UNDEFINED
+        policyType:
+          type: array
+          description: The policy type of the simulate operation
+          items:
+            $ref: '#/components/schemas/PolicyType'
+        result:
+          $ref: "#/components/schemas/SimulatePolicyResult"
+        undefined:
+          type: object
+          description: A list of undefined but not matched policies and rules
+          properties:
+            policies:
+              $ref: "#/components/schemas/SimulateResultPolicies"
+        evaluated:
+          type: object
+          description: A list of evaluated but not matched policies and rules
+          properties:
+            policies:
+              $ref: "#/components/schemas/SimulateResultPolicies"
+    SimulatePolicyResponse:
+      description: The response body returned for a simulate policy operation. An array of `evaluations`.
+      items:
+        $ref: '#/components/schemas/SimulatePolicyEvaluations'
+      type: array
+    SimulatePolicyResult:
+      description: The result of the policy evaluation
+      type: object
+      properties:
+        policies:
+          $ref: '#/components/schemas/SimulateResultPolicies'
+    SimulateResultConditions:
+      type: object
+      properties:
+        status:
+          type: string
+          description: The result of the entity evaluation
+          enum:
+            - MATCH
+            - UNMATCHED
+            - UNDEFINED
+        type:
+          type: string
+          description: The type of condition
+    SimulateResultPolicies:
+      items:
+        $ref: '#/components/schemas/SimulateResultPoliciesItems'
+      type: array
+    SimulateResultPoliciesItems:
+      type: object
+      properties:
+        id:
+          type: string
+        name:
+          type: string
+        status:
+          type: string
+        conditions:
+          type: array
+          $ref: "#/components/schemas/SimulateResultConditions"
+        rules:
+          type: array
+          $ref: "#/components/schemas/SimulateResultRules"
+    SimulateResultRules:
+      type: object
+      properties:
+        id:
+          type: string
+          description: The unique ID number of the policy rule
+        name:
+          type: string
+          description: The name of the policy rule
+        status:
+          type: string
+          description: The result of the entity evaluation
+          enum:
+            - MATCH
+            - UNMATCHED
+            - UNDEFINED
+        conditions:
+          type: array
+          $ref: "#/components/schemas/SimulateResultConditions"
+    SingleLogout:
+      type: object
+      properties:
+        enabled:
+          type: boolean
+        issuer:
+          type: string
+        logoutUrl:
+          type: string
+    SloParticipate:
+      type: object
+      properties:
+        bindingType:
+          type: string
+          description: Request binding type
+          enum:
+            - POST
+            - REDIRECT
+        enabled:
+          type: boolean
+          description: Allows the app to participate in front-channel single logout.
+        logoutRequestUrl:
+          type: string
+          description: URL where Okta sends the logout request.
+        sessionIndexRequired:
+          type: boolean
+          description: Include user session details.
+    SmsTemplate:
+      type: object
+      properties:
+        created:
+          type: string
+          format: date-time
+          readOnly: true
+        id:
+          type: string
+          readOnly: true
+        lastUpdated:
+          type: string
+          format: date-time
+          readOnly: true
+        name:
+          type: string
+        template:
+          type: string
+        translations:
+          $ref: '#/components/schemas/SmsTemplateTranslations'
+        type:
+          $ref: '#/components/schemas/SmsTemplateType'
+    SmsTemplateTranslations:
+      type: object
+      x-okta-extensible: true
+    SmsTemplateType:
+      type: string
+      enum:
+        - SMS_VERIFY_CODE
+    SmsUserFactor:
+      allOf:
+        - $ref: '#/components/schemas/UserFactor'
+        - type: object
+          properties:
+            profile:
+              $ref: '#/components/schemas/SmsUserFactorProfile'
+    SmsUserFactorProfile:
+      type: object
+      properties:
+        phoneNumber:
+          type: string
+    SocialAuthToken:
+      type: object
+      properties:
+        expiresAt:
+          type: string
+          format: date-time
+          readOnly: true
+        id:
+          type: string
+          readOnly: true
+        scopes:
+          type: array
+          items:
+            type: string
+        token:
+          type: string
+        tokenAuthScheme:
+          type: string
+        tokenType:
+          type: string
+    SourceLinks:
+      allOf:
+        - $ref: '#/components/schemas/LinksSelf'
+        - type: object
+          properties:
+            schema:
+              allOf:
+                - $ref: '#/components/schemas/HrefObject'
+                - description: The associated schema
+    SpCertificate:
+      type: object
+      properties:
+        x5c:
+          type: array
+          items:
+            type: string
+    SplunkEdition:
+      description: Edition of the Splunk Cloud instance
+      example: aws
+      type: string
+      enum:
+        - aws
+        - aws_govcloud
+        - gcp
+    SplunkHost:
+      description: 'The domain name for your Splunk Cloud instance. Don''t include `http` or `https` in the string. For example: `acme.splunkcloud.com`'
+      minLength: 17
+      maxLength: 116
+      example: acme.splunkcloud.com
+      type: string
+    SplunkToken:
+      description: The HEC token for your Splunk Cloud HTTP Event Collector. The token value is set at object creation, but isn't returned.
+      example: 11111111-1111-2222-2222-222222222222
+      writeOnly: true
+      type: string
+      pattern: (?i)^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$
+    SsprPrimaryRequirement:
+      type: object
+      description: Defines the authenticators permitted for the initial authentication step of password recovery
+      properties:
+        methods:
+          type: array
+          description: Authenticator methods allowed for the initial authentication step of password recovery
+          items:
+            type: string
+            enum:
+              - push
+              - sms
+              - voice
+              - email
+          x-okta-feature-flag-amends:
+            IDX_SSPR_EXTENDED_PRIMARY_FACTORS:
+              description: Authenticator methods allowed for the initial authentication step of password recovery. Method `otp` requires a constraint limiting it to a Google authenticator.
+              items:
+                type: string
+                enum:
+                  - push
+                  - sms
+                  - voice
+                  - email
+                  - otp
+        methodConstraints:
+          description: Constraints on the values specified in the `methods` array. Specifying a constraint limits methods to specific authenticator(s). Currently, Google OTP is the only accepted constraint.
+          x-okta-lifecycle:
+            features:
+              - IDX_SSPR_EXTENDED_PRIMARY_FACTORS
+          type: array
+          items:
+            $ref: '#/components/schemas/AuthenticatorMethodConstraint'
+    SsprRequirement:
+      description: Describes the initial and secondary authenticator requirements a user needs to reset their password
+      type: object
+      properties:
+        primary:
+          $ref: '#/components/schemas/SsprPrimaryRequirement'
+        stepUp:
+          $ref: '#/components/schemas/SsprStepUpRequirement'
+    SsprStepUpRequirement:
+      description: |-
+        Defines the secondary authenticators needed for password reset if `required` is true. The following are three valid configurations:
+        * `required`=false
+        * `required`=true with no methods to use any SSO authenticator
+        * `required`=true with `security_question` as the method
+      type: object
+      properties:
+        methods:
+          description: Authenticator methods required for secondary authentication step of password recovery. Specify this value only when `required` is true and `security_question` is permitted for the secondary authentication.
+          type: array
+          items:
+            type: string
+            enum:
+              - security_question
+        required:
+          type: boolean
+    Subscription:
+      type: object
+      properties:
+        channels:
+          description: |-
+            An array of sources send notifications to users.
+            > **Note**: Currently, Okta only allows `email` channels.
+          items:
+            type: string
+          type: array
+        notificationType:
+          $ref: '#/components/schemas/NotificationType'
+        status:
+          $ref: '#/components/schemas/SubscriptionStatus'
+        _links:
+          type: object
+          description: Discoverable resources related to the subscription
+          properties:
+            self:
+              $ref: '#/components/schemas/HrefObject'
+          readOnly: true
+    SubscriptionStatus:
+      description: The status of the subscription
+      type: string
+      enum:
+        - subscribed
+        - unsubscribed
+    SupportedMethods:
+      type: object
+      properties:
+        settings:
+          type: object
+          properties:
+            keyProtection:
+              type: string
+            algorithms:
+              type: array
+              items:
+                $ref: '#/components/schemas/AuthenticatorMethodAlgorithm'
+            transactionTypes:
+              type: array
+              items:
+                $ref: '#/components/schemas/AuthenticatorMethodTransactionType'
+        status:
+          type: string
+        type:
+          type: string
+          enum:
+            - push
+    SwaApplicationSettings:
+      allOf:
+        - $ref: '#/components/schemas/ApplicationSettings'
+        - type: object
+          properties:
+            app:
+              $ref: '#/components/schemas/SwaApplicationSettingsApplication'
+    SwaApplicationSettingsApplication:
+      type: object
+      properties:
+        buttonField:
+          type: string
+        buttonSelector:
+          type: string
+        checkbox:
+          type: string
+        extraFieldSelector:
+          type: string
+        extraFieldValue:
+          type: string
+        loginUrlRegex:
+          type: string
+        passwordField:
+          type: string
+        passwordSelector:
+          type: string
+        redirectUrl:
+          type: string
+        targetURL:
+          type: string
+        url:
+          type: string
+        usernameField:
+          type: string
+        userNameSelector:
+          type: string
+    TempPassword:
+      type: object
+      properties:
+        tempPassword:
+          type: string
+          readOnly: true
+    Theme:
+      type: object
+      properties:
+        backgroundImage:
+          readOnly: true
+          type: string
+        emailTemplateTouchPointVariant:
+          $ref: '#/components/schemas/EmailTemplateTouchPointVariant'
+        endUserDashboardTouchPointVariant:
+          $ref: '#/components/schemas/EndUserDashboardTouchPointVariant'
+        errorPageTouchPointVariant:
+          $ref: '#/components/schemas/ErrorPageTouchPointVariant'
+        loadingPageTouchPointVariant:
+          $ref: '#/components/schemas/LoadingPageTouchPointVariant'
+        primaryColorContrastHex:
+          type: string
+        primaryColorHex:
+          type: string
+        secondaryColorContrastHex:
+          type: string
+        secondaryColorHex:
+          type: string
+        signInPageTouchPointVariant:
+          $ref: '#/components/schemas/SignInPageTouchPointVariant'
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    ThemeResponse:
+      type: object
+      properties:
+        backgroundImage:
+          readOnly: true
+          type: string
+        emailTemplateTouchPointVariant:
+          $ref: '#/components/schemas/EmailTemplateTouchPointVariant'
+        endUserDashboardTouchPointVariant:
+          $ref: '#/components/schemas/EndUserDashboardTouchPointVariant'
+        errorPageTouchPointVariant:
+          $ref: '#/components/schemas/ErrorPageTouchPointVariant'
+        favicon:
+          readOnly: true
+          type: string
+        id:
+          readOnly: true
+          type: string
+        loadingPageTouchPointVariant:
+          $ref: '#/components/schemas/LoadingPageTouchPointVariant'
+        logo:
+          readOnly: true
+          type: string
+        primaryColorContrastHex:
+          type: string
+        primaryColorHex:
+          type: string
+        secondaryColorContrastHex:
+          type: string
+        secondaryColorHex:
+          type: string
+        signInPageTouchPointVariant:
+          $ref: '#/components/schemas/SignInPageTouchPointVariant'
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    ThreatInsightConfiguration:
+      type: object
+      properties:
+        action:
+          type: string
+          description: Specifies how Okta responds to authentication requests from suspicious IP addresses
+          enum:
+            - none
+            - audit
+            - block
+          x-enumDescriptions:
+            none: Indicates that ThreatInsight is disabled
+            audit: Indicates that Okta logs suspicious requests to the System Log
+            block: Indicates that Okta logs suspicious requests to the System Log and blocks the requests
+          example: none
+        created:
+          type: string
+          format: date-time
+          description: Timestamp when the ThreatInsight Configuration object was created
+          example: '2020-08-05T22:18:30.629Z'
+          readOnly: true
+        excludeZones:
+          type: array
+          description: |-
+            Accepts a list of [Network Zone](/openapi/okta-management/management/tag/NetworkZone/) IDs.
+            IPs in the excluded network zones aren't logged or blocked.
+            This ensures that traffic from known, trusted IPs isn't accidentally logged or blocked.
+          items:
+            type: string
+          example: []
+        lastUpdated:
+          type: string
+          format: date-time
+          description: Timestamp when the ThreatInsight Configuration object was last updated
+          readOnly: true
+          example: '2020-09-08T20:53:20.882Z'
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+      required:
+        - action
+    TimeDuration:
+      description: A time duration specified as an [ISO-8601 duration](https://en.wikipedia.org/wiki/ISO_8601#Durations).
+      type: string
+      pattern: ^P(?!$)(\d+Y)?(\d+M)?(\d+W)?(\d+D)?(T(?=\d)(\d+H)?(\d+M)?(\d+S)?)?$
+    TokenAuthorizationServerPolicyRuleAction:
+      type: object
+      properties:
+        accessTokenLifetimeMinutes:
+          type: integer
+        inlineHook:
+          $ref: '#/components/schemas/TokenAuthorizationServerPolicyRuleActionInlineHook'
+        refreshTokenLifetimeMinutes:
+          type: integer
+        refreshTokenWindowMinutes:
+          type: integer
+    TokenAuthorizationServerPolicyRuleActionInlineHook:
+      type: object
+      properties:
+        id:
+          type: string
+          readOnly: false
+    TokenUserFactor:
+      allOf:
+        - $ref: '#/components/schemas/UserFactor'
+        - type: object
+          properties:
+            profile:
+              $ref: '#/components/schemas/TokenUserFactorProfile'
+    TokenUserFactorProfile:
+      type: object
+      properties:
+        credentialId:
+          type: string
+    TotpUserFactor:
+      allOf:
+        - $ref: '#/components/schemas/UserFactor'
+        - type: object
+          properties:
+            profile:
+              $ref: '#/components/schemas/TotpUserFactorProfile'
+    TotpUserFactorProfile:
+      type: object
+      properties:
+        credentialId:
+          type: string
+    TrustedOrigin:
+      type: object
+      properties:
+        created:
+          type: string
+          format: date-time
+          readOnly: true
+        createdBy:
+          type: string
+        id:
+          type: string
+          readOnly: true
+        lastUpdated:
+          type: string
+          format: date-time
+          readOnly: true
+        lastUpdatedBy:
+          type: string
+        name:
+          type: string
+        origin:
+          type: string
+        scopes:
+          type: array
+          items:
+            $ref: '#/components/schemas/TrustedOriginScope'
+        status:
+          type: string
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    TrustedOriginScope:
+      type: object
+      properties:
+        allowedOktaApps:
+          type: array
+          items:
+            $ref: '#/components/schemas/IframeEmbedScopeAllowedApps'
+        type:
+          $ref: '#/components/schemas/TrustedOriginScopeType'
+    TrustedOriginScopeType:
+      type: string
+      enum:
+        - CORS
+        - IFRAME_EMBED
+        - REDIRECT
+    U2fUserFactor:
+      allOf:
+        - $ref: '#/components/schemas/UserFactor'
+        - type: object
+          properties:
+            profile:
+              $ref: '#/components/schemas/U2fUserFactorProfile'
+    U2fUserFactorProfile:
+      type: object
+      properties:
+        credentialId:
+          type: string
+    UIElement:
+      description: Specifies the configuration of an input field on an enrollment form
+      type: object
+      properties:
+        label:
+          type: string
+          description: Label name for the UI element
+        options:
+          type: object
+          description: UI Schema element options object
+          properties:
+            format:
+              type: string
+              description: Specifies how the input appears
+              enum:
+                - text
+                - radio
+                - select
+                - checkbox
+                - radio_yes_no
+                - radio_true_false
+              x-enumDescriptions:
+                text: The default format for the majority of property types.
+                radio: Radio button options. This option is only available for `string` data types with an `enum` or `one of` constraint.
+                select: Displays input as a dropdown list. This option is only available for the `country-code` data type or a string data type with an enum or one of constraint.
+                checkbox: Displays input as a checkbox. This option is only available for Boolean data types.
+                radio_yes_no: Displays input as two radio buttons, one with the option `yes` and the other `no`. This option is only available for Boolean data types.
+                radio_true_false: Displays input as two radio buttons, one with the option `true` and the other `false`. This option is only available for Boolean data types.
+        scope:
+          type: string
+          description: Specifies the property bound to the input field. It must follow the format `#/properties/PROPERTY_NAME` where `PROPERTY_NAME` is a variable name for an attribute in `profile editor`.
+        type:
+          type: string
+          description: Specifies the relationship between this input element and `scope`. The `Control` value specifies that this input controls the value represented by `scope`.
+    UISchemaObject:
+      description: Properties of the UI schema
+      type: object
+      properties:
+        buttonLabel:
+          type: string
+          description: Specifies the button label for the `Submit` button at the bottom of the enrollment form.
+          default: Submit
+        elements:
+          allOf:
+            $ref: '#/components/schemas/UIElement'
+        label:
+          type: string
+          description: Specifies the label at the top of the enrollment form under the logo.
+          default: Sign in
+        type:
+          type: string
+          description: Specifies the type of layout
+    UISchemasResponseObject:
+      type: object
+      properties:
+        created:
+          type: string
+          format: date-time
+          description: Timestamp when the UI Schema was created (ISO-86001)
+          readOnly: true
+        id:
+          type: string
+          description: Unique identifier for the UI Schema
+          readOnly: true
+        lastUpdated:
+          type: string
+          format: date-time
+          description: Timestamp when the UI Schema was last modified (ISO-86001)
+          readOnly: true
+        uiSchema:
+          $ref: '#/components/schemas/UISchemaObject'
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+      required:
+        - id
+        - uiSchema
+        - created
+        - lastUpdated
+        - _links
+    UpdateDomain:
+      type: object
+      properties:
+        brandId:
+          description: The `id` of the brand used to replace the existing brand.
+          type: string
+          example: bndul904tTZ6kWVhP0g3
+      required:
+        - brandId
+    UpdateEmailDomain:
+      allOf:
+        - $ref: '#/components/schemas/BaseEmailDomain'
+    UpdateIamRoleRequest:
+      type: object
+      properties:
+        description:
+          type: string
+          description: Description of the role
+        label:
+          type: string
+          description: Unique label for the role
+      required:
+        - label
+        - description
+    UpdateUISchema:
+      description: The updated request body properties
+      type: object
+      properties:
+        uiSchema:
+          type: object
+          description: Updated schema property expressions (Okta object or App Instance object)
+          $ref: '#/components/schemas/UISchemaObject'
+    UpdateUserRequest:
+      type: object
+      properties:
+        credentials:
+          $ref: '#/components/schemas/UserCredentials'
+        profile:
+          $ref: '#/components/schemas/UserProfile'
+        realmId:
+          type: string
+          description: The ID of the realm in which the user is residing
+          example: guo1bfiNtSnZYILxO0g4
+          x-okta-lifecycle:
+            features:
+              - UD_REALMS
+    User:
+      type: object
+      properties:
+        activated:
+          type: string
+          format: date-time
+          readOnly: true
+          nullable: true
+        created:
+          type: string
+          format: date-time
+          readOnly: true
+        credentials:
+          $ref: '#/components/schemas/UserCredentials'
+        id:
+          type: string
+          readOnly: true
+        lastLogin:
+          type: string
+          format: date-time
+          readOnly: true
+          nullable: true
+        lastUpdated:
+          type: string
+          format: date-time
+          readOnly: true
+        passwordChanged:
+          type: string
+          format: date-time
+          readOnly: true
+          nullable: true
+        profile:
+          $ref: '#/components/schemas/UserProfile'
+        realmId:
+          type: string
+          description: The ID of the realm in which the user is residing
+          example: guo1bfiNtSnZYILxO0g4
+          x-okta-lifecycle:
+            features:
+              - UD_REALMS
+          readOnly: true
+        status:
+          $ref: '#/components/schemas/UserStatus'
+        statusChanged:
+          type: string
+          format: date-time
+          readOnly: true
+          nullable: true
+        transitioningToStatus:
+          $ref: '#/components/schemas/UserStatus'
+        type:
+          $ref: '#/components/schemas/UserType'
+        _embedded:
+          type: object
+          additionalProperties:
+            type: object
+            properties: {}
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    UserActivationToken:
+      type: object
+      properties:
+        activationToken:
+          type: string
+          readOnly: true
+        activationUrl:
+          type: string
+          readOnly: true
+    UserBlock:
+      type: object
+      properties:
+        appliesTo:
+          type: string
+          readOnly: true
+        type:
+          type: string
+          readOnly: true
+    UserCondition:
+      description: Specifies a set of Users to be included or excluded
+      type: object
+      properties:
+        exclude:
+          description: Users to be excluded
+          type: array
+          items:
+            type: string
+        include:
+          description: Users to be included
+          type: array
+          items:
+            type: string
+    UserCredentials:
+      type: object
+      properties:
+        password:
+          $ref: '#/components/schemas/PasswordCredential'
+        provider:
+          $ref: '#/components/schemas/AuthenticationProvider'
+        recovery_question:
+          $ref: '#/components/schemas/RecoveryQuestionCredential'
+    UserFactor:
+      type: object
+      properties:
+        created:
+          type: string
+          format: date-time
+          readOnly: true
+        factorType:
+          $ref: '#/components/schemas/FactorType'
+        id:
+          type: string
+          readOnly: true
+        lastUpdated:
+          type: string
+          format: date-time
+          readOnly: true
+        profile:
+          type: object
+          description: Factor-specific attributes
+        provider:
+          $ref: '#/components/schemas/FactorProvider'
+        status:
+          $ref: '#/components/schemas/FactorStatus'
+        verify:
+          $ref: '#/components/schemas/VerifyFactorRequest'
+        _embedded:
+          type: object
+          additionalProperties:
+            type: object
+            properties: {}
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+      discriminator:
+        propertyName: factorType
+        mapping:
+          call: '#/components/schemas/CallUserFactor'
+          email: '#/components/schemas/EmailUserFactor'
+          push: '#/components/schemas/PushUserFactor'
+          question: '#/components/schemas/SecurityQuestionUserFactor'
+          sms: '#/components/schemas/SmsUserFactor'
+          token: '#/components/schemas/TokenUserFactor'
+          token:hardware: '#/components/schemas/HardwareUserFactor'
+          token:hotp: '#/components/schemas/CustomHotpUserFactor'
+          token:software:totp: '#/components/schemas/TotpUserFactor'
+          u2f: '#/components/schemas/U2fUserFactor'
+          web: '#/components/schemas/WebUserFactor'
+          webauthn: '#/components/schemas/WebAuthnUserFactor'
+          hotp: '#/components/schemas/CustomHotpUserFactor'
+    UserIdentifierConditionEvaluatorPattern:
+      type: object
+      description: Used in the User Identifier Condition object. Specifies the details of the patterns to match against.
+      properties:
+        matchType:
+          $ref: '#/components/schemas/UserIdentifierMatchType'
+        value:
+          type: string
+          description: The regex expression of a simple match string
+    UserIdentifierMatchType:
+      type: string
+      description: The type of pattern. For regex, use `EXPRESSION`.
+      enum:
+        - CONTAINS
+        - EQUALS
+        - EXPRESSION
+        - STARTS_WITH
+        - SUFFIX
+    UserIdentifierPolicyRuleCondition:
+      type: object
+      properties:
+        attribute:
+          type: string
+        patterns:
+          type: array
+          items:
+            $ref: '#/components/schemas/UserIdentifierConditionEvaluatorPattern'
+        type:
+          $ref: '#/components/schemas/UserIdentifierType'
+    UserIdentifierType:
+      type: string
+      enum:
+        - ATTRIBUTE
+        - IDENTIFIER
+    UserIdentityProviderLinkRequest:
+      type: object
+      properties:
+        externalId:
+          type: string
+    UserLifecycleAttributePolicyRuleCondition:
+      type: object
+      properties:
+        attributeName:
+          type: string
+        matchingValue:
+          type: string
+    UserLockoutSettings:
+      type: object
+      properties:
+        preventBruteForceLockoutFromUnknownDevices:
+          type: boolean
+          description: Prevents brute-force lockout from unknown devices for the password authenticator.
+    UserNextLogin:
+      type: string
+      enum:
+        - changePassword
+    UserPolicyRuleCondition:
+      type: object
+      properties:
+        exclude:
+          type: array
+          items:
+            type: string
+        inactivity:
+          $ref: '#/components/schemas/InactivityPolicyRuleCondition'
+        include:
+          type: array
+          items:
+            type: string
+        lifecycleExpiration:
+          $ref: '#/components/schemas/LifecycleExpirationPolicyRuleCondition'
+        passwordExpiration:
+          $ref: '#/components/schemas/PasswordExpirationPolicyRuleCondition'
+        userLifecycleAttribute:
+          $ref: '#/components/schemas/UserLifecycleAttributePolicyRuleCondition'
+    UserProfile:
+      additionalProperties: true # TODO: revisit
+      type: object
+      properties:
+        city:
+          type: string
+          maxLength: 128
+          nullable: true
+        costCenter:
+          type: string
+        countryCode:
+          type: string
+          maxLength: 2
+          nullable: true
+        department:
+          type: string
+        displayName:
+          type: string
+        division:
+          type: string
+        email:
+          type: string
+          format: email
+          minLength: 5
+          maxLength: 100
+        employeeNumber:
+          type: string
+        firstName:
+          type: string
+          minLength: 1
+          maxLength: 50
+          nullable: true
+        honorificPrefix:
+          type: string
+        honorificSuffix:
+          type: string
+        lastName:
+          type: string
+          minLength: 1
+          maxLength: 50
+          nullable: true
+        locale:
+          $ref: '#/components/schemas/Language'
+        login:
+          type: string
+          maxLength: 100
+        manager:
+          type: string
+        managerId:
+          type: string
+        middleName:
+          type: string
+        mobilePhone:
+          type: string
+          maxLength: 100
+          nullable: true
+        nickName:
+          type: string
+        organization:
+          type: string
+        postalAddress:
+          type: string
+          maxLength: 4096
+          nullable: true
+        preferredLanguage:
+          type: string
+        primaryPhone:
+          type: string
+          maxLength: 100
+          nullable: true
+        profileUrl:
+          type: string
+        secondEmail:
+          type: string
+          format: email
+          minLength: 5
+          maxLength: 100
+          nullable: true
+        state:
+          type: string
+          maxLength: 128
+          nullable: true
+        streetAddress:
+          type: string
+          maxLength: 1024
+          nullable: true
+        timezone:
+          type: string
+        title:
+          type: string
+        userType:
+          type: string
+        zipCode:
+          type: string
+          maxLength: 50
+          nullable: true
+    UserSchema:
+      type: object
+      properties:
+        $schema:
+          type: string
+          readOnly: true
+        created:
+          type: string
+          readOnly: true
+        definitions:
+          $ref: '#/components/schemas/UserSchemaDefinitions'
+        id:
+          type: string
+          readOnly: true
+        lastUpdated:
+          type: string
+          readOnly: true
+        name:
+          type: string
+          readOnly: true
+        properties:
+          $ref: '#/components/schemas/UserSchemaProperties'
+        title:
+          type: string
+        type:
+          type: string
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+    UserSchemaAttribute:
+      type: object
+      properties:
+        description:
+          type: string
+        enum:
+          type: array
+          items:
+            type: string
+        externalName:
+          type: string
+        externalNamespace:
+          type: string
+        items:
+          $ref: '#/components/schemas/UserSchemaAttributeItems'
+        master:
+          $ref: '#/components/schemas/UserSchemaAttributeMaster'
+        maxLength:
+          type: integer
+          nullable: true
+        minLength:
+          type: integer
+          nullable: true
+        mutability:
+          type: string
+        oneOf:
+          type: array
+          items:
+            $ref: '#/components/schemas/UserSchemaAttributeEnum'
+        pattern:
+          type: string
+        permissions:
+          type: array
+          items:
+            $ref: '#/components/schemas/UserSchemaAttributePermission'
+        required:
+          type: boolean
+        scope:
+          $ref: '#/components/schemas/UserSchemaAttributeScope'
+        title:
+          type: string
+        type:
+          $ref: '#/components/schemas/UserSchemaAttributeType'
+        union:
+          $ref: '#/components/schemas/UserSchemaAttributeUnion'
+        unique:
+          type: string
+      x-okta-allow-null-property-value-for-updates: true
+    UserSchemaAttributeEnum:
+      type: object
+      properties:
+        const:
+          type: string
+        title:
+          type: string
+    UserSchemaAttributeItems:
+      type: object
+      properties:
+        enum:
+          type: array
+          items:
+            type: string
+        oneOf:
+          type: array
+          items:
+            $ref: '#/components/schemas/UserSchemaAttributeEnum'
+        type:
+          type: string
+    UserSchemaAttributeMaster:
+      type: object
+      properties:
+        priority:
+          type: array
+          items:
+            $ref: '#/components/schemas/UserSchemaAttributeMasterPriority'
+        type:
+          $ref: '#/components/schemas/UserSchemaAttributeMasterType'
+    UserSchemaAttributeMasterPriority:
+      type: object
+      properties:
+        type:
+          type: string
+        value:
+          type: string
+    UserSchemaAttributeMasterType:
+      type: string
+      enum:
+        - OKTA
+        - OVERRIDE
+        - PROFILE_MASTER
+    UserSchemaAttributePermission:
+      type: object
+      properties:
+        action:
+          type: string
+        principal:
+          type: string
+    UserSchemaAttributeScope:
+      type: string
+      enum:
+        - NONE
+        - SELF
+    UserSchemaAttributeType:
+      type: string
+      enum:
+        - array
+        - boolean
+        - integer
+        - number
+        - string
+    UserSchemaAttributeUnion:
+      type: string
+      enum:
+        - DISABLE
+        - ENABLE
+    UserSchemaBase:
+      type: object
+      properties:
+        id:
+          type: string
+        properties:
+          $ref: '#/components/schemas/UserSchemaBaseProperties'
+        required:
+          type: array
+          items:
+            type: string
+        type:
+          type: string
+    UserSchemaBaseProperties:
+      type: object
+      properties:
+        city:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        costCenter:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        countryCode:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        department:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        displayName:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        division:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        email:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        employeeNumber:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        firstName:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        honorificPrefix:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        honorificSuffix:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        lastName:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        locale:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        login:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        manager:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        managerId:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        middleName:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        mobilePhone:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        nickName:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        organization:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        postalAddress:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        preferredLanguage:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        primaryPhone:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        profileUrl:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        secondEmail:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        state:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        streetAddress:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        timezone:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        title:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        userType:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        zipCode:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+    UserSchemaDefinitions:
+      type: object
+      properties:
+        base:
+          $ref: '#/components/schemas/UserSchemaBase'
+        custom:
+          $ref: '#/components/schemas/UserSchemaPublic'
+    UserSchemaProperties:
+      type: object
+      properties:
+        profile:
+          $ref: '#/components/schemas/UserSchemaPropertiesProfile'
+    UserSchemaPropertiesProfile:
+      type: object
+      properties:
+        allOf:
+          type: array
+          items:
+            $ref: '#/components/schemas/UserSchemaPropertiesProfileItem'
+    UserSchemaPropertiesProfileItem:
+      type: object
+      properties:
+        $ref:
+          type: string
+    UserSchemaPublic:
+      type: object
+      properties:
+        id:
+          type: string
+        properties:
+          type: object
+          additionalProperties:
+            $ref: '#/components/schemas/UserSchemaAttribute'
+        required:
+          type: array
+          items:
+            type: string
+        type:
+          type: string
+    UserStatus:
+      type: string
+      enum:
+        - ACTIVE
+        - DEPROVISIONED
+        - LOCKED_OUT
+        - PASSWORD_EXPIRED
+        - PROVISIONED
+        - RECOVERY
+        - STAGED
+        - SUSPENDED
+    UserStatusPolicyRuleCondition:
+      type: object
+      properties:
+        value:
+          $ref: '#/components/schemas/PolicyUserStatus'
+    UserType:
+      type: object
+      properties:
+        created:
+          type: string
+          format: date-time
+          description: A timestamp from when the User Type was created
+          readOnly: true
+        createdBy:
+          type: string
+          description: The user ID of the account that created the User Type
+          readOnly: true
+        default:
+          type: boolean
+          description: A boolean value to indicate if this is the default User Type
+          readOnly: true
+        description:
+          type: string
+          description: The human-readable description of the User Type
+        displayName:
+          type: string
+          description: The human-readable name of the User Type
+        id:
+          type: string
+          description: The unique key for the User Type
+          readOnly: false # This should be editable since it's being used by other models that updates the user type
+        lastUpdated:
+          type: string
+          format: date-time
+          description: A timestamp from when the User Type was most recently updated
+          readOnly: true
+        lastUpdatedBy:
+          type: string
+          description: The user ID of the most recent account to edit the User Type
+          readOnly: true
+        name:
+          type: string
+          description: |-
+            The name of the User Type. The name must start with A-Z or a-z and contain only A-Z, a-z, 0-9, or underscore (_) characters. 
+             This value becomes read-only after creation and can't be updated.
+        _links:
+          $ref: '#/components/schemas/UserTypeLinks'
+      required:
+        - name
+        - displayName
+    UserTypeCondition:
+      properties:
+        exclude:
+          items:
+            type: string
+          type: array
+        include:
+          items:
+            type: string
+          type: array
+    UserTypeLinks:
+      allOf:
+        - $ref: '#/components/schemas/LinksSelf'
+        - type: object
+          properties:
+            schema:
+              allOf:
+                - $ref: '#/components/schemas/HrefObject'
+                - description: The associated schema
+    UserTypePostRequest:
+      type: object
+      properties:
+        description:
+          type: string
+          description: The updated human-readable description of the User Type
+        displayName:
+          type: string
+          description: The updated human-readable display name for the User Type
+    UserTypePutRequest:
+      type: object
+      properties:
+        description:
+          type: string
+          description: The human-readable description of the User Type
+        displayName:
+          type: string
+          description: The human-readable name of the User Type
+        name:
+          type: string
+          description: The name of the existing type
+      required:
+        - name
+        - displayName
+        - description
+    UserVerificationEnum:
+      description: User verification setting
+      type: string
+      enum:
+        - DISCOURAGED
+        - PREFERRED
+        - REQUIRED
+    VerificationMethod:
+      type: object
+      properties:
+        constraints:
+          items:
+            $ref: '#/components/schemas/AccessPolicyConstraints'
+          type: array
+        factorMode:
+          type: string
+        reauthenticateIn:
+          type: string
+        type:
+          type: string
+    VerifyFactorRequest:
+      type: object
+      properties:
+        activationToken:
+          type: string
+        answer:
+          type: string
+        attestation:
+          type: string
+        clientData:
+          type: string
+        nextPassCode:
+          type: string
+        passCode:
+          type: string
+        registrationData:
+          type: string
+        stateToken:
+          type: string
+        authenticatorData:
+          type: string
+        signatureData:
+          type: string
+    VerifyUserFactorResponseLinks:
+      type: object
+      properties:
+        self:
+          $ref: '#/components/schemas/HrefObjectSelfLink'
+        poll:
+          $ref: '#/components/schemas/HrefObject'
+        cancel:
+          $ref: '#/components/schemas/HrefObject'
+    VerifyUserFactorResponse:
+      type: object
+      additionalProperties: true
+      properties:
+        expiresAt:
+          type: string
+          format: date-time
+          readOnly: true
+        factorResult:
+          $ref: '#/components/schemas/VerifyUserFactorResult'
+        factorResultMessage:
+          type: string
+        _embedded:
+          type: object
+          additionalProperties:
+            type: object
+            properties: {}
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/VerifyUserFactorResponseLinks'
+    VerifyUserFactorResult:
+      type: string
+      enum:
+        - CHALLENGE
+        - ERROR
+        - EXPIRED
+        - FAILED
+        - PASSCODE_REPLAYED
+        - REJECTED
+        - SUCCESS
+        - TIMEOUT
+        - TIME_WINDOW_EXCEEDED
+        - WAITING
+    Version:
+      description: The version specified as a [Semantic Version](https://semver.org/).
+      type: string
+      pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$
+    WebAuthnAttachment:
+      type: string
+      enum:
+        - ANY
+        - BUILT_IN
+        - ROAMING
+    WebAuthnUserFactor:
+      allOf:
+        - $ref: '#/components/schemas/UserFactor'
+        - type: object
+          properties:
+            profile:
+              $ref: '#/components/schemas/WebAuthnUserFactorProfile'
+    WebAuthnUserFactorProfile:
+      type: object
+      properties:
+        authenticatorName:
+          type: string
+        credentialId:
+          type: string
+    WebUserFactor:
+      allOf:
+        - $ref: '#/components/schemas/UserFactor'
+        - type: object
+          properties:
+            profile:
+              $ref: '#/components/schemas/WebUserFactorProfile'
+    WebUserFactorProfile:
+      type: object
+      properties:
+        credentialId:
+          type: string
+    WellKnownAppAuthenticatorConfiguration:
+      type: object
+      properties:
+        appAuthenticatorEnrollEndpoint:
+          type: string
+        authenticatorId:
+          type: string
+          description: The unique identifier of the app authenticator
+        createdDate:
+          type: string
+          format: date-time
+        key:
+          type: string
+        lastUpdated:
+          type: string
+          format: date-time
+        name:
+          type: string
+          description: The authenticator display name
+        orgId:
+          type: string
+        settings:
+          type: object
+          properties:
+            userVerification:
+              type: string
+              $ref: '#/components/schemas/UserVerificationEnum'
+        supportedMethods:
+          type: array
+          items:
+            $ref: '#/components/schemas/SupportedMethods'
+        type:
+          type: string
+          enum:
+            - app
+    WellKnownOrgMetadata:
+      type: object
+      properties:
+        id:
+          type: string
+          description: The unique identifier of the Org
+        pipeline:
+          $ref: '#/components/schemas/PipelineType'
+        settings:
+          $ref: '#/components/schemas/WellKnownOrgMetadataSettings'
+        _links:
+          type: object
+          properties:
+            alternate:
+              $ref: '#/components/schemas/HrefObject'
+            organization:
+              $ref: '#/components/schemas/HrefObject'
+    WellKnownOrgMetadataSettings:
+      type: object
+      properties:
+        analyticsCollectionEnabled:
+          type: boolean
+        bugReportingEnabled:
+          type: boolean
+        omEnabled:
+          type: boolean
+          description: Whether the legacy Okta Mobile application is enabled for the org
+    WsFederationApplication:
+      x-okta-defined-as:
+        name: template_wsfed
+      allOf:
+        - $ref: '#/components/schemas/Application'
+        - type: object
+          properties:
+            credentials:
+              $ref: '#/components/schemas/ApplicationCredentials'
+            name:
+              type: string
+              default: template_wsfed
+            settings:
+              $ref: '#/components/schemas/WsFederationApplicationSettings'
+    WsFederationApplicationSettings:
+      allOf:
+        - $ref: '#/components/schemas/ApplicationSettings'
+        - type: object
+          properties:
+            app:
+              $ref: '#/components/schemas/WsFederationApplicationSettingsApplication'
+    WsFederationApplicationSettingsApplication:
+      type: object
+      properties:
+        attributeStatements:
+          type: string
+        audienceRestriction:
+          type: string
+        authnContextClassRef:
+          type: string
+        groupFilter:
+          type: string
+        groupName:
+          type: string
+        groupValueFormat:
+          type: string
+        nameIDFormat:
+          type: string
+        realm:
+          type: string
+        siteURL:
+          type: string
+        usernameAttribute:
+          type: string
+        wReplyOverride:
+          type: boolean
+        wReplyURL:
+          type: string
+    enabledPagesType:
+      title: enabledPages
+      type: string
+      enum:
+        - SIGN_IN
+        - SSPR
+        - SSR
+      x-enumDescriptions:
+        SIGN_IN: User sign-in page
+        SSPR: Self-service Password Recovery page
+        SSR: Self-service Registration page
+    postAPIServiceIntegrationInstance:
+      allOf:
+        - $ref: '#/components/schemas/APIServiceIntegrationInstance'
+        - type: object
+          properties:
+            clientSecret:
+              type: string
+              description: The client secret for the API Service Integration instance. This property is only returned in a POST response.
+              readOnly: true
+    postAPIServiceIntegrationInstanceRequest:
+      type: object
+      properties:
+        grantedScopes:
+          type: array
+          description: The list of Okta management scopes granted to the API Service Integration instance. See [Okta management OAuth 2.0 scopes](/oauth2/#okta-admin-management).
+          items:
+            type: string
+          example:
+            - okta.logs.read
+        type:
+          type: string
+          description: The type of the API service integration. This string is an underscore-concatenated, lowercased API service integration name. For example, `my_api_log_integration`.
+          example: my_app_cie
+      required:
+        - type
+        - grantedScopes
+  securitySchemes:
+    apiToken:
+      description: 'Pass the API token as the Authorization header value prefixed with SSWS: `Authorization: SSWS {API Token}`'
+      name: Authorization
+      type: apiKey
+      in: header
+    oauth2:
+      type: oauth2
+      description: 'Pass the access_token as the value of the Authorization header: `Authorization: Bearer {access_token}`'
+      flows:
+        authorizationCode:
+          authorizationUrl: /oauth2/v1/authorize
+          tokenUrl: /oauth2/v1/token
+          scopes:
+            okta.agentPools.manage: Allows the app to create and manage agent pools in your Okta organization.
+            okta.agentPools.read: Allows the app to read agent pools in your Okta organization.
+            okta.apiTokens.manage: Allows the app to manage API Tokens in your Okta organization.
+            okta.apiTokens.read: Allows the app to read API Tokens in your Okta organization.
+            okta.appGrants.manage: Allows the app to create and manage grants in your Okta organization.
+            okta.appGrants.read: Allows the app to read grants in your Okta organization.
+            okta.apps.manage: Allows the app to create and manage Apps in your Okta organization.
+            okta.apps.read: Allows the app to read information about Apps in your Okta organization.
+            okta.authenticators.manage: Allows the app to manage all authenticators (e.g. enrollments, reset).
+            okta.authenticators.read: Allows the app to read org authenticators information.
+            okta.authorizationServers.manage: Allows the app to create and manage Authorization Servers in your Okta organization.
+            okta.authorizationServers.read: Allows the app to read information about Authorization Servers in your Okta organization.
+            okta.behaviors.manage: Allows the app to create and manage behavior detection rules in your Okta organization.
+            okta.behaviors.read: Allows the app to read behavior detection rules in your Okta organization.
+            okta.brands.manage: Allows the app to create and manage Brands and Themes in your Okta organization.
+            okta.brands.read: Allows the app to read information about Brands and Themes in your Okta organization.
+            okta.captchas.manage: Allows the app to create and manage CAPTCHAs in your Okta organization.
+            okta.captchas.read: Allows the app to read information about CAPTCHAs in your Okta organization.
+            okta.deviceAssurance.manage: Allows the app to manage device assurances.
+            okta.deviceAssurance.read: Allows the app to read device assurances.
+            okta.devices.manage: Allows the app to manage device status transitions and delete a device.
+            okta.devices.read: Allows the app to read the existing device's profile and search devices.
+            okta.domains.manage: Allows the app to manage custom Domains for your Okta organization.
+            okta.domains.read: Allows the app to read information about custom Domains for your Okta organization.
+            okta.emailDomains.manage: Allows the app to manage Email Domains for your Okta organization.
+            okta.emailDomains.read: Allows the app to read information about Email Domains for your Okta organization.
+            okta.emailServers.manage: Allows the app to manage Email Servers for your Okta organization.
+            okta.emailServers.read: Allows the app to read information about Email Servers for your Okta organization.
+            okta.eventHooks.manage: Allows the app to create and manage Event Hooks in your Okta organization.
+            okta.eventHooks.read: Allows the app to read information about Event Hooks in your Okta organization.
+            okta.features.manage: Allows the app to create and manage Features in your Okta organization.
+            okta.features.read: Allows the app to read information about Features in your Okta organization.
+            okta.groups.manage: Allows the app to manage existing groups in your Okta organization.
+            okta.groups.read: Allows the app to read information about groups and their members in your Okta organization.
+            okta.identitySources.manage: Allows the custom identity sources to manage user entities in your Okta organization
+            okta.identitySources.read: Allows to read session information for custom identity sources in your Okta organization
+            okta.idps.manage: Allows the app to create and manage Identity Providers in your Okta organization.
+            okta.idps.read: Allows the app to read information about Identity Providers in your Okta organization.
+            okta.inlineHooks.manage: Allows the app to create and manage Inline Hooks in your Okta organization.
+            okta.inlineHooks.read: Allows the app to read information about Inline Hooks in your Okta organization.
+            okta.linkedObjects.manage: Allows the app to manage linked object definitions in your Okta organization.
+            okta.linkedObjects.read: Allows the app to read linked object definitions in your Okta organization.
+            okta.logStreams.manage: Allows the app to create and manage log streams in your Okta organization.
+            okta.logStreams.read: Allows the app to read information about log streams in your Okta organization.
+            okta.logs.read: Allows the app to read information about System Log entries in your Okta organization.
+            okta.networkZones.manage: Allows the app to create and manage Network Zones in your Okta organization.
+            okta.networkZones.read: Allows the app to read Network Zones in your Okta organization.
+            okta.oauthIntegrations.manage: Allows the app to create and manage API service Integration instances in your Okta organization.
+            okta.oauthIntegrations.read: Allows the app to read API service Integration instances in your Okta organization.
+            okta.orgs.manage: Allows the app to manage organization-specific details for your Okta organization.
+            okta.orgs.read: Allows the app to read organization-specific details about your Okta organization.
+            okta.policies.manage: Allows the app to manage policies in your Okta organization.
+            okta.policies.read: Allows the app to read information about policies in your Okta organization.
+            okta.principalRateLimits.manage: Allows the app to create and manage Principal Rate Limits in your Okta organization.
+            okta.principalRateLimits.read: Allows the app to read information about Principal Rate Limits in your Okta organization.
+            okta.profileMappings.manage: Allows the app to manage user profile mappings in your Okta organization.
+            okta.profileMappings.read: Allows the app to read user profile mappings in your Okta organization.
+            okta.pushProviders.manage: Allows the app to create and manage push notification providers such as APNs and FCM.
+            okta.pushProviders.read: Allows the app to read push notification providers such as APNs and FCM.
+            okta.rateLimits.manage: Allows the app to create and manage rate limits in your Okta organization.
+            okta.rateLimits.read: Allows the app to read information about rate limits in your Okta organization.
+            okta.realms.manage: Allows the app to create new realms and to manage their details.
+            okta.realms.read: Allows the app to read the existing realms and their details.
+            okta.riskEvents.manage: Allows the app to publish risk events to your Okta organization.
+            okta.riskProviders.manage: Allows the app to create and manage risk provider integrations in your Okta organization.
+            okta.riskProviders.read: Allows the app to read all risk provider integrations in your Okta organization.
+            okta.roles.manage: Allows the app to manage administrative role assignments for users in your Okta organization.
+            okta.roles.read: Allows the app to read administrative role assignments for users in your Okta organization.
+            okta.schemas.manage: Allows the app to create and manage Schemas in your Okta organization.
+            okta.schemas.read: Allows the app to read information about Schemas in your Okta organization.
+            okta.sessions.manage: Allows the app to manage all sessions in your Okta organization.
+            okta.sessions.read: Allows the app to read all sessions in your Okta organization.
+            okta.templates.manage: Allows the app to manage all custom templates in your Okta organization.
+            okta.templates.read: Allows the app to read all custom templates in your Okta organization.
+            okta.threatInsights.manage: Allows the app to manage all ThreatInsight configurations in your Okta organization.
+            okta.threatInsights.read: Allows the app to read all ThreatInsight configurations in your Okta organization.
+            okta.trustedOrigins.manage: Allows the app to manage all Trusted Origins in your Okta organization.
+            okta.trustedOrigins.read: Allows the app to read all Trusted Origins in your Okta organization.
+            okta.uischemas.manage: Allows the app to manage all the UI Schemas in your Okta organization.
+            okta.uischemas.read: Allows the app to read all the UI Schemas in your Okta organization.
+            okta.userTypes.manage: Allows the app to manage user types in your Okta organization.
+            okta.userTypes.read: Allows the app to read user types in your Okta organization.
+            okta.users.manage: Allows the app to create new users and to manage all users' profile and credentials information.
+            okta.users.read: Allows the app to read the existing users' profiles and credentials.
diff --git a/openapi3/management.yaml b/openapi3/management.yaml
index 94b976026..28634d035 100644
--- a/openapi3/management.yaml
+++ b/openapi3/management.yaml
@@ -10,14 +10,11 @@ info:
   license:
     name: Apache-2.0
     url: https://www.apache.org/licenses/LICENSE-2.0.html
-  version: 5.1.0
+  version: 2024.06.1
   x-logo:
     url: logo.svg
     backgroundColor: transparent
     altText: Okta Developer
-externalDocs:
-  description: Find more info here
-  url: https://developer.okta.com/docs/reference/core-okta-api/#design-principles
 servers:
   - url: https://{yourOktaDomain}
     variables:
@@ -42,13 +39,26 @@ tags:
     description: The API Tokens API provides operations to manage SSWS API tokens for your organization.
   - name: Application
     x-displayName: Applications
-    description: The Applications API provides operations to manage applications and/or assignments to users or groups for your organization.
+    description: |-
+      The Applications API provides operations to manage apps in your org.
+
+      To create a custom app integration instance, use the [Create an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication) operation with the schema provided in the request payload.
+
+      To create an app instance from the Okta Integration Network (OIN), use the [Create an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication)
+      operation with the corresponding OIN app schema in the request body.
   - name: ApplicationConnections
     x-displayName: Application Connections
     description: |
       The Application Connections API provides operations for configuring connections to an app.
 
-      Currently, only the Okta Org2Org app provisioning connection is supported in this API.
+      Okta supports token-based and OAuth 2.0-based provisioning connections for supported apps.
+      The following available provisioning connections are supported by the indicated apps:
+        | <div style="width:200px">Connection</div> | Apps&nbsp;supported | Description   |
+        | -------------------- | -------------- | ----------- |
+        | Token  | Okta Org2Org (`okta_org2org`)<br>Zscaler 2.0 (`zscalerbyz`) | The provisioning API connection is based on bearer token authentication. |
+        | OAuth 2.0  | Google Workspace (`google`)<br>Microsoft Office 365 (`office365`)<br>Okta Org2Org (`okta_org2org`)<br>Slack (`slack`)<br>Zoom (`zoomus`) | The provisioning API connection is based on OAuth 2.0 authentication. |
+
+        > **Note:** The Okta Org2Org (`okta_org2org`) app isn't available in Okta Developer Edition orgs. If you need to test this feature in your Developer Edition org, contact your Okta account team.
   - name: ApplicationCredentials
     x-displayName: Application Credentials
     description: |
@@ -63,15 +73,18 @@ tags:
   - name: ApplicationFeatures
     x-displayName: Application Features
     description: |
-      The Feature object is used to configure feature settings for the application.
+      The Application Features API supports operations to configure app feature settings.
+
+      You must have app provisioning enabled to configure provisioning features. See [Update the default Provisioning Connection](/openapi/okta-management/management/tag/ApplicationConnections/#tag/ApplicationConnections/operation/updateDefaultProvisioningConnectionForApplication).
+
+      The following available provisioning features are supported by the indicated apps:
 
-      The only feature this API currently supports is `USER_PROVISIONING` for the Org2Org application type.
-      The `USER_PROVISIONING` feature is the same as the **To App** provisioning setting in the Admin Console.
-      Enable this feature to:
-      * Create Users
-      * Update User Attributes
-      * Deactivate Users
-      * Sync Password
+      | <div style="width:200px">Feature</div> | Apps&nbsp;supported | Description   |
+      | -------------------- | -------------- | ----------- |
+      | `USER_PROVISIONING`  | Google Workspace (`google`)<br>Microsoft Office 365 (`office365`)<br>Okta Org2Org (`okta_org2org`)<br>Slack (`slack`)<br>Zoom (`zoomus`)<br>Zscaler 2.0 (`zscalerbyz`) | Similar to the app **Provisioning** > **To App** setting in the Admin Console, user profiles are pushed from Okta to the third-party app. You can configure rules for creating users, deactivating users, and syncing passwords. |
+      | `INBOUND_PROVISIONING` | Google Workspace (`google`)<br>Microsoft Office 365 (`office365`)<br>Okta Org2Org (`okta_org2org`)<br>Slack (`slack`)<br>Zoom (`zoomus`) | Similar to the app **Provisioning** > **To Okta** provisioning setting in the Admin Console, user profiles are imported from the third-party app into Okta. You can schedule user import and configure rules for user creation and matching. |
+
+      > **Note:** The Okta Org2Org (`okta_org2org`) app isn't available in Okta Developer Edition orgs. If you need to test this feature in your Developer Edition org, contact your Okta account team.
   - name: ApplicationGrants
     x-displayName: Application Grants
     description: |
@@ -81,7 +94,7 @@ tags:
       If the app doesn't have permission to grant consent for a particular Okta scope, token requests that contain the scope are denied.
   - name: ApplicationGroups
     x-displayName: Application Groups
-    description: Groups assigned to an application
+    description: The Application Groups API provides a set of operations to manage group assignment for an app.
   - name: ApplicationLogos
     x-displayName: Application Logos
     description: Provides a resource to manage the application instance logo
@@ -93,40 +106,94 @@ tags:
     description: Provides a Single Sign-On (SSO) resource for an application
   - name: ApplicationTokens
     x-displayName: Application Tokens
-    description: Application OAuth 2.0 token operations
+    description: |
+      Resource to manage OAuth 2.0 tokens for an app
+      > **Note:** To configure refresh tokens for an app, see
+      > [grant_types](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication!path=4/settings/oauthClient/grant_types&t=request)
+      > and [refresh_token](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication!path=4/settings/oauthClient/refresh_token&t=request).
   - name: ApplicationUsers
     x-displayName: Application Users
-    description: Application user operations
+    description: |
+      The Application Users API provides operations to manage app users and their assignments.
+      The object returned from assigning a user to an app is known as the Application User.
+
+      You can assign users to apps for:
+        * SSO only
+        * SSO and provisioning
   - name: AttackProtection
     x-displayName: Attack Protection
-    description: The Attack Protection API provides operations to configure the User Lockout Settings in your org to prevent brute-force attacks.
+    description: The Attack Protection API provides operations to configure the User Lockout Settings and the Authenticator Settings in your org to protect against password abuse.
   - name: Authenticator
     x-displayName: Authenticators
     description: |-
-      The Authenticators Administration API provides operations to configure which Authenticators are available to end users for use when signing in to applications.
+      The Authenticators Administration API provides operations to configure which Authenticators are available to end users for use when they sign in to applications.
 
-      End users are required to use one or more Authenticators depending on the security requirements of the authentication policy.
+      End users are required to use one or more Authenticators based on the security requirements of the authentication policy.
 
       Okta Identity Engine currently supports Authenticators for the following factors:
 
       **Knowledge-based:**
-
       * Password
       * Security Question
 
       **Possession-based:**
-
-      * Phone (SMS, Voice Call)
+      * Phone (SMS, voice call)
       * Email
       * WebAuthn
       * Duo
-      * Custom App
+      * Custom app
   - name: AuthorizationServer
     x-displayName: Authorization Servers
-    description: Authorization Servers generate OAuth 2.0 and OpenID Connect tokens, including access tokens and ID tokens. The Okta Management API gives you the ability to configure and manage Authorization Servers and the security policies that are attached to them.
+    description: |-
+      Authorization Servers generate OAuth 2.0 and OpenID Connect tokens, including access tokens and ID tokens. The Okta Management API gives you the ability to configure and manage Authorization Servers and the security policies that are attached to them.
+
+      **Work with the Default Authorization Server**
+
+      Okta provides a pre-configured Custom Authorization Server with the name `default`. This Default Authorization Server includes a basic access policy and rule, which you can edit to control access. It allows you to specify `default` instead of the `authorizationServerId` in requests to it:
+
+      `https://${yourOktaDomain}/api/v1/authorizationServers/default`
+
+      vs
+
+      `https://${yourOktaDomain}/api/v1/authorizationServers/${authorizationServerId}` for other Custom Authorization Servers
+  - name: AuthorizationServerAssoc
+    x-displayName: Authorization Server Associated Servers
+    description: Associated authorization servers allow you to designate a trusted authorization server that you associate with another authorization server. This type of association provides a way to configure [token exchange](https://developer.okta.com/docs/guides/set-up-token-exchange/main/#trusted-servers) between other authorization servers under the same Okta tenant.
+  - name: AuthorizationServerClaims
+    x-displayName: Authorization Server Claims
+    description: Provides operations to manage custom token claims for the given `authServerId` and `claimId`
+  - name: AuthorizationServerClients
+    x-displayName: Authorization Server Clients
+    description: |-
+      These endpoints allow you to manage tokens issued by an authorization server for a particular client. For example, you can revoke every active refresh token for a specific client. You can also revoke specific tokens or manage tokens at the User level.
+
+      Read [Validate access tokens](https://developer.okta.com/docs/guides/validate-access-tokens/dotnet/main/) and [Validate ID tokens](https://developer.okta.com/docs/guides/validate-id-tokens/main/) to understand more about how OAuth 2.0 tokens work.
+  - name: AuthorizationServerKeys
+    x-displayName: Authorization Server Keys
+    description: Provides operations to manage credential keys for the given `authServerId`.
+  - name: AuthorizationServerPolicies
+    x-displayName: Authorization Server Policies
+    description: Provides operations to manage policies for the given `authServerId`.
+  - name: AuthorizationServerRules
+    x-displayName: Authorization Server Rules
+    description: Provides operations to manage policy rules for the given `authServerId`, `policyId`, and `ruleId`.
+  - name: AuthorizationServerScopes
+    x-displayName: Authorization Server Scopes
+    description: Provides operations to manage custom token scopes for the given `authServerId` and `scopeId`.
   - name: Behavior
     x-displayName: Behavior Rules
     description: The Behavior Rules API provides operations to manage the behavior detection rules for your organization.
+  - name: Brands
+    x-displayName: Brands
+    description: |-
+      These endpoints allow you to manage Brands, and their metadata, in your orgs. With Brands, you can customize the following:
+      * [The Okta-hosted sign-in page](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/CustomPages/)
+      * [The sign-out page](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/CustomPages/)
+      * [Error pages](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/CustomPages/)
+      * [Email templates](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/CustomTemplates/)
+      * [The Okta End-User Dashboard](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Themes/)
+
+      > **Note:**  Some of the curl code examples on this page include SSWS API token authentication. However, Okta recommends using scoped OAuth 2.0 and OIDC access tokens to authenticate with Okta management APIs. OAuth 2.0 and OIDC access tokens provide fine-grain control over the bearer's actions on specific endpoints. See [Okta API authentication methods](https://developer.okta.com/docs/api/openapi/okta-oauth/guides/overview/).
   - name: CAPTCHA
     x-displayName: CAPTCHAs
     description: |-
@@ -138,12 +205,45 @@ tags:
   - name: CustomDomain
     x-displayName: Custom Domains
     description: The Custom Domains API provides operations to manage custom domains for your organization.
-  - name: Customization
-    x-displayName: Customizations
+  - name: CustomPages
+    x-displayName: Custom Pages
+    description: |-
+      These endpoints allow you to customize the contents of various pages, including:
+      * The Okta-hosted sign-in page
+      * Error pages
+      * The sign-out page
+
+      > **Note:**  Some of the curl code examples on this page include SSWS API token authentication. However, Okta recommends using scoped OAuth 2.0 and OIDC access tokens to authenticate with Okta management APIs. OAuth 2.0 and OIDC access tokens provide fine-grain control over the bearer's actions on specific endpoints. See [Okta API authentication methods](https://developer.okta.com/docs/api/openapi/okta-oauth/guides/overview/).
+  - name: CustomTemplates
+    x-displayName: Custom Email Templates
     description: |-
-      The Brands API allows you to customize the look and feel of pages and templates, such as the Okta-hosted sign-in page, error pages, email templates, and the Okta End-User Dashboard.
+      These endpoints allow you to programmatically manage email customizations.
+
+      Okta provides many customizable email templates. For example, the `UserActivation` email template allows users to activate their account. Use email customizations to override a template's default content. See the [list of email templates](https://developer.okta.com/docs/guides/custom-email/main/#use-customizable-email-templates).
+
+      Each template has default content that Okta translates to any one of the supported languages. The following settings determine the language for emails sent from Okta to a user, if the user hasn't selected a specific display language:
+      * The user's locale property value (if specified)
+      * The org's display language
+
+      See [Supported languages](https://developer.okta.com/docs/guides/custom-email/main/#supported-languages).
+
+      The following constraints apply to email customizations:
+      * If an email template has any customizations at all, exactly one of them must be the default (where `isDefault` is `true`). Okta uses the default customization when no other customization applies to the user's language settings.
+      * Each email template can have only one customization for each supported language.
+
+      ### Enable other locales
+      <ApiLifecycle access="ea" />
 
-      Each new org contains Okta default branding. You can upload your own assets (colors, background image, logo, and favicon) to replace the default assets and publish these assets directly to your pages and templates.
+      Use the [BCP 47 format](https://www.rfc-editor.org/info/bcp47) to enable more locales than Okta's 27 default languages.
+
+      Once you create a customization with the new locale, the locale appears in the Admin Console along with the default-supported locales.
+
+      Include `null` in the subject or body of the email customization. Okta replaces `null` with a default value based on the following order of priority:
+
+      - An existing default email customization, if one exists
+      - Okta-provided translated content for the specified language, if one exists
+      - Okta-provided translated content for the brand locale, if it's set
+      - Okta-provided content in English
   - name: Device
     x-displayName: Devices
     description: |-
@@ -167,12 +267,18 @@ tags:
   - name: DeviceAssurance
     x-displayName: Device Assurance Policies
     description: The Device Assurance Policies API provides operations to manage device assurance policies in your organization.
+  - name: DirectoriesIntegration
+    x-displayName: Directories Integration
+    description: |-
+      > **Note:** Your Okta org needs to have the AD bidirectional group management feature enabled. Contact your Okta account team to enable this feature.
+
+      The Directories Integration API provides operations to manage Active Directory objects in a connected on-premises directory through Okta.
   - name: EmailDomain
     x-displayName: Email Domains
     description: The Email Domains API provides operations to manage email domains for your organization.
   - name: EmailServer
     x-displayName: Email Servers
-    description: The Okta Email Servers API provides operations to manage custom email SMTP servers for your organization.
+    description: The Email Servers API allows you to configure a custom external email provider to send email notifications. By default, notifications such as the welcome email or an account recovery email are sent through an Okta-managed SMTP server. Adding a custom email provider gives you more control over your email delivery.
   - name: EventHook
     x-displayName: Event Hooks
     description: |-
@@ -181,6 +287,8 @@ tags:
       For general information on event hooks and how to create and use them, see [Event hooks](https://developer.okta.com/docs/concepts/event-hooks/). The following documentation is only for the management API, which provides a CRUD interface for registering event hooks.
 
       For a step-by-step guide on implementing an example event hook, see the [Event hook](https://developer.okta.com/docs/guides/event-hook-implementation/) guide.
+
+      When you create an event hook, you need to specify which events you want to subscribe to. To see the list of event types currently eligible for use in event hooks, use the [Event Types](https://developer.okta.com/docs/reference/api/event-types/#catalog) catalog and search with the parameter `event-hook-eligible`.
   - name: Feature
     x-displayName: Features
     description: |-
@@ -190,6 +298,12 @@ tags:
   - name: Group
     x-displayName: Groups
     description: The Groups API provides operations to manage Okta Groups and their user members for your organization.
+  - name: GroupOwner
+    x-displayName: Group Owners
+    description: |-
+      The Group Owners API provides operations to manage owners of Okta Groups for your organization.
+
+      > **Note**: This API is only available if you're subscribed to [Okta Identity Governance](https://www.okta.com/products/identity-governance/). Contact your Customer Success Manager or Account Executive for more information.
   - name: HookKey
     x-displayName: Hook Keys
     description: The Hook Keys API provides operations to manage hook keys for your organization.
@@ -254,16 +368,44 @@ tags:
 
       ## Links between User Types
 
-      If you created multiple User Types, they all share the same Linked Object definitions. For example, if you have separate User Types for employees and contractors, a link could designate an employee as the manager for a contractor, with the contractor being a subordinate of that employee.
+      If you created multiple User Types (see [User Types](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/UserType/)), they all share the same Linked Object definitions. For example, if you have separate User Types for employees and contractors, a link could designate an employee as the manager for a contractor, with the contractor being a subordinate of that employee.
+
+      ## Link definition operations
+
+      Link definition operations allow you to manage the creation and removal of the link definitions. If you remove a link definition, links based on that definition are unavailable.
+
+      > **Note:** Links reappear if you recreate the definition. However, Okta is likely to change this behavior so that links don't reappear. Don't rely on this behavior in production environments.
   - name: LogStream
     x-displayName: Log Streaming
-    description: The Log Streaming API provides operations to manage log stream configurations for an org. You can configure up to two log stream integrations per org.
+    description: The Log Streaming API provides operations to manage Log Stream configurations for an org. You can configure up to two Log Stream integrations per org.
   - name: NetworkZone
     x-displayName: Network Zones
     description: |-
-      The Okta Network Zones API provides operations to manage Zones in your organization. There are two usage Zone types: Policy Network Zones and Blocklist Network Zones. Policy Network Zones are used to guide policy decisions. Blocklist Network Zones are used to deny access from certain IP addresses, locations, proxy types, or Autonomous System Numbers (ASNs) before policy evaluation.
+      The Network Zones API provides operations to manage system default and custom zones in your Okta org.
+      Network Zones are configurable boundaries that you can use to grant or restrict access to resources in your organization.
+      They're used for two purposes:
+      * `POLICY`: Network Zones used to guide policy decisions
+      * `BLOCKLIST`: Network Zones used to deny access from certain IP addresses, locations, Autonomous System Numbers (ASNs), proxy types, or IP service categories before policy evaluation
+      > **Note:** The Network Zone blocklist applies to all URLs for the org.
+
+      See [Network zones](https://help.okta.com/okta_help.htm?id=ext_Security_Network) in the Okta product documentation.
+
+      Your Okta org provides the following default system Network Zones that you can modify and use:
+      * `LegacyIpZone`: The system default IP Network Zone
+      * `BlockedIpZone`: The system default IP Blocklist Network Zone
+      * <x-lifecycle class="ea"></x-lifecycle> `DefaultEnhancedDynamicZone`: The system default Enhanced Dynamic Network Zone
 
-      A default system Policy Network Zone is provided in your Okta org. You can use the Network Zones API to modify the default Policy Network Zone or to create a custom Policy or Blocklist Network Zone. When you create your custom Zone, you can specify if the Zone is an IP Zone or a Dynamic Zone. An IP Zone allows you to define network perimeters around a set of IPs, whereas a Dynamic Zone allows you to define network perimeters around location, IP type, and ASNs.
+      You can create and use the following custom Network Zones:
+      * IP Network Zone (`IP`): Allows you to define network perimeters around a set of IPs
+      * Dynamic Network Zone (`DYNAMIC`): Allows you to define network perimeters around location, IP type, or ASNs
+      * <x-lifecycle class="ea"></x-lifecycle> Enhanced Dynamic Network Zone (`DYNAMIC_V2`): Extends the Dynamic Network Zone and allows you to include or exclude specific locations, ASNs, or IP service categories
+
+      > **Notes:**
+      > * To create multiple Network Zones, you must have Adaptive MFA enabled in your Okta org.
+      > * Enhanced Dynamic Network Zones is a [self-service Early Access (EA)](/openapi/okta-management/guides/release-lifecycle/#early-access-ea) feature. You must enable **Enhanced Dynamic Network Zones** in your Org settings to access this API. See [Manage Early Access and Beta features](https://help.okta.com/okta_help.htm?id=ext_secur_manage_ea_bata).
+  - name: OktaApplicationSettings
+    x-displayName: Okta Application Settings
+    description: The Okta Application Settings API provides operations to manage settings for Okta apps in your org.
   - name: OrgSetting
     x-displayName: Org Settings
     description: The Org Settings API provides operations to manage your org account settings such as contact information, granting Okta Support access, and more.
@@ -281,19 +423,32 @@ tags:
     description: The Mappings API provides operations to manage the mapping of Profile properties between an Okta User and an App User using [Okta Expression Language](https://developer.okta.com/docs/reference/okta-expression-language). More information on Okta User and App User Profiles can be found in Okta's [User profiles](https://developer.okta.com/docs/concepts/user-profiles/#what-is-the-okta-universal-directory).
   - name: PushProvider
     x-displayName: Push Providers
-    description: The Push Providers API provides operations to manage Push Providers for your organization.
     x-okta-lifecycle:
-      features:
-        - CUSTOM_PUSH_AUTHENTICATOR
+      lifecycle: GA
+      isGenerallyAvailable: false
+      SKUs: []
+    description: |-
+      The Okta Push Providers API provides a centralized integration platform to fetch and manage push provider configurations. Okta administrators can use these APIs to provide their push provider credentials, for example from APNs and FCM, so that Okta can send push notifications to their own custom app authenticator applications.
+
+      The Push Providers API supports the following **Authorization Schemes**:
+      * SSWS - [API tokens](https://developer.okta.com/docs/reference/core-okta-api/#authentication)
+      * Bearer - [OAuth2.0 and OpenID Connect](https://developer.okta.com/docs/concepts/oauth-openid/)
+
+      > **Notes:**
+      > * Some of the curl code examples on this page include SSWS API token authentication. However, Okta recommends using scoped OAuth 2.0 and OIDC access tokens to authenticate with Okta management APIs. OAuth 2.0 and OIDC access tokens provide fine-grain control over the bearer's actions on specific endpoints. See [Okta API authentication methods](https://developer.okta.com/docs/reference/core-okta-api/#authentication).
+      > * You can use the Push Providers API as part of the "Create a custom authenticator" flow. See the [Custom authenticator integration guide](https://developer.okta.com/docs/guides/authenticators-custom-authenticator/android/main/).
   - name: RateLimitSettings
     x-displayName: Rate Limit Settings
     description: The Rate Limit Settings APIs provide operations to manage settings and configurations surrounding rate limiting in your Okta organization.
   - name: Realm
     x-displayName: Realms
-    description: The realm API provides operations to manage realms
+    description: The Realms API provides operations to manage realms
+  - name: RealmAssignment
+    x-displayName: Realm Assignments
+    description: The Realm Assignments API provides operations to manage Realm Assignments
   - name: ResourceSet
     x-displayName: Resource Sets
-    description: The Resource Sets API provides operations to manage Resource Sets as custom collections of resources. You can use Resource Sets to assign Custom Roles to administrators who are scoped to the designated resources. See [Supported Resources](https://developer.okta.com/docs/concepts/role-assignment/#supported-resources).
+    description: The Resource Sets API provides operations to manage Resource Sets as custom collections of resources. You can use Resource Sets to assign Custom Roles to administrators who are scoped to the designated resources. See [Supported Resources](/openapi/okta-management/guides/roles/#supported-resources).
   - name: RiskEvent
     x-displayName: Risk Events
     description: The Risk Events API provides the ability for third-party risk providers to send risk events to Okta. See [Third-party risk provider integration](https://developer.okta.com/docs/guides/third-party-risk-integration/) for guidance on integrating third-party risk providers with Okta.
@@ -308,7 +463,7 @@ tags:
       Role listing APIs provide a union of both standard and Custom Roles assigned to a User or Group.
   - name: RoleAssignment
     x-displayName: Role Assignments
-    description: These APIs allow you to assign custom roles to user and groups, as well as designate Third-Party Administrator status to a user or group.
+    description: The Role Assignments APIs allow you to assign custom roles, and designate third-party admin status, to users, groups and public client apps.
   - name: RoleTarget
     x-displayName: Role Targets
     description: |-
@@ -319,6 +474,39 @@ tags:
       * **App Instance targets:** Grant an admin permission to manage an instance of one App or instances of multiple Apps. App Instances are specific Apps that admins have created in their org. For example, there may be a Salesforce App configured differently for each sales region of a company. When you create an App Instance target, you can assign an admin to manage only two instances of the configured Salesforce Apps and then also to manage an instance of another configured App such as Workday.
 
       > **Note:** Don't use these operations with a Custom Role ID. Custom Role assignments always require a target Resource Set. See [Role Assignments](https://developer.okta.com/docs/concepts/role-assignment/) for more information.
+  - name: SSFReceiver
+    x-displayName: SSF Receiver
+    description: |-
+      <x-lifecycle class="ea"></x-lifecycle> <x-lifecycle class="oie"></x-lifecycle>
+      > **Note:** This is an EA release feature that's currently available to a selected audience.
+      > This feature is only available as a part of Okta Identity Engine. Your Okta org must have the SSF Receiver API feature enabled.
+      > Contact your Okta account team to enable this feature.
+
+      Okta uses the [Shared Signals Framework (SSF)](https://sharedsignals.guide/) to receive security-related events and other data-subject signals from third-party security vendors. In this scenario, commonly used terms for third-party vendors that send signals are "transmitters", Okta is the "receiver", and the connection between the two entities is referred to as a "stream."
+
+      The SSF Receiver API allows you to manage SSF vendor stream configurations between the transmitter and Okta. A stream is configured by [creating a Security Events Provider](/openapi/okta-management/management/tag/SSFReceiver/#tag/SSFReceiver/operation/createSecurityEventsProviderInstance) object in your Okta org. You can create a Security Events Provider object in Okta with a published well-known URL or an issuer-and-JWKS combination.
+
+      After the Security Events Provider object is created for a transmitter, the provider can use the [SSF Security Event Tokens](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/SSFSecurityEventToken/) API to publish events to Okta. While the SSF allows ingestion through push and poll-based operations, Okta currently supports only push-based operations.
+  - name: SSFSecurityEventToken
+    x-displayName: SSF Security Event Tokens
+    description: |-
+      <x-lifecycle class="ea"></x-lifecycle> <x-lifecycle class="oie"></x-lifecycle>
+      > **Note:** This is an EA release feature that's currently available to a selected audience.
+      > This feature is only available as a part of Okta Identity Engine. Your Okta org needs to have the SSF Security Event Tokens API feature enabled.
+      > Contact your Okta account team to enable this feature.
+
+      The Shared Signals Framework (SSF) Security Event Tokens API allows third-party security event providers to send Security Event Tokens (SETs) to Okta. The provider must be configured in Okta as a Security Events Provider instance before transmitting a SET to Okta. See [Create a Security Events Provider](/openapi/okta-management/management/tag/SSFReceiver/#tag/SSFReceiver/operation/createSecurityEventsProviderInstance). After the token is verified, any appropriate action is performed upon ingestion.
+
+      Okta uses the Shared Signals Framework (SSF) defined by the [OpenID Shared Signals and Events Framework specification](https://openid.net/specs/openid-sse-framework-1_0.html). A risk signal is ingested as a Security Event Token (SET), a type of JSON Web Token (JWT) that must comply with the SET standard: [RFC 8417 - Security Event Token(SET)](https://datatracker.ietf.org/doc/html/rfc8417). The `security.events.provider.receive_event` System Log event is created when a SET is published to Okta successfully.
+  - name: SSFTransmitter
+    x-displayName: SSF Transmitter
+    description: |-
+      <x-lifecycle class="ea"></x-lifecycle> <x-lifecycle class="oie"></x-lifecycle>
+      > **Note:** The SSF Transmitter API is a [self-service Early Access (EA)](/openapi/okta-management/guides/release-lifecycle/#early-access-ea) feature. You must enable the **Enable Managed Apple ID federation and provisioning** feature in your Org settings to access this feature. See [Manage Early Access and Beta features](https://help.okta.com/okta_help.htm?id=ext_secur_manage_ea_bata).
+
+      Okta uses the [Shared Signals Framework (SSF)](https://sharedsignals.guide) to send security-related events and other data-subject signals to third-party security vendors. In this scenario, commonly used terms for third-party vendors that receive signals are "receivers", Okta is the "transmitter", and the connection between the two entities is referred to as a "stream."
+
+      The SSF Transmitter API allows you to manage SSF stream configurations between the receiver that receives signals transmitted by Okta. Okta sends signals in the form of [Security Event Tokens (SETs)](https://datatracker.ietf.org/doc/html/rfc8417) to a third-party SSF receiver. To enable the transmission of signals from Okta, you must create an SSF Stream using the SSF Transmitter API and configure the third-party receiver to accept signals from Okta.
   - name: Schema
     x-displayName: Schemas
     description: |-
@@ -335,9 +523,9 @@ tags:
     description: |-
       Okta uses a cookie-based authentication mechanism to maintain a user's authentication Session across web requests. The Okta Sessions API provides operations to create and manage authentication Sessions for users in your Okta organization.
 
-      >**Note:** Some browsers block third-party cookies by default, which disrupts Okta functionality in certain flows. See [FAQ: How Blocked Third Party Cookies Can Potentially Impact Your Okta Environment](https://support.okta.com/help/s/article/FAQ-How-Blocking-Third-Party-Cookies-Can-Potentially-Impact-Your-Okta-Environment).
-
-      >**Note:** The Sessions API doesn't support direct authentication. Direct authentication is supported through the [Authentication API](https://developer.okta.com/docs/reference/api/authn/#authentication-operations) or through OIDC using the [Resource Owner Password flow](https://developer.okta.com/docs/guides/implement-grant-type/ropassword/main/).
+      >**Notes:**
+      > * Some browsers block third-party cookies by default, which disrupts Okta functionality in certain flows. See [Mitigate the impact of third-party cookie deprecation](https://help.okta.com/okta_help.htm?type=oie&id=ext-third-party-cookies).
+      > * The Sessions API doesn't support direct authentication. Direct authentication is supported through the [Authentication API](https://developer.okta.com/docs/reference/api/authn/#authentication-operations) or through OIDC using the [Resource Owner Password flow](https://developer.okta.com/docs/guides/implement-grant-type/ropassword/main/).
 
       ### Session cookie
 
@@ -383,6 +571,32 @@ tags:
       > **Note:** Only SMS custom Templates are available through the API.
 
       SMS Templates customize the SMS message that is sent to users. One default SMS Template is provided. All custom Templates must have the variable `${code}` as part of the text. The `${code}` variable is replaced with the actual SMS code when the message is sent. Optionally, you can also use the variable `${org.name}`. If a Template contains `${org.name}`, it is replaced with the organization name before the SMS message is sent.
+
+      ### SMS Template macros
+
+      Only two macros are supported for SMS Templates:
+      | <div style="width:200px">Type</div> | Description   |
+      | -------------------- | ----------- |
+      | ${code}  | The one-time verification code that's required for a user to sign in. |
+      | ${org.name} | The Okta org name that the user is trying to authenticate into. |
+
+      >**Note:** The length of your SMS message can't exceed 160 characters. If the verification code portion of the message falls outside of the 160-character limit, your message isn't sent.
+  - name: Themes
+    x-displayName: Themes
+    description: |-
+      These endpoints allow you to customize the look and feel of pages and templates, including the following:
+      * The Okta-hosted sign-in page
+      * The sign-out page
+      * Error pages
+      * Email templates
+      * The Okta End-User Dashboard
+
+      Each new org contains Okta default branding. You can upload your own assets (colors, background image, logo, and favicon) to replace the default assets. Then you can publish these assets directly to your pages and templates.
+
+      > **Notes:**
+      > * Some of the curl code examples on this page include SSWS API token authentication. However, Okta recommends scoped OAuth 2.0 and OIDC access tokens to authenticate with Okta management APIs. OAuth 2.0 and OIDC access tokens provide fine-grain control over the bearer's actions on specific endpoints. See [Okta API authentication methods](https://developer.okta.com/docs/api/openapi/okta-oauth/guides/overview/).
+      > * Okta optimizes the `primaryColorContrastHex` and `secondaryColorContrastHex` properties for the highest contrast between the font color and the background or button color. To disable or override the contrast auto-detection, update either contrast value with an accepted contrast hex code. Any update disables future automatic optimizations for the contrast hex.
+      > * Contrast color is used by pages to optimize the opacity of text color when primary or secondary color is used as the background.
   - name: ThreatInsight
     x-displayName: ThreatInsight
     description: |-
@@ -402,32 +616,55 @@ tags:
 
       When external URLs are requested during sign-in, sign-out, or recovery operations, Okta checks those URLs against the allowed list of Trusted Origins. Trusted Origins also enable browser-based applications to access Okta APIs from JavaScript (CORS). If the origins aren't specified, the related operation (redirect or Okta API access) isn't permitted.
 
-      You can also configure Trusted Origins to allow iFrame embedding of Okta resources, such as Okta sign-in pages and the Okta End-User Dashboard, within that origin. This is an Early Access feature. To enable it, contact [Okta Support](https://support.okta.com/help/s/).
+      You can also configure Trusted Origins to allow iFrame embedding of Okta resources, such as Okta sign-in pages and the Okta End-User Dashboard, within that origin.
 
-      > **Note:** This Early Access feature is supported for Okta domains only. It isn't currently supported for custom domains.
+      > **Notes:**  
+      > * This feature is supported for Okta domains only. It isn't currently supported for custom domains.
+      > * Some of the curl code examples on this page include SSWS API token authentication. However, Okta recommends using scoped OAuth 2.0 and OIDC access tokens to authenticate with Okta management APIs. OAuth 2.0 and OIDC access tokens provide fine-grain control over the bearer's actions on specific endpoints. See [Okta API authentication methods](https://developer.okta.com/docs/api/openapi/okta-oauth/guides/overview/).
   - name: UISchema
     x-displayName: UI Schema
     description: |-
       The Okta UI Schema API allows you to control how inputs appear on an enrollment form. The UI Schema API is only available as a part of Okta Identity Engine.
 
-      If you’re not sure which solution you’re using, check the footer on any page of the Admin Console. The version number is appended with E for Identity Engine orgs and C for Classic Engine orgs.
+      If you're not sure which solution you're using, check the footer on any page of the Admin Console. The version number is appended with E for Identity Engine orgs and C for Classic Engine orgs.
   - name: User
     x-displayName: Users
     description: The User API provides operations to manage users in your organization.
   - name: UserFactor
     x-displayName: User Factors
-    description: The Factors API provides operations to enroll, manage, and verify factors for multifactor authentication (MFA). Manage both administration and end-user accounts, or verify an individual factor at any time.
+    description: |-
+      The Factors API provides operations to enroll, manage, and verify factors for multifactor authentication (MFA). Generally, authentication involves verifying a different one-time passcode (OTP). Manage both administration and end-user accounts, or verify an individual factor at any time.
+      Okta supports several different types of Factors:
+      | Factor Type           | Description |
+      |-----------------------|-------------|
+      | `call`                | Software OTP sent using a voice call to a registered phone number |
+      | `sms`                 | Software OTP sent using SMS to a registered phone number |
+      | `email`               | Software OTP sent using email |
+      | `question`            | Additional knowledge-based security question |
+      | `push`                | Out-of-band verification using a push notification to a device and transaction verification with digital signature |
+      | `token`               | Software or hardware OTP sent to a device |
+      | `token:hardware`      | Hardware OTP sent to a device |
+      | `token:hotp`          | Custom [TOTP](https://www.ietf.org/rfc/rfc6238.txt) factor that uses an extension of the HMAC-based one-time passcode (HOTP) algorithm |
+      | `token:software:totp` | Software time-based one-time passcode (TOTP) |
+      | `u2f`                 | Hardware Universal 2nd Factor (U2F) device |
+      | `web`                 | HTML inline frame (iframe) for embedding verification from a third party |
+      | `webauthn`            | Hardware WebAuthn device |
+      | `signed_nonce`        | Okta Fastpass (device-bound authentication). This is available for OIE orgs if the org has users that have enrolled with Okta Verify after the org started using OIE. |
   - name: UserType
     x-displayName: User Types
     description: The User Types API provides operations to manage User Types.
+externalDocs:
+  description: Find more info here
+  url: https://developer.okta.com/docs/reference/core-okta-api/#design-principles
 paths:
   /.well-known/app-authenticator-configuration:
     get:
       x-okta-lifecycle:
-        features:
-          - CUSTOM_PUSH_AUTHENTICATOR
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
       summary: Retrieve the Well-Known App Authenticator Configuration
-      description: Retrieves the well-known app authenticator configuration, which includes an app authenticator's settings, supported methods and various other configuration details
+      description: Retrieves the well-known app authenticator configuration. Includes an app authenticator's settings, supported methods, and other details.
       operationId: getWellKnownAppAuthenticatorConfiguration
       parameters:
         - name: oauthClientId
@@ -445,6 +682,9 @@ paths:
                 type: array
                 items:
                   $ref: '#/components/schemas/WellKnownAppAuthenticatorConfiguration'
+              examples:
+                AuthenticatorConfiguration:
+                  $ref: '#/components/examples/WellKnownAppAuthenticatorConfigurationCustomApp'
         '400':
           $ref: '#/components/responses/ErrorMissingRequiredParameter400'
         '429':
@@ -474,6 +714,41 @@ paths:
       security: []
       tags:
         - OrgSetting
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
+  /.well-known/ssf-configuration:
+    get:
+      summary: Retrieve the SSF Transmitter metadata
+      description: Retrieves SSF Transmitter configuration metadata. This includes all supported endpoints and key information about certain properties of the Okta org as the transmitter, such as `delivery_methods_supported`, `issuer`, and `jwks_uri`.
+      operationId: getWellknownSsfMetadata
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/WellKnownSSFMetadata'
+              examples:
+                wellKnownSSFMetadataExample:
+                  $ref: '#/components/examples/wellKnownSSFMetadataExample'
+        '401':
+          $ref: '#/components/responses/ErrorInvalidToken401'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security: []
+      tags:
+        - SSFTransmitter
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/agentPools:
     get:
       summary: List all Agent Pools
@@ -502,6 +777,9 @@ paths:
             - okta.agentPools.read
       tags:
         - AgentPools
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/agentPools/{poolId}/updates:
     parameters:
       - $ref: '#/components/parameters/pathPoolId'
@@ -532,6 +810,9 @@ paths:
             - okta.agentPools.read
       tags:
         - AgentPools
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create an Agent Pool update
       description: Creates an Agent pool update \n For user flow 2 manual update, starts the update immediately. \n For user flow 3, schedules the update based on the configured update window and delay.
@@ -563,6 +844,9 @@ paths:
             - okta.agentPools.manage
       tags:
         - AgentPools
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/agentPools/{poolId}/updates/settings:
     parameters:
       - $ref: '#/components/parameters/pathPoolId'
@@ -589,6 +873,9 @@ paths:
             - okta.agentPools.read
       tags:
         - AgentPools
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Update an Agent Pool update settings
       description: Updates an agent pool update settings
@@ -620,6 +907,9 @@ paths:
             - okta.agentPools.manage
       tags:
         - AgentPools
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/agentPools/{poolId}/updates/{updateId}:
     parameters:
       - $ref: '#/components/parameters/pathPoolId'
@@ -647,6 +937,9 @@ paths:
             - okta.agentPools.read
       tags:
         - AgentPools
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Update an Agent Pool update by id
       description: Updates Agent pool update and return latest agent pool update
@@ -678,6 +971,9 @@ paths:
             - okta.agentPools.manage
       tags:
         - AgentPools
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete an Agent Pool update
       description: Deletes Agent pool update
@@ -697,6 +993,9 @@ paths:
             - okta.agentPools.manage
       tags:
         - AgentPools
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/agentPools/{poolId}/updates/{updateId}/activate:
     parameters:
       - $ref: '#/components/parameters/pathPoolId'
@@ -724,6 +1023,9 @@ paths:
             - okta.agentPools.manage
       tags:
         - AgentPools
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/agentPools/{poolId}/updates/{updateId}/deactivate:
     parameters:
       - $ref: '#/components/parameters/pathPoolId'
@@ -751,6 +1053,9 @@ paths:
             - okta.agentPools.manage
       tags:
         - AgentPools
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/agentPools/{poolId}/updates/{updateId}/pause:
     parameters:
       - $ref: '#/components/parameters/pathPoolId'
@@ -778,6 +1083,9 @@ paths:
             - okta.agentPools.manage
       tags:
         - AgentPools
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/agentPools/{poolId}/updates/{updateId}/resume:
     parameters:
       - $ref: '#/components/parameters/pathPoolId'
@@ -805,6 +1113,9 @@ paths:
             - okta.agentPools.manage
       tags:
         - AgentPools
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/agentPools/{poolId}/updates/{updateId}/retry:
     parameters:
       - $ref: '#/components/parameters/pathPoolId'
@@ -832,6 +1143,9 @@ paths:
             - okta.agentPools.manage
       tags:
         - AgentPools
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/agentPools/{poolId}/updates/{updateId}/stop:
     parameters:
       - $ref: '#/components/parameters/pathPoolId'
@@ -859,19 +1173,14 @@ paths:
             - okta.agentPools.manage
       tags:
         - AgentPools
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/api-tokens:
     get:
       summary: List all API Token Metadata
       description: Lists all the metadata of the active API tokens
       operationId: listApiTokens
-      parameters:
-        - $ref: '#/components/parameters/queryAfter'
-        - $ref: '#/components/parameters/queryLimit'
-        - name: q
-          in: query
-          description: Finds a token that matches the name or clientName.
-          schema:
-            type: string
       responses:
         '200':
           description: OK
@@ -894,6 +1203,9 @@ paths:
             - okta.apiTokens.read
       tags:
         - ApiToken
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/api-tokens/current:
     delete:
       summary: Revoke the Current API Token
@@ -910,12 +1222,15 @@ paths:
         - apiToken: []
       tags:
         - ApiToken
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/api-tokens/{apiTokenId}:
     parameters:
       - $ref: '#/components/parameters/pathApiTokenId'
     get:
       summary: Retrieve an API Token's Metadata
-      description: Retrieves the metadata for an active API token by id
+      description: Retrieves the metadata for an active API token by `apiTokenId`
       operationId: getApiToken
       responses:
         '200':
@@ -939,6 +1254,53 @@ paths:
             - okta.apiTokens.read
       tags:
         - ApiToken
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+    put:
+      summary: Upsert an API Token Network Condition
+      description: Upserts an API Token Network Condition by `apiTokenId`
+      operationId: upsertApiToken
+      requestBody:
+        content:
+          application/json:
+            example:
+              name: api_token_name
+              clientName: client_name
+              userId: 00uabcdefg1234567890
+              network:
+                connection: ANYWHERE
+              created: '2021-11-09T20:38:10.000Z'
+            schema:
+              $ref: '#/components/schemas/ApiTokenUpdate'
+        required: true
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApiToken'
+              examples:
+                HCaptcha:
+                  $ref: '#/components/examples/ApiTokenMetadataResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apiTokens.manage
+      tags:
+        - ApiToken
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: true
     delete:
       summary: Revoke an API Token
       description: Revokes an API token by `apiTokenId`
@@ -958,6 +1320,9 @@ paths:
             - okta.apiTokens.manage
       tags:
         - ApiToken
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/apps:
     get:
       summary: List all Applications
@@ -985,11 +1350,7 @@ paths:
           description: Filters apps by status, user.id, group.id or credentials.signing.kid expression
           schema:
             type: string
-        - name: expand
-          in: query
-          description: Traverses users link relationship and optionally embeds Application User resource
-          schema:
-            type: string
+        - $ref: '#/components/parameters/queryAppsExpand'
         - name: includeNonDeleted
           in: query
           schema:
@@ -1014,6 +1375,9 @@ paths:
             - okta.apps.read
       tags:
         - Application
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create an Application
       description: Creates a new application to your Okta organization
@@ -1055,70 +1419,15 @@ paths:
             - okta.apps.manage
       tags:
         - Application
-  /api/v1/apps/${appId}/sso/saml/metadata:
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+  /api/v1/apps/google/{appId}/oauth2/callback:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+  /api/v1/apps/office365/{appId}/oauth2/callback:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
-    get:
-      summary: Preview the application SAML metadata
-      description: Previews the SSO SAML metadata for an application
-      operationId: previewSAMLmetadataForApplication
-      responses:
-        '200':
-          description: OK
-          content:
-            text/xml:
-              schema:
-                type: string
-                description: SAML metadata in XML
-                format: xml
-              examples:
-                previewSAML:
-                  summary: SAML metadata example
-                  value: |
-                    <?xml version="1.0" encoding="UTF-8"?>
-                      <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="exk39sivhuytV2D8H0h7">
-                        <md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
-                            <md:KeyDescriptor use="signing">
-                                <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-                                    <ds:X509Data>
-                                        <ds:X509Certificate>MIIDqDCCApCgAwIBAgIGAVGNO4qeMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYDVQQGEwJVUzETMBEG
-                    A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
-                    MBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGJhbGFjb21wdGVzdDEcMBoGCSqGSIb3DQEJ
-                    ARYNaW5mb0Bva3RhLmNvbTAeFw0xNTEyMTAxODUwMDhaFw0xNzEyMTAxODUxMDdaMIGUMQswCQYD
-                    VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsG
-                    A1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGJhbGFjb21wdGVzdDEc
-                    MBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-                    ggEBALAakG48bgcTWHdwmVLHig0mkiRejxIVm3wbzrNSJcBruTq2zCYZ1rGfVxTYON8kJqvkXPmv
-                    kzWKhpEkvhubL+mx29XpXY0AsNIfgcm5xIV56yhXSvlMdqzGo3ciRwoACaF+ClNLxmXK9UTZD89B
-                    bVVGCG5AEvja0eCQ0GYsO5i9aSI5aTroab8Aew31PuWl/RGQWmjVy8+7P4wwkKKJNKCpxMYDlhfa
-                    WRp0zwUSbUCO0qEyeAYdZx6CLES4FGrDi/7D6G+ewWC+kbz1tL1XpF2Dcg3+IOlHrV6VWzz3rG39
-                    v9zFIncjvoQJFDGWhpqGqcmXvgH0Ze3SVcVF01T+bK0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
-                    AHmnSZ4imjNrIf9wxfQIcqHXEBoJ+oJtd59cw1Ur/YQY9pKXxoglqCQ54ZmlIf4GghlcZhslLO+m
-                    NdkQVwSmWMh6KLxVM18/xAkq8zyKbMbvQnTjFB7x45bgokwbjhivWqrB5LYHHCVN7k/8mKlS4eCK
-                    Ci6RGEmErjojr4QN2xV0qAqP6CcGANgpepsQJCzlWucMFKAh0x9Kl8fmiQodfyLXyrebYsVnLrMf
-                    jxE1b6dg4jKvv975tf5wreQSYZ7m//g3/+NnuDKkN/03HqhV7hTNi1fyctXk8I5Nwgyr+pT5LT2k
-                    YoEdncuy+GQGzE9yLOhC4HNfHQXpqp2tMPdRlw==</ds:X509Certificate>
-                                    </ds:X509Data>
-                                </ds:KeyInfo>
-                            </md:KeyDescriptor>
-                            <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
-                            <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
-                            <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://{yourOktaDomain}/app/sample-app/exk39sivhuytV2D8H0h7/sso/saml"/>
-                            <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://{yourOktaDomain}/app/sample-app/exk39sivhuytV2D8H0h7/sso/saml"/>
-                        </md:IDPSSODescriptor>
-                    </md:EntityDescriptor>
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - apiToken: []
-        - oauth2:
-            - okta.apps.read
-      tags:
-        - ApplicationSSO
   /api/v1/apps/{appId}:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
@@ -1150,6 +1459,9 @@ paths:
             - okta.apps.read
       tags:
         - Application
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace an Application
       description: Replaces an application
@@ -1182,6 +1494,9 @@ paths:
             - okta.apps.manage
       tags:
         - Application
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete an Application
       description: Deletes an inactive application
@@ -1202,6 +1517,9 @@ paths:
             - okta.apps.manage
       tags:
         - Application
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/apps/{appId}/connections/default:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
@@ -1215,10 +1533,14 @@ paths:
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/ProvisioningConnection'
+                $ref: '#/components/schemas/ProvisioningConnectionResponse'
               examples:
-                ProvisioningConnectionResponseExample:
-                  $ref: '#/components/examples/ProvisioningConnectionTokenResponseEx'
+                ProvisioningConnectionTokenZscalerEx:
+                  $ref: '#/components/examples/ProvisioningConnectionTokenResponseWithProfileZscalerEx'
+                ProvisioningConnectionTokenOrg2OrgEx:
+                  $ref: '#/components/examples/ProvisioningConnectionTokenResponseWithProfileOrg2OrgEx'
+                ProvisioningConnectionOauthO365Ex:
+                  $ref: '#/components/examples/ProvisioningConnectionOauthResponseEx'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -1231,6 +1553,9 @@ paths:
             - okta.apps.read
       tags:
         - ApplicationConnections
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Update the default Provisioning Connection
       description: Updates the default Provisioning Connection for an app
@@ -1245,24 +1570,36 @@ paths:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/ProvisioningConnectionRequest'
+              oneOf:
+                - $ref: '#/components/schemas/ProvisioningConnectionTokenRequest'
+                - $ref: '#/components/schemas/ProvisioningConnectionOauthRequest'
             examples:
-              ProvisioningConnectionTokenExample:
+              ProvisioningConnectionTokenZscalerEx:
                 $ref: '#/components/examples/ProvisioningConnectionTokenRequestEx'
-              ProvisioningConnectionOauthExample:
-                $ref: '#/components/examples/ProvisioningConnectionOauthRequestEx'
+              ProvisioningConnectionTokenOrg2OrgEx:
+                $ref: '#/components/examples/ProvisioningConnectionTokenOrg2OrgRequestEx'
+              ProvisioningConnectionOauthO365Ex:
+                $ref: '#/components/examples/ProvisioningConnectionOauthO365RequestEx'
         required: true
       responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ProvisioningConnectionResponse'
         '201':
           description: Created
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/ProvisioningConnection'
+                $ref: '#/components/schemas/ProvisioningConnectionResponse'
               examples:
-                ProvisioningConnectionTokenExample:
-                  $ref: '#/components/examples/ProvisioningConnectionTokenResponseEx'
-                ProvisioningConnectionOauthExample:
+                ProvisioningConnectionTokenZscalerEx:
+                  $ref: '#/components/examples/ProvisioningConnectionTokenResponseWithProfileZscalerEx'
+                ProvisioningConnectionTokenOrg2OrgEx:
+                  $ref: '#/components/examples/ProvisioningConnectionTokenResponseWithProfileOrg2OrgEx'
+                ProvisioningConnectionOauthO365Ex:
                   $ref: '#/components/examples/ProvisioningConnectionOauthResponseEx'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
@@ -1278,6 +1615,9 @@ paths:
             - okta.apps.manage
       tags:
         - ApplicationConnections
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/apps/{appId}/connections/default/lifecycle/activate:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
@@ -1300,6 +1640,9 @@ paths:
             - okta.apps.manage
       tags:
         - ApplicationConnections
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/apps/{appId}/connections/default/lifecycle/deactivate:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
@@ -1322,6 +1665,9 @@ paths:
             - okta.apps.manage
       tags:
         - ApplicationConnections
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/apps/{appId}/credentials/csrs:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
@@ -1350,6 +1696,9 @@ paths:
             - okta.apps.read
       tags:
         - ApplicationCredentials
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Generate a Certificate Signing Request
       description: Generates a new key pair and returns the Certificate Signing Request for it
@@ -1382,6 +1731,9 @@ paths:
             - okta.apps.manage
       tags:
         - ApplicationCredentials
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/apps/{appId}/credentials/csrs/{csrId}:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
@@ -1409,6 +1761,9 @@ paths:
             - okta.apps.read
       tags:
         - ApplicationCredentials
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Revoke a Certificate Signing Request
       description: Revokes a certificate signing request and deletes the key pair from the application
@@ -1429,6 +1784,9 @@ paths:
             - okta.apps.manage
       tags:
         - ApplicationCredentials
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
@@ -1476,6 +1834,9 @@ paths:
             - okta.apps.manage
       tags:
         - ApplicationCredentials
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/apps/{appId}/credentials/keys:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
@@ -1504,6 +1865,9 @@ paths:
             - okta.apps.read
       tags:
         - ApplicationCredentials
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/apps/{appId}/credentials/keys/generate:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
@@ -1535,6 +1899,9 @@ paths:
             - okta.apps.manage
       tags:
         - ApplicationCredentials
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/apps/{appId}/credentials/keys/{keyId}:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
@@ -1562,6 +1929,9 @@ paths:
             - okta.apps.read
       tags:
         - ApplicationCredentials
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/apps/{appId}/credentials/keys/{keyId}/clone:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
@@ -1596,6 +1966,9 @@ paths:
             - okta.apps.manage
       tags:
         - ApplicationCredentials
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/apps/{appId}/features:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
@@ -1603,8 +1976,7 @@ paths:
       summary: List all Features
       description: |
         Lists all features for an application
-        > **Note:** The only application feature currently supported is `USER_PROVISIONING`.
-        > This request returns an error if provisioning isn't enabled for the application.
+        > **Note:** This request returns an error if provisioning isn't enabled for the application.
         > To set up provisioning, see [Update the default Provisioning Connection](/openapi/okta-management/management/tag/ApplicationConnections/#tag/ApplicationConnections/operation/updateDefaultProvisioningConnectionForApplication).
       operationId: listFeaturesForApplication
       responses:
@@ -1640,6 +2012,9 @@ paths:
             - okta.apps.read
       tags:
         - ApplicationFeatures
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/apps/{appId}/features/{featureName}:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
@@ -1670,6 +2045,9 @@ paths:
             - okta.apps.read
       tags:
         - ApplicationFeatures
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Update a Feature
       description: |
@@ -1680,10 +2058,14 @@ paths:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/CapabilitiesObject'
+              oneOf:
+                - $ref: '#/components/schemas/CapabilitiesObject'
+                - $ref: '#/components/schemas/CapabilitiesInboundProvisioningObject'
             examples:
               UpdateAppFeatureEx:
                 $ref: '#/components/examples/UpdateAppFeatureRequestEx'
+              UpdateInboundProvisioningFeatureEx:
+                $ref: '#/components/examples/UpdateInboundProvisioningFeatureRequestEx'
         required: true
       responses:
         '200':
@@ -1695,6 +2077,8 @@ paths:
               examples:
                 UpdateAppFeatureEx:
                   $ref: '#/components/examples/UpdateAppFeatureResponseEx'
+                UpdateInboundProvisioningFeatureEx:
+                  $ref: '#/components/examples/UpdateInboundProvisioningFeatureResponseEx'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -1709,6 +2093,9 @@ paths:
             - okta.apps.manage
       tags:
         - ApplicationFeatures
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/apps/{appId}/grants:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
@@ -1717,7 +2104,7 @@ paths:
       description: Lists all scope consent Grants for the app
       operationId: listScopeConsentGrants
       parameters:
-        - $ref: '#/components/parameters/queryExpand'
+        - $ref: '#/components/parameters/queryAppGrantsExpand'
       responses:
         '200':
           description: Success
@@ -1727,6 +2114,9 @@ paths:
                 type: array
                 items:
                   $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+              examples:
+                ListAppGrantsExample:
+                  $ref: '#/components/examples/ListAppGrantsEx'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -1739,6 +2129,9 @@ paths:
             - okta.appGrants.read
       tags:
         - ApplicationGrants
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Grant consent to scope
       description: Grants consent for the app to request an OAuth 2.0 Okta scope
@@ -1749,6 +2142,9 @@ paths:
           application/json:
             schema:
               $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+            examples:
+              AppGrantsExample:
+                $ref: '#/components/examples/AppGrantsPostEx'
         required: true
       responses:
         '201':
@@ -1757,6 +2153,9 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+              examples:
+                AppGrantsExample:
+                  $ref: '#/components/examples/AppGrantsEx'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -1771,6 +2170,9 @@ paths:
             - okta.appGrants.manage
       tags:
         - ApplicationGrants
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/apps/{appId}/grants/{grantId}:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
@@ -1780,7 +2182,7 @@ paths:
       description: Retrieves a single scope consent Grant object for the app
       operationId: getScopeConsentGrant
       parameters:
-        - $ref: '#/components/parameters/queryExpand'
+        - $ref: '#/components/parameters/queryAppGrantsExpand'
       responses:
         '200':
           description: Success
@@ -1788,6 +2190,9 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+              examples:
+                AppGrantsExample:
+                  $ref: '#/components/examples/AppGrantsEx'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -1800,6 +2205,9 @@ paths:
             - okta.appGrants.read
       tags:
         - ApplicationGrants
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Revoke an app Grant
       description: Revokes permission for the app to grant the given scope
@@ -1820,34 +2228,33 @@ paths:
             - okta.appGrants.manage
       tags:
         - ApplicationGrants
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/apps/{appId}/groups:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
     get:
-      summary: List all Assigned Groups
-      description: Lists all group assignments for an application
+      summary: List all Application Groups
+      description: Lists all app group assignments
       operationId: listApplicationGroupAssignments
       parameters:
         - name: q
           in: query
+          description: |-
+            Specifies a filter for a list of assigned groups returned based on their names. The value of `q` is matched against the group `name`. 
+            This filter only supports the `startsWith` operation that matches the `q` string against the beginning of the [Group name](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Group/#tag/Group/operation/listGroups!c=200&path=profile/name&t=response).
           schema:
             type: string
+            example: test
         - name: after
           in: query
-          description: Specifies the pagination cursor for the next page of assignments
-          schema:
-            type: string
-        - name: limit
-          in: query
-          description: Specifies the number of results for a page
-          schema:
-            type: integer
-            format: int32
-            default: -1
-        - name: expand
-          in: query
+          description: Specifies the pagination cursor for the `next` page of results. Treat this as an opaque value obtained through the next link relationship. See [Pagination](https://developer.okta.com/docs/api/#pagination).
           schema:
             type: string
+            example: 16275000448691
+        - $ref: '#/components/parameters/queryGroupAssignmentLimit'
+        - $ref: '#/components/parameters/queryGroupAssignmentWithMetadataExpand'
       responses:
         '200':
           description: Success
@@ -1857,6 +2264,9 @@ paths:
                 type: array
                 items:
                   $ref: '#/components/schemas/ApplicationGroupAssignment'
+              examples:
+                listGroupAssignmentsResponseExample:
+                  $ref: '#/components/examples/GroupAssignmentExListResponse'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -1869,29 +2279,19 @@ paths:
             - okta.apps.read
       tags:
         - ApplicationGroups
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/apps/{appId}/groups/{groupId}:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
       - $ref: '#/components/parameters/pathGroupId'
     get:
-      summary: Retrieve an Assigned Group
-      description: Retrieves an application group assignment
+      summary: Retrieve an Application Group
+      description: Retrieves an app group assignment
       operationId: getApplicationGroupAssignment
       parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: expand
-          in: query
-          schema:
-            type: string
+        - $ref: '#/components/parameters/queryGroupAssignmentWithGroupExpand'
       responses:
         '200':
           description: Success
@@ -1899,6 +2299,9 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/ApplicationGroupAssignment'
+              examples:
+                getGroupAssignmentResponseExample:
+                  $ref: '#/components/examples/EmbeddedGroupAssignmentSampleResponse'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -1911,27 +2314,24 @@ paths:
             - okta.apps.read
       tags:
         - ApplicationGroups
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
-      summary: Assign a Group
-      description: Assigns a group to an application
+      summary: Assign an Application Group
+      description: |-
+        Assigns a [Group](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Group/) to an app, which in turn assigns the app to each [User](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/) that belongs to the group. 
+        The resulting Application User [scope](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/ApplicationUsers/#tag/ApplicationUsers/operation/listApplicationUsers!c=200&path=scope&t=response) is `GROUP` since the assignment was from the group membership.
       operationId: assignGroupToApplication
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
       x-codegen-request-body-name: applicationGroupAssignment
       requestBody:
         content:
           application/json:
             schema:
               $ref: '#/components/schemas/ApplicationGroupAssignment'
+            examples:
+              putGroupAssignmentRequestExample:
+                $ref: '#/components/examples/GroupAssignmentPutRequestExample'
         required: false
       responses:
         '200':
@@ -1940,6 +2340,9 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/ApplicationGroupAssignment'
+              examples:
+                putGroupAssignmentResponseExample:
+                  $ref: '#/components/examples/GroupAssignmentPutResponseExample'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -1954,21 +2357,55 @@ paths:
             - okta.apps.manage
       tags:
         - ApplicationGroups
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+    patch:
+      summary: Update an Application Group
+      description: Updates a group assignment to an app
+      operationId: updateGroupAssignmentToApplication
+      requestBody:
+        content:
+          application/json:
+            schema:
+              type: array
+              items:
+                $ref: '#/components/schemas/JsonPatchOperation'
+            examples:
+              groupAssignmentPatchRequetExample:
+                $ref: '#/components/examples/GroupAssignmentPatchRequestExample'
+        required: false
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApplicationGroupAssignment'
+              examples:
+                patchGroupAssignmentResponseExample:
+                  $ref: '#/components/examples/GroupAssignmentPatchResponseExample'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - ApplicationGroups
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
-      summary: Unassign a Group
-      description: Unassigns a group from an application
+      summary: Unassign an Application Group
+      description: Unassigns a Group from an app
       operationId: unassignApplicationFromGroup
-      parameters:
-        - name: appId
-          in: path
-          required: true
-          schema:
-            type: string
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
       responses:
         '204':
           description: No Content
@@ -1985,6 +2422,9 @@ paths:
             - okta.apps.manage
       tags:
         - ApplicationGroups
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/apps/{appId}/lifecycle/activate:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
@@ -2008,6 +2448,9 @@ paths:
             - okta.apps.manage
       tags:
         - Application
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/apps/{appId}/lifecycle/deactivate:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
@@ -2031,6 +2474,9 @@ paths:
             - okta.apps.manage
       tags:
         - Application
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/apps/{appId}/logo:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
@@ -2078,6 +2524,9 @@ paths:
             - okta.apps.manage
       tags:
         - ApplicationLogos
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/apps/{appId}/policies/{policyId}:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
@@ -2106,28 +2555,92 @@ paths:
             - okta.apps.manage
       tags:
         - ApplicationPolicies
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
+  /api/v1/apps/{appId}/sso/saml/metadata:
+    parameters:
+      - $ref: '#/components/parameters/pathAppId'
+    get:
+      summary: Preview the application SAML metadata
+      description: Previews the SSO SAML metadata for an application
+      operationId: previewSAMLmetadataForApplication
+      responses:
+        '200':
+          description: OK
+          content:
+            text/xml:
+              schema:
+                type: string
+                description: SAML metadata in XML
+              examples:
+                previewSAML:
+                  summary: SAML metadata example
+                  value: |
+                    <?xml version="1.0" encoding="UTF-8"?>
+                      <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="exk39sivhuytV2D8H0h7">
+                        <md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+                            <md:KeyDescriptor use="signing">
+                                <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                                    <ds:X509Data>
+                                        <ds:X509Certificate>MIIDqDCCApCgAwIBAgIGAVGNO4qeMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYDVQQGEwJVUzETMBEG
+                    A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
+                    MBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGJhbGFjb21wdGVzdDEcMBoGCSqGSIb3DQEJ
+                    ARYNaW5mb0Bva3RhLmNvbTAeFw0xNTEyMTAxODUwMDhaFw0xNzEyMTAxODUxMDdaMIGUMQswCQYD
+                    VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsG
+                    A1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGJhbGFjb21wdGVzdDEc
+                    MBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+                    ggEBALAakG48bgcTWHdwmVLHig0mkiRejxIVm3wbzrNSJcBruTq2zCYZ1rGfVxTYON8kJqvkXPmv
+                    kzWKhpEkvhubL+mx29XpXY0AsNIfgcm5xIV56yhXSvlMdqzGo3ciRwoACaF+ClNLxmXK9UTZD89B
+                    bVVGCG5AEvja0eCQ0GYsO5i9aSI5aTroab8Aew31PuWl/RGQWmjVy8+7P4wwkKKJNKCpxMYDlhfa
+                    WRp0zwUSbUCO0qEyeAYdZx6CLES4FGrDi/7D6G+ewWC+kbz1tL1XpF2Dcg3+IOlHrV6VWzz3rG39
+                    v9zFIncjvoQJFDGWhpqGqcmXvgH0Ze3SVcVF01T+bK0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
+                    AHmnSZ4imjNrIf9wxfQIcqHXEBoJ+oJtd59cw1Ur/YQY9pKXxoglqCQ54ZmlIf4GghlcZhslLO+m
+                    NdkQVwSmWMh6KLxVM18/xAkq8zyKbMbvQnTjFB7x45bgokwbjhivWqrB5LYHHCVN7k/8mKlS4eCK
+                    Ci6RGEmErjojr4QN2xV0qAqP6CcGANgpepsQJCzlWucMFKAh0x9Kl8fmiQodfyLXyrebYsVnLrMf
+                    jxE1b6dg4jKvv975tf5wreQSYZ7m//g3/+NnuDKkN/03HqhV7hTNi1fyctXk8I5Nwgyr+pT5LT2k
+                    YoEdncuy+GQGzE9yLOhC4HNfHQXpqp2tMPdRlw==</ds:X509Certificate>
+                                    </ds:X509Data>
+                                </ds:KeyInfo>
+                            </md:KeyDescriptor>
+                            <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
+                            <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+                            <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://{yourOktaDomain}/app/sample-app/exk39sivhuytV2D8H0h7/sso/saml"/>
+                            <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://{yourOktaDomain}/app/sample-app/exk39sivhuytV2D8H0h7/sso/saml"/>
+                        </md:IDPSSODescriptor>
+                    </md:EntityDescriptor>
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.read
+      tags:
+        - ApplicationSSO
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/apps/{appId}/tokens:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
     get:
-      summary: List all OAuth 2.0 Tokens
-      description: Lists all tokens for the application
+      summary: List all application refresh Tokens
+      description: |
+        Lists all refresh tokens for an app
+
+        > **Note:** The results are [paginated](/#pagination) according to the `limit` parameter.
+        > If there are multiple pages of results, the Link header contains a `next` link that you need to use as an opaque value (follow it, don't parse it).
       operationId: listOAuth2TokensForApplication
       parameters:
-        - name: expand
-          in: query
-          schema:
-            type: string
-        - name: after
-          in: query
-          schema:
-            type: string
-        - name: limit
-          in: query
-          schema:
-            type: integer
-            format: int32
-            default: 20
+        - $ref: '#/components/parameters/queryAppGrantsExpand'
+        - $ref: '#/components/parameters/queryAppAfter'
+        - $ref: '#/components/parameters/queryLimit'
       responses:
         '200':
           description: Success
@@ -2136,7 +2649,10 @@ paths:
               schema:
                 type: array
                 items:
-                  $ref: '#/components/schemas/OAuth2Token'
+                  $ref: '#/components/schemas/OAuth2RefreshToken'
+              examples:
+                getOAuth2TokenForApplicationListExample:
+                  $ref: '#/components/examples/OAuth2RefreshTokenResponseListEx'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -2149,9 +2665,12 @@ paths:
             - okta.apps.read
       tags:
         - ApplicationTokens
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
-      summary: Revoke all OAuth 2.0 Tokens
-      description: Revokes all tokens for the specified application
+      summary: Revoke all application Tokens
+      description: Revokes all OAuth 2.0 refresh tokens for the specified app. Any access tokens issued with these refresh tokens are also revoked, but access tokens issued without a refresh token aren't affected.
       operationId: revokeOAuth2TokensForApplication
       responses:
         '204':
@@ -2169,26 +2688,29 @@ paths:
             - okta.apps.manage
       tags:
         - ApplicationTokens
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/apps/{appId}/tokens/{tokenId}:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
       - $ref: '#/components/parameters/pathTokenId'
     get:
-      summary: Retrieve an OAuth 2.0 Token
-      description: Retrieves a token for the specified application
+      summary: Retrieve an application Token
+      description: Retrieves a refresh token for the specified app
       operationId: getOAuth2TokenForApplication
       parameters:
-        - name: expand
-          in: query
-          schema:
-            type: string
+        - $ref: '#/components/parameters/queryAppGrantsExpand'
       responses:
         '200':
           description: Success
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/OAuth2Token'
+                $ref: '#/components/schemas/OAuth2RefreshToken'
+              examples:
+                getOAuth2TokenForApplicationExample:
+                  $ref: '#/components/examples/OAuth2RefreshTokenResponseEx'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -2201,9 +2723,12 @@ paths:
             - okta.apps.read
       tags:
         - ApplicationTokens
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
-      summary: Revoke an OAuth 2.0 Token
-      description: Revokes the specified token for the specified application
+      summary: Revoke an application Token
+      description: Revokes the specified token for the specified app
       operationId: revokeOAuth2TokenForApplication
       responses:
         '204':
@@ -2221,42 +2746,21 @@ paths:
             - okta.apps.manage
       tags:
         - ApplicationTokens
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/apps/{appId}/users:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
     get:
-      summary: List all assigned Users
+      summary: List all Application Users
       description: Lists all assigned users for an app
       operationId: listApplicationUsers
       parameters:
-        - name: q
-          in: query
-          schema:
-            type: string
-        - name: query_scope
-          in: query
-          schema:
-            type: string
-        - name: after
-          in: query
-          description: specifies the pagination cursor for the next page of assignments
-          schema:
-            type: string
-        - name: limit
-          in: query
-          description: specifies the number of results for a page
-          schema:
-            type: integer
-            format: int32
-            default: -1
-        - name: filter
-          in: query
-          schema:
-            type: string
-        - name: expand
-          in: query
-          schema:
-            type: string
+        - $ref: '#/components/parameters/queryAppAfter'
+        - $ref: '#/components/parameters/queryAppLimit'
+        - $ref: '#/components/parameters/queryAppUserQ'
+        - $ref: '#/components/parameters/queryAppUserExpand'
       responses:
         '200':
           description: Success
@@ -2266,6 +2770,9 @@ paths:
                 type: array
                 items:
                   $ref: '#/components/schemas/AppUser'
+              examples:
+                ListAppUsersExample:
+                  $ref: '#/components/examples/AppUserListEx'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -2278,24 +2785,36 @@ paths:
             - okta.apps.read
       tags:
         - ApplicationUsers
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
-      summary: Assign a User
+      summary: Assign an Application User
       description: |-
-        Assigns a user to an app with credentials and an app-specific [profile](/openapi/okta-management/management/tag/Application/#tag/Application/operation/assignUserToApplication!c=200&path=profile&t=response).
-        Profile mappings defined for the app are applied first before applying any profile properties that are specified in the request.
+        Assigns a user to an app for:
 
-        > **Notes:**
-        > * You need to specify the `id` and omit the `credentials` parameter in the request body only for
-        `signOnMode` or authentication schemes (`credentials.scheme`) that don't require credentials.
-        > * You can only specify profile properties that aren't defined by profile mappings when Universal Directory is enabled.
-        > * If your SSO app requires a profile but doesn't have provisioning enabled, you need to add a profile to the request body.
+          * SSO only<br>
+            Assignments to SSO apps typically don't include a user profile.
+            However, if your SSO app requires a profile but doesn't have provisioning enabled, you can add profile attributes in the request body.
+
+          * SSO and provisioning<br>
+            Assignments to SSO and provisioning apps typically include credentials and an app-specific profile.
+            Profile mappings defined for the app are applied first before applying any profile properties that are specified in the request body.
+            > **Notes:**
+            > * When Universal Directory is enabled, you can only specify profile properties that aren't defined in profile mappings.
+            > * Omit mapped properties during assignment to minimize assignment errors.
       operationId: assignUserToApplication
       x-codegen-request-body-name: appUser
       requestBody:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/AppUser'
+              $ref: '#/components/schemas/AppUserAssignRequest'
+            examples:
+              AppUserSSOEx:
+                $ref: '#/components/examples/AppUserAssignSSORequest'
+              AppUserProvEx:
+                $ref: '#/components/examples/AppUserAssignProvRequest'
         required: true
       responses:
         '200':
@@ -2304,10 +2823,15 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/AppUser'
+              examples:
+                AppUserSSOEx:
+                  $ref: '#/components/examples/AppUserSSOResponse'
+                AppUserProvEx:
+                  $ref: '#/components/examples/AppUserProvResponse'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
+          $ref: '#/components/responses/ErrorAppUserForbidden403'
         '404':
           $ref: '#/components/responses/ErrorResourceNotFound404'
         '429':
@@ -2318,19 +2842,19 @@ paths:
             - okta.apps.manage
       tags:
         - ApplicationUsers
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/apps/{appId}/users/{userId}:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
-      - $ref: '#/components/parameters/pathUserId'
+      - $ref: '#/components/parameters/pathAppUserId'
     get:
-      summary: Retrieve an assigned User
-      description: Retrieves a specific user assignment for app by `id`
+      summary: Retrieve an Application User
+      description: Retrieves a specific user assignment for a specific app
       operationId: getApplicationUser
       parameters:
-        - name: expand
-          in: query
-          schema:
-            type: string
+        - $ref: '#/components/parameters/queryAppUserExpand'
       responses:
         '200':
           description: Success
@@ -2338,6 +2862,9 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/AppUser'
+              examples:
+                GetAppUserExample:
+                  $ref: '#/components/examples/AppUserProvExpandResponse'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -2350,16 +2877,24 @@ paths:
             - okta.apps.read
       tags:
         - ApplicationUsers
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
-      summary: Update an App Profile for an assigned User
-      description: Updates a user's profile for an application
+      summary: Update an Application User
+      description: Updates the profile or credentials of a user assigned to an app
       operationId: updateApplicationUser
       x-codegen-request-body-name: appUser
       requestBody:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/AppUser'
+              $ref: '#/components/schemas/AppUserUpdateRequest'
+            examples:
+              AppUserUpdateCredEx:
+                $ref: '#/components/examples/AppUserUpdateCredRequest'
+              AppUserUpdateProfileEx:
+                $ref: '#/components/examples/AppUserUpdateProfileRequest'
         required: true
       responses:
         '200':
@@ -2368,10 +2903,15 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/AppUser'
+              examples:
+                AppUserUpdateCredEx:
+                  $ref: '#/components/examples/AppUserCredUpdateResponse'
+                AppUserUpdateProfileEx:
+                  $ref: '#/components/examples/AppUserProfUpdateResponse'
         '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
+          $ref: '#/components/responses/ErrorAppUserUpdateBadRequest400'
         '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
+          $ref: '#/components/responses/ErrorAppUserForbidden403'
         '404':
           $ref: '#/components/responses/ErrorResourceNotFound404'
         '429':
@@ -2382,13 +2922,23 @@ paths:
             - okta.apps.manage
       tags:
         - ApplicationUsers
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
-      summary: Unassign an App User
-      description: Unassigns a user from an application
+      summary: Unassign an Application User
+      description: |-
+        Unassigns a user from an app
+
+        For directories like Active Directory and LDAP, they act as the owner of the user's credential with Okta delegating authentication (DelAuth) to that directory.
+        If this request is successful for a user when DelAuth is enabled, then the user is in a state with no password. You can then reset the user's password.
+
+        > **Important:** This is a destructive operation. You can't recover the user's app profile. If the app is enabled for provisioning and configured to deactivate users, the user is also deactivated in the target app.
       operationId: unassignUserFromApplication
       parameters:
         - name: sendEmail
           in: query
+          description: Sends a deactivation email to the administrator if `true`
           schema:
             type: boolean
             default: false
@@ -2409,6 +2959,48 @@ paths:
             - okta.apps.manage
       tags:
         - ApplicationUsers
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+  /api/v1/apps/{appName}/{appId}/oauth2/callback:
+    parameters:
+      - $ref: '#/components/parameters/pathOAuthProvisioningAppName'
+      - $ref: '#/components/parameters/pathAppId'
+    post:
+      summary: Verify the Provisioning Connection
+      description: |
+        Verifies the OAuth 2.0-based connection as part of the OAuth 2.0 consent flow. The validation of the consent flow is the last step of the provisioning setup for an OAuth 2.0-based connection.
+        Currently, this operation only supports `office365`,`google`, `zoomus`, and `slack` apps.
+      operationId: verifyProvisioningConnectionForApplication
+      parameters:
+        - name: code
+          in: query
+          schema:
+            type: string
+            description: Unique string associated with each authentication request
+        - name: state
+          in: query
+          schema:
+            type: string
+            description: A temporary code string that the client exchanges for an access token
+      responses:
+        '204':
+          description: No content
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - ApplicationConnections
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/authenticators:
     get:
       summary: List all Authenticators
@@ -2421,7 +3013,7 @@ paths:
             application/json:
               schema:
                 items:
-                  $ref: '#/components/schemas/Authenticator'
+                  $ref: '#/components/schemas/AuthenticatorBase'
                 type: array
               examples:
                 OrgAuthenticatorsEx:
@@ -2436,6 +3028,11 @@ paths:
             - okta.authenticators.read
       tags:
         - Authenticator
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
     post:
       summary: Create an Authenticator
       description: Creates an authenticator
@@ -2446,7 +3043,7 @@ paths:
           description: Whether to execute the activation lifecycle operation when Okta creates the authenticator
           schema:
             type: boolean
-            default: false
+            default: true
       x-codegen-request-body-name: authenticator
       requestBody:
         $ref: '#/components/requestBodies/AuthenticatorRequestBody'
@@ -2465,6 +3062,11 @@ paths:
             - okta.authenticators.manage
       tags:
         - Authenticator
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/authenticators/{authenticatorId}:
     parameters:
       - $ref: '#/components/parameters/pathAuthenticatorId'
@@ -2487,6 +3089,11 @@ paths:
             - okta.authenticators.read
       tags:
         - Authenticator
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
     put:
       summary: Replace an Authenticator
       description: Replaces the properties for an Authenticator identified by `authenticatorId`
@@ -2511,6 +3118,11 @@ paths:
             - okta.authenticators.manage
       tags:
         - Authenticator
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/authenticators/{authenticatorId}/lifecycle/activate:
     parameters:
       - $ref: '#/components/parameters/pathAuthenticatorId'
@@ -2533,6 +3145,11 @@ paths:
             - okta.authenticators.manage
       tags:
         - Authenticator
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/authenticators/{authenticatorId}/lifecycle/deactivate:
     parameters:
       - $ref: '#/components/parameters/pathAuthenticatorId'
@@ -2542,7 +3159,7 @@ paths:
       operationId: deactivateAuthenticator
       responses:
         '200':
-          $ref: '#/components/responses/AuthenticatorResponse'
+          $ref: '#/components/responses/AuthenticatorResponseInactiveWebAuthn'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -2555,12 +3172,24 @@ paths:
             - okta.authenticators.manage
       tags:
         - Authenticator
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/authenticators/{authenticatorId}/methods:
     parameters:
       - $ref: '#/components/parameters/pathAuthenticatorId'
     get:
       summary: List all Methods of an Authenticator
-      description: Lists all Methods of an Authenticator identified by `authenticatorId`
+      description: |-
+        Lists all Methods of an Authenticator identified by `authenticatorId`
+        > **Note:** <x-lifecycle class="ea"></x-lifecycle>
+        > The AAGUID Group object supports the Early Access (Self-Service) Allow List for FIDO2 (WebAuthn) Authenticators feature. Enable the feature for your org from the **Settings** > **Features** page in the Admin Console.
+        > This feature has several limitations when enrolling a security key:
+        > - Enrollment is currently unsupported on Firefox.
+        > - Enrollment is currently unsupported on Chrome if User Verification is set to DISCOURAGED and a PIN is set on the security key.
+        > - If prompted during enrollment, users must allow Okta to see the make and model of the security key.
       operationId: listAuthenticatorMethods
       responses:
         '200':
@@ -2571,6 +3200,11 @@ paths:
                 type: array
                 items:
                   $ref: '#/components/schemas/AuthenticatorMethodBase'
+              examples:
+                Phone:
+                  $ref: '#/components/examples/AuthenticatorMethodPhone'
+                WebAuthn:
+                  $ref: '#/components/examples/AuthenticatorMethodWebauth'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -2583,13 +3217,25 @@ paths:
             - okta.authenticators.read
       tags:
         - Authenticator
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/authenticators/{authenticatorId}/methods/{methodType}:
     parameters:
       - $ref: '#/components/parameters/pathAuthenticatorId'
       - $ref: '#/components/parameters/pathMethodType'
     get:
-      summary: Retrieve a Method
-      description: Retrieves a Method identified by `methodType` of an Authenticator identified by `authenticatorId`
+      summary: Retrieve an Authenticator Method
+      description: |-
+        Retrieves a Method identified by `methodType` of an Authenticator identified by `authenticatorId`
+        > **Note:** <x-lifecycle class="ea"></x-lifecycle>
+        > The AAGUID Group object supports the Early Access (Self-Service) Allow List for FIDO2 (WebAuthn) Authenticators feature. Enable the feature for your org from the **Settings** > **Features** page in the Admin Console.
+        > This feature has several limitations when enrolling a security key:
+        > - Enrollment is currently unsupported on Firefox.
+        > - Enrollment is currently unsupported on Chrome if User Verification is set to DISCOURAGED and a PIN is set on the security key.
+        > - If prompted during enrollment, users must allow Okta to see the make and model of the security key.
       operationId: getAuthenticatorMethod
       responses:
         '200':
@@ -2598,6 +3244,13 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/AuthenticatorMethodBase'
+              examples:
+                sms:
+                  $ref: '#/components/examples/AuthenticatorMethodSms'
+                voice:
+                  $ref: '#/components/examples/AuthenticatorMethodInactiveVoice'
+                webAuthn:
+                  $ref: '#/components/examples/AuthenticatorMethodWebauth'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -2610,9 +3263,21 @@ paths:
             - okta.authenticators.read
       tags:
         - Authenticator
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
     put:
-      summary: Replace a Method
-      description: Replaces a Method of `methodType` for an Authenticator identified by `authenticatorId`
+      summary: Replace an Authenticator Method
+      description: |-
+        Replaces a Method of `methodType` for an Authenticator identified by `authenticatorId`
+        > **Note:** <x-lifecycle class="ea"></x-lifecycle>
+        > The AAGUID Group object supports the Early Access (Self-Service) Allow List for FIDO2 (WebAuthn) Authenticators feature. Enable the feature for your org from the **Settings** > **Features** page in the Admin Console.
+        > This feature has several limitations when enrolling a security key:
+        > - Enrollment is currently unsupported on Firefox.
+        > - Enrollment is currently unsupported on Chrome if User Verification is set to DISCOURAGED and a PIN is set on the security key.
+        > - If prompted during enrollment, users must allow Okta to see the make and model of the security key.
       operationId: replaceAuthenticatorMethod
       requestBody:
         content:
@@ -2626,6 +3291,13 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/AuthenticatorMethodBase'
+              examples:
+                sms:
+                  $ref: '#/components/examples/AuthenticatorMethodSms'
+                voice:
+                  $ref: '#/components/examples/AuthenticatorMethodInactiveVoice'
+                webAuthn:
+                  $ref: '#/components/examples/AuthenticatorMethodWebauth'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -2640,13 +3312,25 @@ paths:
             - okta.authenticators.manage
       tags:
         - Authenticator
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/authenticators/{authenticatorId}/methods/{methodType}/lifecycle/activate:
     parameters:
       - $ref: '#/components/parameters/pathAuthenticatorId'
       - $ref: '#/components/parameters/pathMethodType'
     post:
       summary: Activate an Authenticator Method
-      description: Activates a Method for an Authenticator identified by `authenticatorId` and `methodType`
+      description: |-
+        Activates a Method for an Authenticator identified by `authenticatorId` and `methodType`
+        > **Note:** <x-lifecycle class="ea"></x-lifecycle>
+        > The AAGUID Group object supports the Early Access (Self-Service) Allow List for FIDO2 (WebAuthn) Authenticators feature. Enable the feature for your org from the **Settings** > **Features** page in the Admin Console.
+        > This feature has several limitations when enrolling a security key:
+        > - Enrollment is currently unsupported on Firefox.
+        > - Enrollment is currently unsupported on Chrome if User Verification is set to DISCOURAGED and a PIN is set on the security key.
+        > - If prompted during enrollment, users must allow Okta to see the make and model of the security key.
       operationId: activateAuthenticatorMethod
       responses:
         '200':
@@ -2655,6 +3339,11 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/AuthenticatorMethodBase'
+              examples:
+                sms:
+                  $ref: '#/components/examples/AuthenticatorMethodSms'
+                webAuthn:
+                  $ref: '#/components/examples/AuthenticatorMethodWebauth'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -2667,13 +3356,25 @@ paths:
             - okta.authenticators.manage
       tags:
         - Authenticator
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/authenticators/{authenticatorId}/methods/{methodType}/lifecycle/deactivate:
     parameters:
       - $ref: '#/components/parameters/pathAuthenticatorId'
       - $ref: '#/components/parameters/pathMethodType'
     post:
       summary: Deactivate an Authenticator Method
-      description: Deactivates a Method for an Authenticator identified by `authenticatorId` and `methodType`
+      description: |-
+        Deactivates a Method for an Authenticator identified by `authenticatorId` and `methodType`
+        > **Note:** <x-lifecycle class="ea"></x-lifecycle>
+        > The AAGUID Group object supports the Early Access (Self-Service) Allow List for FIDO2 (WebAuthn) Authenticators feature. Enable the feature for your org from the **Settings** > **Features** page in the Admin Console.
+        > This feature has several limitations when enrolling a security key:
+        > - Enrollment is currently unsupported on Firefox.
+        > - Enrollment is currently unsupported on Chrome if User Verification is set to DISCOURAGED and a PIN is set on the security key.
+        > - If prompted during enrollment, users must allow Okta to see the make and model of the security key.
       operationId: deactivateAuthenticatorMethod
       responses:
         '200':
@@ -2682,6 +3383,9 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/AuthenticatorMethodBase'
+              examples:
+                voice:
+                  $ref: '#/components/examples/AuthenticatorMethodInactiveVoice'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -2694,24 +3398,33 @@ paths:
             - okta.authenticators.manage
       tags:
         - Authenticator
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/authorizationServers:
     get:
       summary: List all Authorization Servers
-      description: Lists all authorization servers
+      description: Lists all custom authorization servers in the org
       operationId: listAuthorizationServers
       parameters:
         - name: q
           in: query
+          description: Searches the `name` and `audiences` of authorization servers for matching values
+          example: customasone
           schema:
             type: string
         - name: limit
           in: query
+          description: 'Specifies the number of authorization server results on a page. Maximum value: 200'
           schema:
             type: integer
             format: int32
             default: 200
         - name: after
           in: query
+          description: Specifies the pagination cursor for the next page of authorization servers. Treat as an opaque value and obtain through the next link relationship.
           schema:
             type: string
       responses:
@@ -2723,6 +3436,9 @@ paths:
                 type: array
                 items:
                   $ref: '#/components/schemas/AuthorizationServer'
+              examples:
+                ListAuthServers:
+                  $ref: '#/components/examples/ListAuthServersResponse'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '429':
@@ -2733,6 +3449,11 @@ paths:
             - okta.authorizationServers.read
       tags:
         - AuthorizationServer
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
     post:
       summary: Create an Authorization Server
       description: Creates an authorization server
@@ -2743,6 +3464,9 @@ paths:
           application/json:
             schema:
               $ref: '#/components/schemas/AuthorizationServer'
+            examples:
+              CreateAuthServer:
+                $ref: '#/components/examples/CreateAuthServerBody'
         required: true
       responses:
         '201':
@@ -2751,6 +3475,9 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/AuthorizationServer'
+              examples:
+                CreateAuthServer:
+                  $ref: '#/components/examples/CreateAuthServerResponse'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -2763,6 +3490,11 @@ paths:
             - okta.authorizationServers.manage
       tags:
         - AuthorizationServer
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
   /api/v1/authorizationServers/{authServerId}:
     parameters:
       - $ref: '#/components/parameters/pathAuthServerId'
@@ -2777,6 +3509,9 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/AuthorizationServer'
+              examples:
+                RetrieveAuthServer:
+                  $ref: '#/components/examples/RetrieveAuthServerResponse'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -2789,6 +3524,11 @@ paths:
             - okta.authorizationServers.read
       tags:
         - AuthorizationServer
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
     put:
       summary: Replace an Authorization Server
       description: Replaces an authorization server
@@ -2799,6 +3539,9 @@ paths:
           application/json:
             schema:
               $ref: '#/components/schemas/AuthorizationServer'
+            examples:
+              ReplaceAuthServer:
+                $ref: '#/components/examples/ReplaceAuthServerBody'
         required: true
       responses:
         '200':
@@ -2807,6 +3550,9 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/AuthorizationServer'
+              examples:
+                ReplaceAuthServer:
+                  $ref: '#/components/examples/ReplaceAuthServerResponse'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -2821,6 +3567,11 @@ paths:
             - okta.authorizationServers.manage
       tags:
         - AuthorizationServer
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
     delete:
       summary: Delete an Authorization Server
       description: Deletes an authorization server
@@ -2841,22 +3592,28 @@ paths:
             - okta.authorizationServers.manage
       tags:
         - AuthorizationServer
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
   /api/v1/authorizationServers/{authServerId}/associatedServers:
     parameters:
       - $ref: '#/components/parameters/pathAuthServerId'
     get:
-      summary: List all Associated Authorization Servers
-      description: Lists all associated authorization servers by trusted type for the given `authServerId`
+      summary: List all associated Authorization Servers
+      description: Lists all associated Authorization Servers by trusted type for the given `authServerId`
       operationId: listAssociatedServersByTrustedType
       parameters:
         - name: trusted
           in: query
-          description: Searches trusted authorization servers when true, or searches untrusted authorization servers when false
+          description: Searches trusted authorization servers when `true` or searches untrusted authorization servers when `false`
           schema:
             type: boolean
         - name: q
           in: query
-          description: Searches the name or audience of the associated authorization servers
+          description: Searches for the name or audience of the associated authorization servers
+          example: customasone
           schema:
             type: string
         - name: limit
@@ -2880,6 +3637,9 @@ paths:
                 type: array
                 items:
                   $ref: '#/components/schemas/AuthorizationServer'
+              examples:
+                ListAssocAuthServer:
+                  $ref: '#/components/examples/ListAssocAuthServerResponse'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -2891,10 +3651,15 @@ paths:
         - oauth2:
             - okta.authorizationServers.read
       tags:
-        - AuthorizationServer
+        - AuthorizationServerAssoc
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
     post:
-      summary: Create the Associated Authorization Servers
-      description: Creates the trusted relationships between the given authorization server and other authorization servers
+      summary: Create an associated Authorization Server
+      description: Creates trusted relationships between the given authorization server and other authorization servers
       operationId: createAssociatedServers
       x-codegen-request-body-name: associatedServerMediated
       requestBody:
@@ -2902,6 +3667,9 @@ paths:
           application/json:
             schema:
               $ref: '#/components/schemas/AssociatedServerMediated'
+            examples:
+              CreateAssocAuthServer:
+                $ref: '#/components/examples/CreateAssocAuthServerBody'
         required: true
       responses:
         '200':
@@ -2912,6 +3680,9 @@ paths:
                 type: array
                 items:
                   $ref: '#/components/schemas/AuthorizationServer'
+              examples:
+                CreateAssocAuthServer:
+                  $ref: '#/components/examples/CreateAssocAuthServerResponse'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -2925,14 +3696,19 @@ paths:
         - oauth2:
             - okta.authorizationServers.manage
       tags:
-        - AuthorizationServer
+        - AuthorizationServerAssoc
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
   /api/v1/authorizationServers/{authServerId}/associatedServers/{associatedServerId}:
     parameters:
       - $ref: '#/components/parameters/pathAuthServerId'
       - $ref: '#/components/parameters/pathAssociatedServerId'
     delete:
-      summary: Delete an Associated Authorization Server
-      description: Deletes an associated authorization server
+      summary: Delete an associated Authorization Server
+      description: Deletes an associated Authorization Server
       operationId: deleteAssociatedServer
       responses:
         '204':
@@ -2949,13 +3725,18 @@ paths:
         - oauth2:
             - okta.authorizationServers.manage
       tags:
-        - AuthorizationServer
+        - AuthorizationServerAssoc
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
   /api/v1/authorizationServers/{authServerId}/claims:
     parameters:
       - $ref: '#/components/parameters/pathAuthServerId'
     get:
-      summary: List all Custom Token Claims
-      description: Lists all custom token claims
+      summary: List all custom token Claims
+      description: Lists all custom token Claims defined for a specified custom authorization server
       operationId: listOAuth2Claims
       responses:
         '200':
@@ -2966,6 +3747,9 @@ paths:
                 type: array
                 items:
                   $ref: '#/components/schemas/OAuth2Claim'
+              examples:
+                ListCustomTokenClaims:
+                  $ref: '#/components/examples/ListCustomTokenClaimsResponse'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -2977,10 +3761,15 @@ paths:
         - oauth2:
             - okta.authorizationServers.read
       tags:
-        - AuthorizationServer
+        - AuthorizationServerClaims
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
     post:
-      summary: Create a Custom Token Claim
-      description: Creates a custom token claim
+      summary: Create a custom token Claim
+      description: Creates a custom token Claim for a custom authorization server
       operationId: createOAuth2Claim
       x-codegen-request-body-name: oAuth2Claim
       requestBody:
@@ -2988,6 +3777,9 @@ paths:
           application/json:
             schema:
               $ref: '#/components/schemas/OAuth2Claim'
+            examples:
+              CreateCustomTokenClaim:
+                $ref: '#/components/examples/CreateCustomTokenClaimBody'
         required: true
       responses:
         '201':
@@ -2996,6 +3788,9 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/OAuth2Claim'
+              examples:
+                CreateCustomTokenClaim:
+                  $ref: '#/components/examples/CreateCustomTokenClaimResponse'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -3009,14 +3804,19 @@ paths:
         - oauth2:
             - okta.authorizationServers.manage
       tags:
-        - AuthorizationServer
+        - AuthorizationServerClaims
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
   /api/v1/authorizationServers/{authServerId}/claims/{claimId}:
     parameters:
       - $ref: '#/components/parameters/pathAuthServerId'
       - $ref: '#/components/parameters/pathClaimId'
     get:
-      summary: Retrieve a Custom Token Claim
-      description: Retrieves a custom token claim
+      summary: Retrieve a custom token Claim
+      description: Retrieves a custom token Claim by the specified `claimId`
       operationId: getOAuth2Claim
       responses:
         '200':
@@ -3025,6 +3825,9 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/OAuth2Claim'
+              examples:
+                RetrieveCustomTokenClaim:
+                  $ref: '#/components/examples/RetrieveCustomTokenClaimResponse'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -3036,10 +3839,15 @@ paths:
         - oauth2:
             - okta.authorizationServers.read
       tags:
-        - AuthorizationServer
+        - AuthorizationServerClaims
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
     put:
-      summary: Replace a Custom Token Claim
-      description: Replaces a custom token claim
+      summary: Replace a custom token Claim
+      description: Replaces a custom token Claim specified by the `claimId`
       operationId: replaceOAuth2Claim
       x-codegen-request-body-name: oAuth2Claim
       requestBody:
@@ -3047,6 +3855,9 @@ paths:
           application/json:
             schema:
               $ref: '#/components/schemas/OAuth2Claim'
+            examples:
+              ReplaceCustomTokenClaim:
+                $ref: '#/components/examples/ReplaceCustomTokenClaimBody'
         required: true
       responses:
         '200':
@@ -3055,6 +3866,9 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/OAuth2Claim'
+              examples:
+                ReplaceCustomTokenClaim:
+                  $ref: '#/components/examples/ReplaceCustomTokenClaimResponse'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -3068,10 +3882,15 @@ paths:
         - oauth2:
             - okta.authorizationServers.manage
       tags:
-        - AuthorizationServer
+        - AuthorizationServerClaims
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
     delete:
-      summary: Delete a Custom Token Claim
-      description: Deletes a custom token claim
+      summary: Delete a custom token Claim
+      description: Deletes a custom token Claim specified by the `claimId`
       operationId: deleteOAuth2Claim
       responses:
         '204':
@@ -3088,13 +3907,18 @@ paths:
         - oauth2:
             - okta.authorizationServers.manage
       tags:
-        - AuthorizationServer
+        - AuthorizationServerClaims
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
   /api/v1/authorizationServers/{authServerId}/clients:
     parameters:
       - $ref: '#/components/parameters/pathAuthServerId'
     get:
-      summary: List all Clients
-      description: Lists all clients
+      summary: List all Client resources for an authorization server
+      description: Lists all Client resources for which the specified authorization server has tokens
       operationId: listOAuth2ClientsForAuthorizationServer
       responses:
         '200':
@@ -3105,6 +3929,9 @@ paths:
                 type: array
                 items:
                   $ref: '#/components/schemas/OAuth2Client'
+              examples:
+                ListClients:
+                  $ref: '#/components/examples/ListClientsResponse'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -3116,26 +3943,34 @@ paths:
         - oauth2:
             - okta.authorizationServers.read
       tags:
-        - AuthorizationServer
+        - AuthorizationServerClients
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
   /api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens:
     parameters:
       - $ref: '#/components/parameters/pathAuthServerId'
       - $ref: '#/components/parameters/pathClientId'
     get:
-      summary: List all Refresh Tokens for a Client
-      description: Lists all refresh tokens for a client
+      summary: List all refresh tokens for a Client
+      description: Lists all refresh tokens issued by an authorization server for a specific Client
       operationId: listRefreshTokensForAuthorizationServerAndClient
       parameters:
         - name: expand
           in: query
+          description: 'Valid value: `scope`. If specified, scope details are included in the `_embedded` attribute.'
           schema:
             type: string
         - name: after
           in: query
+          description: Specifies the pagination cursor for the next page of tokens
           schema:
             type: string
         - name: limit
           in: query
+          description: The maximum number of tokens to return (maximum 200)
           schema:
             type: integer
             format: int32
@@ -3149,6 +3984,9 @@ paths:
                 type: array
                 items:
                   $ref: '#/components/schemas/OAuth2RefreshToken'
+              examples:
+                ListRefreshTokenClients:
+                  $ref: '#/components/examples/ListRefreshTokensClientsResponse'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -3160,10 +3998,15 @@ paths:
         - oauth2:
             - okta.authorizationServers.read
       tags:
-        - AuthorizationServer
+        - AuthorizationServerClients
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
     delete:
-      summary: Revoke all Refresh Tokens for a Client
-      description: Revokes all refresh tokens for a client
+      summary: Revoke all refresh tokens for a Client
+      description: Revokes all refresh tokens for a Client
       operationId: revokeRefreshTokensForAuthorizationServerAndClient
       responses:
         '204':
@@ -3180,19 +4023,25 @@ paths:
         - oauth2:
             - okta.authorizationServers.manage
       tags:
-        - AuthorizationServer
+        - AuthorizationServerClients
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
   /api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}:
     parameters:
       - $ref: '#/components/parameters/pathAuthServerId'
       - $ref: '#/components/parameters/pathClientId'
       - $ref: '#/components/parameters/pathTokenId'
     get:
-      summary: Retrieve a Refresh Token for a Client
-      description: Retrieves a refresh token for a client
+      summary: Retrieve a refresh token for a Client
+      description: Retrieves a refresh token for a Client
       operationId: getRefreshTokenForAuthorizationServerAndClient
       parameters:
         - name: expand
           in: query
+          description: 'Valid value: `scope`. If specified, scope details are included in the `_embedded` attribute.'
           schema:
             type: string
       responses:
@@ -3202,6 +4051,9 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/OAuth2RefreshToken'
+              examples:
+                RetrieveRefreshTokenClient:
+                  $ref: '#/components/examples/RetrieveRefreshTokenClientResponse'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -3213,10 +4065,15 @@ paths:
         - oauth2:
             - okta.authorizationServers.read
       tags:
-        - AuthorizationServer
+        - AuthorizationServerClients
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
     delete:
-      summary: Revoke a Refresh Token for a Client
-      description: Revokes a refresh token for a client
+      summary: Revoke a refresh token for a Client
+      description: Revokes a refresh token for a Client
       operationId: revokeRefreshTokenForAuthorizationServerAndClient
       responses:
         '204':
@@ -3233,7 +4090,12 @@ paths:
         - oauth2:
             - okta.authorizationServers.manage
       tags:
-        - AuthorizationServer
+        - AuthorizationServerClients
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
   /api/v1/authorizationServers/{authServerId}/credentials/keys:
     parameters:
       - $ref: '#/components/parameters/pathAuthServerId'
@@ -3249,7 +4111,7 @@ paths:
               schema:
                 type: array
                 items:
-                  $ref: '#/components/schemas/JsonWebKey'
+                  $ref: '#/components/schemas/AuthorizationServerJsonWebKey'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -3261,7 +4123,12 @@ paths:
         - oauth2:
             - okta.authorizationServers.read
       tags:
-        - AuthorizationServer
+        - AuthorizationServerKeys
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
   /api/v1/authorizationServers/{authServerId}/credentials/lifecycle/keyRotate:
     parameters:
       - $ref: '#/components/parameters/pathAuthServerId'
@@ -3284,7 +4151,7 @@ paths:
               schema:
                 type: array
                 items:
-                  $ref: '#/components/schemas/JsonWebKey'
+                  $ref: '#/components/schemas/AuthorizationServerJsonWebKey'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -3298,7 +4165,12 @@ paths:
         - oauth2:
             - okta.authorizationServers.manage
       tags:
-        - AuthorizationServer
+        - AuthorizationServerKeys
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
   /api/v1/authorizationServers/{authServerId}/lifecycle/activate:
     parameters:
       - $ref: '#/components/parameters/pathAuthServerId'
@@ -3322,6 +4194,11 @@ paths:
             - okta.authorizationServers.manage
       tags:
         - AuthorizationServer
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
   /api/v1/authorizationServers/{authServerId}/lifecycle/deactivate:
     parameters:
       - $ref: '#/components/parameters/pathAuthServerId'
@@ -3345,6 +4222,11 @@ paths:
             - okta.authorizationServers.manage
       tags:
         - AuthorizationServer
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
   /api/v1/authorizationServers/{authServerId}/policies:
     parameters:
       - $ref: '#/components/parameters/pathAuthServerId'
@@ -3372,7 +4254,12 @@ paths:
         - oauth2:
             - okta.authorizationServers.read
       tags:
-        - AuthorizationServer
+        - AuthorizationServerPolicies
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
     post:
       summary: Create a Policy
       description: Creates a policy
@@ -3404,7 +4291,12 @@ paths:
         - oauth2:
             - okta.authorizationServers.manage
       tags:
-        - AuthorizationServer
+        - AuthorizationServerPolicies
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
   /api/v1/authorizationServers/{authServerId}/policies/{policyId}:
     parameters:
       - $ref: '#/components/parameters/pathAuthServerId'
@@ -3431,7 +4323,12 @@ paths:
         - oauth2:
             - okta.authorizationServers.read
       tags:
-        - AuthorizationServer
+        - AuthorizationServerPolicies
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
     put:
       summary: Replace a Policy
       description: Replaces a policy
@@ -3463,7 +4360,12 @@ paths:
         - oauth2:
             - okta.authorizationServers.manage
       tags:
-        - AuthorizationServer
+        - AuthorizationServerPolicies
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
     delete:
       summary: Delete a Policy
       description: Deletes a policy
@@ -3483,7 +4385,12 @@ paths:
         - oauth2:
             - okta.authorizationServers.manage
       tags:
-        - AuthorizationServer
+        - AuthorizationServerPolicies
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
   /api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/activate:
     parameters:
       - $ref: '#/components/parameters/pathAuthServerId'
@@ -3507,7 +4414,12 @@ paths:
         - oauth2:
             - okta.authorizationServers.manage
       tags:
-        - AuthorizationServer
+        - AuthorizationServerPolicies
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
   /api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/deactivate:
     parameters:
       - $ref: '#/components/parameters/pathAuthServerId'
@@ -3531,7 +4443,12 @@ paths:
         - oauth2:
             - okta.authorizationServers.manage
       tags:
-        - AuthorizationServer
+        - AuthorizationServerPolicies
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
   /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules:
     parameters:
       - $ref: '#/components/parameters/pathAuthServerId'
@@ -3560,7 +4477,12 @@ paths:
         - oauth2:
             - okta.authorizationServers.read
       tags:
-        - AuthorizationServer
+        - AuthorizationServerRules
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
     post:
       summary: Create a Policy Rule
       description: Creates a policy rule for the specified Custom Authorization Server and Policy
@@ -3592,7 +4514,12 @@ paths:
         - oauth2:
             - okta.authorizationServers.manage
       tags:
-        - AuthorizationServer
+        - AuthorizationServerRules
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
   /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}:
     parameters:
       - $ref: '#/components/parameters/pathAuthServerId'
@@ -3620,7 +4547,12 @@ paths:
         - oauth2:
             - okta.authorizationServers.read
       tags:
-        - AuthorizationServer
+        - AuthorizationServerRules
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
     put:
       summary: Replace a Policy Rule
       description: Replaces the configuration of the Policy Rule defined in the specified Custom Authorization Server and Policy
@@ -3652,7 +4584,12 @@ paths:
         - oauth2:
             - okta.authorizationServers.manage
       tags:
-        - AuthorizationServer
+        - AuthorizationServerRules
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
     delete:
       summary: Delete a Policy Rule
       description: Deletes a Policy Rule defined in the specified Custom Authorization Server and Policy
@@ -3672,7 +4609,12 @@ paths:
         - oauth2:
             - okta.authorizationServers.manage
       tags:
-        - AuthorizationServer
+        - AuthorizationServerRules
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
   /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/activate:
     parameters:
       - $ref: '#/components/parameters/pathAuthServerId'
@@ -3697,7 +4639,12 @@ paths:
         - oauth2:
             - okta.authorizationServers.manage
       tags:
-        - AuthorizationServer
+        - AuthorizationServerRules
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
   /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate:
     parameters:
       - $ref: '#/components/parameters/pathAuthServerId'
@@ -3722,7 +4669,12 @@ paths:
         - oauth2:
             - okta.authorizationServers.manage
       tags:
-        - AuthorizationServer
+        - AuthorizationServerRules
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
   /api/v1/authorizationServers/{authServerId}/scopes:
     parameters:
       - $ref: '#/components/parameters/pathAuthServerId'
@@ -3739,7 +4691,7 @@ paths:
           in: query
           schema:
             type: string
-        - name: cursor
+        - name: after
           in: query
           schema:
             type: string
@@ -3769,7 +4721,12 @@ paths:
         - oauth2:
             - okta.authorizationServers.read
       tags:
-        - AuthorizationServer
+        - AuthorizationServerScopes
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
     post:
       summary: Create a Custom Token Scope
       description: Creates a custom token scope
@@ -3801,7 +4758,12 @@ paths:
         - oauth2:
             - okta.authorizationServers.manage
       tags:
-        - AuthorizationServer
+        - AuthorizationServerScopes
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
   /api/v1/authorizationServers/{authServerId}/scopes/{scopeId}:
     parameters:
       - $ref: '#/components/parameters/pathAuthServerId'
@@ -3828,7 +4790,12 @@ paths:
         - oauth2:
             - okta.authorizationServers.read
       tags:
-        - AuthorizationServer
+        - AuthorizationServerScopes
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
     put:
       summary: Replace a Custom Token Scope
       description: Replaces a custom token scope
@@ -3860,7 +4827,12 @@ paths:
         - oauth2:
             - okta.authorizationServers.manage
       tags:
-        - AuthorizationServer
+        - AuthorizationServerScopes
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
     delete:
       summary: Delete a Custom Token Scope
       description: Deletes a custom token scope
@@ -3880,7 +4852,12 @@ paths:
         - oauth2:
             - okta.authorizationServers.manage
       tags:
-        - AuthorizationServer
+        - AuthorizationServerScopes
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - API Access Management
   /api/v1/behaviors:
     get:
       summary: List all Behavior Detection Rules
@@ -3905,6 +4882,9 @@ paths:
             - okta.behaviors.read
       tags:
         - Behavior
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create a Behavior Detection Rule
       description: Creates a new behavior detection rule
@@ -3948,6 +4928,9 @@ paths:
             - okta.behaviors.manage
       tags:
         - Behavior
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/behaviors/{behaviorId}:
     parameters:
       - $ref: '#/components/parameters/pathBehaviorId'
@@ -3981,6 +4964,9 @@ paths:
             - okta.behaviors.read
       tags:
         - Behavior
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace a Behavior Detection Rule
       description: Replaces a Behavior Detection Rule by `behaviorId`
@@ -4033,6 +5019,9 @@ paths:
             - okta.behaviors.manage
       tags:
         - Behavior
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete a Behavior Detection Rule
       description: Deletes a Behavior Detection Rule by `behaviorId`
@@ -4059,6 +5048,9 @@ paths:
             - okta.behaviors.manage
       tags:
         - Behavior
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/behaviors/{behaviorId}/lifecycle/activate:
     parameters:
       - $ref: '#/components/parameters/pathBehaviorId'
@@ -4088,6 +5080,9 @@ paths:
             - okta.behaviors.manage
       tags:
         - Behavior
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/behaviors/{behaviorId}/lifecycle/deactivate:
     parameters:
       - $ref: '#/components/parameters/pathBehaviorId'
@@ -4117,19 +5112,22 @@ paths:
             - okta.behaviors.manage
       tags:
         - Behavior
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands:
-    parameters:
-      - $ref: '#/components/parameters/queryExpandBrand'
-      - $ref: '#/components/parameters/queryAfter'
-      - $ref: '#/components/parameters/queryLimit'
-      - $ref: '#/components/parameters/queryFilter'
     get:
       summary: List all Brands
       description: Lists all the brands in your org
       operationId: listBrands
+      parameters:
+        - $ref: '#/components/parameters/queryExpandBrand'
+        - $ref: '#/components/parameters/queryAfter'
+        - $ref: '#/components/parameters/queryLimit'
+        - $ref: '#/components/parameters/queryFilter'
       responses:
         '200':
-          description: OK
+          description: Successfully returned the list of brands
           content:
             application/json:
               schema:
@@ -4148,7 +5146,10 @@ paths:
         - oauth2:
             - okta.brands.read
       tags:
-        - Customization
+        - Brands
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create a Brand
       description: Creates a new brand in your org
@@ -4163,7 +5164,7 @@ paths:
                 $ref: '#/components/examples/CreateBrandRequest'
       responses:
         '201':
-          description: Created
+          description: Successfully created the brand
           content:
             application/json:
               schema:
@@ -4175,6 +5176,15 @@ paths:
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
+        '409':
+          description: Could not create the new brand because same name already exist.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Cannot create brand with the same name:
+                  $ref: '#/components/examples/ErrorCreateBrandExists'
         '429':
           $ref: '#/components/responses/ErrorTooManyRequests429'
       security:
@@ -4182,18 +5192,22 @@ paths:
         - oauth2:
             - okta.brands.manage
       tags:
-        - Customization
+        - Brands
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
-      - $ref: '#/components/parameters/queryExpandBrand'
     get:
       summary: Retrieve a Brand
       description: Retrieves a brand by `brandId`
       operationId: getBrand
+      parameters:
+        - $ref: '#/components/parameters/queryExpandBrand'
       responses:
         '200':
-          description: OK
+          description: Successfully retrieved the brand
           content:
             application/json:
               schema:
@@ -4212,10 +5226,19 @@ paths:
         - oauth2:
             - okta.brands.read
       tags:
-        - Customization
+        - Brands
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace a Brand
-      description: Replaces a brand by `brandId`
+      description: |+
+        Replaces a brand by `brandId`
+
+        Passing an invalid `brandId` returns a `404 Not Found` status code with the error code `E0000007`.
+
+        Not providing `agreeToCustomPrivacyPolicy` with `customPrivacyPolicyUrl` returns a `400 Bad Request` status code with the error code `E0000001`.
+
       operationId: replaceBrand
       x-codegen-request-body-name: brand
       requestBody:
@@ -4229,7 +5252,7 @@ paths:
         required: true
       responses:
         '200':
-          description: OK
+          description: Successfully replaced the brand
           content:
             application/json:
               schema:
@@ -4250,7 +5273,10 @@ paths:
         - oauth2:
             - okta.brands.manage
       tags:
-        - Customization
+        - Brands
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete a brand
       description: Deletes a brand by `brandId`
@@ -4280,7 +5306,10 @@ paths:
         - oauth2:
             - okta.brands.manage
       tags:
-        - Customization
+        - Brands
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}/domains:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
@@ -4290,7 +5319,7 @@ paths:
       operationId: listBrandDomains
       responses:
         '200':
-          description: OK
+          description: Successfully returned the list of domains for the brand
           content:
             application/json:
               schema:
@@ -4306,7 +5335,10 @@ paths:
         - oauth2:
             - okta.brands.read
       tags:
-        - Customization
+        - Brands
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}/pages/error:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
@@ -4333,7 +5365,10 @@ paths:
         - oauth2:
             - okta.brands.read
       tags:
-        - Customization
+        - CustomPages
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}/pages/error/customized:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
@@ -4364,7 +5399,10 @@ paths:
         - oauth2:
             - okta.brands.read
       tags:
-        - Customization
+        - CustomPages
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace the Customized Error Page
       description: Replaces the customized error page. The customized error page appears in your live environment.
@@ -4400,7 +5438,10 @@ paths:
         - oauth2:
             - okta.brands.manage
       tags:
-        - Customization
+        - CustomPages
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete the Customized Error Page
       description: Deletes the customized error page. As a result, the default error page appears in your live environment.
@@ -4420,7 +5461,10 @@ paths:
         - oauth2:
             - okta.brands.manage
       tags:
-        - Customization
+        - CustomPages
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}/pages/error/default:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
@@ -4446,7 +5490,10 @@ paths:
         - oauth2:
             - okta.brands.read
       tags:
-        - Customization
+        - CustomPages
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}/pages/error/preview:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
@@ -4477,7 +5524,10 @@ paths:
         - oauth2:
             - okta.brands.read
       tags:
-        - Customization
+        - CustomPages
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace the Preview Error Page
       description: Replaces the preview error page. The preview error page contains unpublished changes and isn't shown in your live environment. Preview it at `${yourOktaDomain}/error/preview`.
@@ -4513,7 +5563,10 @@ paths:
         - oauth2:
             - okta.brands.manage
       tags:
-        - Customization
+        - CustomPages
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete the Preview Error Page
       description: Deletes the preview error page. The preview error page contains unpublished changes and isn't shown in your live environment. Preview it at `${yourOktaDomain}/error/preview`.
@@ -4533,7 +5586,10 @@ paths:
         - oauth2:
             - okta.brands.manage
       tags:
-        - Customization
+        - CustomPages
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}/pages/sign-in:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
@@ -4560,7 +5616,10 @@ paths:
         - oauth2:
             - okta.brands.read
       tags:
-        - Customization
+        - CustomPages
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}/pages/sign-in/customized:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
@@ -4591,7 +5650,10 @@ paths:
         - oauth2:
             - okta.brands.read
       tags:
-        - Customization
+        - CustomPages
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace the Customized Sign-in Page
       description: Replaces the customized sign-in page. The customized sign-in page appears in your live environment.
@@ -4627,7 +5689,10 @@ paths:
         - oauth2:
             - okta.brands.manage
       tags:
-        - Customization
+        - CustomPages
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete the Customized Sign-in Page
       description: Deletes the customized sign-in page. As a result, the default sign-in page appears in your live environment.
@@ -4647,7 +5712,10 @@ paths:
         - oauth2:
             - okta.brands.manage
       tags:
-        - Customization
+        - CustomPages
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}/pages/sign-in/default:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
@@ -4673,7 +5741,10 @@ paths:
         - oauth2:
             - okta.brands.read
       tags:
-        - Customization
+        - CustomPages
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}/pages/sign-in/preview:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
@@ -4704,7 +5775,10 @@ paths:
         - oauth2:
             - okta.brands.read
       tags:
-        - Customization
+        - CustomPages
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace the Preview Sign-in Page
       description: Replaces the preview sign-in page. The preview sign-in page contains unpublished changes and isn't shown in your live environment. Preview it at `${yourOktaDomain}/login/preview`.
@@ -4740,7 +5814,10 @@ paths:
         - oauth2:
             - okta.brands.manage
       tags:
-        - Customization
+        - CustomPages
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete the Preview Sign-in Page
       description: Deletes the preview sign-in page. The preview sign-in page contains unpublished changes and isn't shown in your live environment. Preview it at `${yourOktaDomain}/login/preview`.
@@ -4760,7 +5837,10 @@ paths:
         - oauth2:
             - okta.brands.manage
       tags:
-        - Customization
+        - CustomPages
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}/pages/sign-in/widget-versions:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
@@ -4789,7 +5869,10 @@ paths:
         - oauth2:
             - okta.brands.read
       tags:
-        - Customization
+        - CustomPages
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}/pages/sign-out/customized:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
@@ -4815,7 +5898,10 @@ paths:
         - oauth2:
             - okta.brands.read
       tags:
-        - Customization
+        - CustomPages
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace the Sign-out Page Settings
       description: Replaces the sign-out page settings
@@ -4846,13 +5932,16 @@ paths:
         - oauth2:
             - okta.brands.manage
       tags:
-        - Customization
+        - CustomPages
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}/templates/email:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
     get:
       summary: List all Email Templates
-      description: Lists all email templates
+      description: Lists all supported email templates
       operationId: listEmailTemplates
       parameters:
         - $ref: '#/components/parameters/queryAfter'
@@ -4866,7 +5955,7 @@ paths:
               schema:
                 type: array
                 items:
-                  $ref: '#/components/schemas/EmailTemplate'
+                  $ref: '#/components/schemas/EmailTemplateResponse'
               examples:
                 List email templates response:
                   $ref: '#/components/examples/ListEmailTemplateResponse'
@@ -4886,7 +5975,10 @@ paths:
         - oauth2:
             - okta.templates.read
       tags:
-        - Customization
+        - CustomTemplates
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}/templates/email/{templateName}:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
@@ -4903,7 +5995,7 @@ paths:
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/EmailTemplate'
+                $ref: '#/components/schemas/EmailTemplateResponse'
               examples:
                 Get email template response:
                   $ref: '#/components/examples/GetEmailTemplateResponse'
@@ -4918,14 +6010,20 @@ paths:
         - oauth2:
             - okta.templates.read
       tags:
-        - Customization
+        - CustomTemplates
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}/templates/email/{templateName}/customizations:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
       - $ref: '#/components/parameters/pathTemplateName'
     get:
       summary: List all Email Customizations
-      description: Lists all customizations of an email template
+      description: |
+        Lists all customizations of an email template
+
+        <x-lifecycle class="ea"></x-lifecycle> If Custom languages for Okta Email Templates is enabled, all existing customizations are retrieved, including customizations for additional languages. If disabled, only customizations for Okta-supported languages are returned.
       operationId: listEmailCustomizations
       parameters:
         - $ref: '#/components/parameters/queryAfter'
@@ -4953,10 +6051,16 @@ paths:
         - oauth2:
             - okta.templates.read
       tags:
-        - Customization
+        - CustomTemplates
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create an Email Customization
-      description: Creates a new email customization
+      description: |
+        Creates a new Email Customization
+
+        <x-lifecycle class="ea"></x-lifecycle> If Custom languages for Okta Email Templates is enabled, you can create a customization for any BCP47 language in addition to the Okta-supported languages.
       operationId: createEmailCustomization
       x-codegen-request-body-name: instance
       requestBody:
@@ -5001,10 +6105,16 @@ paths:
         - oauth2:
             - okta.templates.manage
       tags:
-        - Customization
+        - CustomTemplates
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete all Email Customizations
-      description: Deletes all customizations for an email template
+      description: |
+        Deletes all customizations for an email template
+
+        <x-lifecycle class="ea"></x-lifecycle> If Custom languages for Okta Email Templates is enabled, all customizations are deleted, including customizations for additional languages. If disabled, only customizations in Okta-supported languages are deleted.
       operationId: deleteAllCustomizations
       responses:
         '204':
@@ -5021,7 +6131,10 @@ paths:
         - oauth2:
             - okta.templates.manage
       tags:
-        - Customization
+        - CustomTemplates
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
@@ -5029,7 +6142,10 @@ paths:
       - $ref: '#/components/parameters/pathCustomizationId'
     get:
       summary: Retrieve an Email Customization
-      description: Retrieves an email customization by its unique identifier
+      description: |
+        Retrieves an email customization by its unique identifier
+
+        <x-lifecycle class="ea"></x-lifecycle> If Custom languages for Okta Email Templates is disabled, requests to retrieve an additional language customization by ID result in a `404 Not Found` error response.
       operationId: getEmailCustomization
       responses:
         '200':
@@ -5052,10 +6168,16 @@ paths:
         - oauth2:
             - okta.templates.read
       tags:
-        - Customization
+        - CustomTemplates
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace an Email Customization
-      description: Replaces an existing email customization using the property values provided
+      description: |
+        Replaces an email customization using property values
+
+        <x-lifecycle class="ea"></x-lifecycle> If Custom languages for Okta Email Templates is disabled, requests to update a customization for an additional language return a `404 Not Found` error response.
       operationId: replaceEmailCustomization
       x-codegen-request-body-name: instance
       requestBody:
@@ -5103,10 +6225,16 @@ paths:
         - oauth2:
             - okta.templates.manage
       tags:
-        - Customization
+        - CustomTemplates
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete an Email Customization
-      description: Deletes an email customization by its unique identifier
+      description: |
+        Deletes an Email Customization by its unique identifier
+
+        <x-lifecycle class="ea"></x-lifecycle> If Custom languages for Okta Email Templates is disabled, deletion of an existing additional language customization by ID doesn't register.
       operationId: deleteEmailCustomization
       responses:
         '204':
@@ -5132,7 +6260,10 @@ paths:
         - oauth2:
             - okta.templates.manage
       tags:
-        - Customization
+        - CustomTemplates
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}/preview:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
@@ -5140,7 +6271,10 @@ paths:
       - $ref: '#/components/parameters/pathCustomizationId'
     get:
       summary: Retrieve a Preview of an Email Customization
-      description: Retrieves a preview of an email customization. All variable references (e.g., `${user.profile.firstName}`) are populated using the current user's context.
+      description: |
+        Retrieves a Preview of an Email Customization. All variable references are populated from the current user's context. For example, `${user.profile.firstName}`.
+
+        <x-lifecycle class="ea"></x-lifecycle> If Custom languages for Okta Email Templates is disabled, requests for the preview of an additional language customization by ID return a `404 Not Found` error response.
       operationId: getCustomizationPreview
       responses:
         '200':
@@ -5163,14 +6297,22 @@ paths:
         - oauth2:
             - okta.templates.read
       tags:
-        - Customization
+        - CustomTemplates
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}/templates/email/{templateName}/default-content:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
       - $ref: '#/components/parameters/pathTemplateName'
     get:
       summary: Retrieve an Email Template Default Content
-      description: Retrieves an email template's default content
+      description: |
+        Retrieves an email template's default content
+
+        <x-lifecycle class="ea"></x-lifecycle> Defaults to the current user's language given the following: 
+        - Custom languages for Okta Email Templates is enabled
+        - An additional language is specified for the `language` parameter
       operationId: getEmailDefaultContent
       parameters:
         - $ref: '#/components/parameters/queryLanguage'
@@ -5195,14 +6337,22 @@ paths:
         - oauth2:
             - okta.templates.read
       tags:
-        - Customization
+        - CustomTemplates
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}/templates/email/{templateName}/default-content/preview:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
       - $ref: '#/components/parameters/pathTemplateName'
     get:
-      summary: Retrieve a Preview of the Email Template Default Content
-      description: Retrieves a preview of an email template's default content. All variable references (e.g., `${user.profile.firstName}`) are populated using the current user's context.
+      summary: Retrieve a Preview of the Email Template default content
+      description: |
+        Retrieves a preview of an Email Template's default content. All variable references are populated using the current user's context. For example, `${user.profile.firstName}`.
+
+        <x-lifecycle class="ea"></x-lifecycle> Defaults to the current user's language given the following:
+        - Custom languages for Okta Email Templates is enabled
+        - An additional language is specified for the `language` parameter
       operationId: getEmailDefaultPreview
       parameters:
         - $ref: '#/components/parameters/queryLanguage'
@@ -5227,7 +6377,10 @@ paths:
         - oauth2:
             - okta.templates.read
       tags:
-        - Customization
+        - CustomTemplates
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}/templates/email/{templateName}/settings:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
@@ -5242,7 +6395,7 @@ paths:
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/EmailSettings'
+                $ref: '#/components/schemas/EmailSettingsResponse'
               examples:
                 Get email template settings response:
                   $ref: '#/components/examples/EmailSettingsResponse'
@@ -5257,7 +6410,10 @@ paths:
         - oauth2:
             - okta.templates.read
       tags:
-        - Customization
+        - CustomTemplates
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace the Email Template Settings
       description: Replaces an email template's settings
@@ -5268,8 +6424,15 @@ paths:
             schema:
               $ref: '#/components/schemas/EmailSettings'
       responses:
-        '204':
+        '200':
           description: Successfully updated the email template's settings.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EmailSettings'
+              examples:
+                Update email template settings:
+                  $ref: '#/components/examples/EmailSettingsResponse'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -5292,7 +6455,10 @@ paths:
         - oauth2:
             - okta.templates.manage
       tags:
-        - Customization
+        - CustomTemplates
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}/templates/email/{templateName}/test:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
@@ -5302,6 +6468,7 @@ paths:
       description: |-
         Sends a test email to the current user’s primary and secondary email addresses. The email content is selected based on the following priority:
         1. The email customization for the language specified in the `language` query parameter.
+        <x-lifecycle class="ea"></x-lifecycle> If Custom languages for Okta Email Templates is enabled and the `language` parameter is an additional language, the test email uses the customization corresponding to the language.
         2. The email template's default customization.
         3. The email template’s default content, translated to the current user's language.
       operationId: sendTestEmail
@@ -5322,23 +6489,32 @@ paths:
         - oauth2:
             - okta.templates.read
       tags:
-        - Customization
+        - CustomTemplates
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}/themes:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
     get:
       summary: List all Themes
-      description: Lists all the themes in your brand
+      description: |-
+        Lists all the themes in your brand.
+
+        > **Important:** Currently each org supports only one Theme, therefore this contains a single object only.
       operationId: listBrandThemes
       responses:
         '200':
-          description: OK
+          description: Successfully returned the list of themes
           content:
             application/json:
               schema:
                 type: array
                 items:
                   $ref: '#/components/schemas/ThemeResponse'
+              examples:
+                Get themes response:
+                  $ref: '#/components/examples/ListThemesResponse'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -5350,7 +6526,10 @@ paths:
         - oauth2:
             - okta.brands.read
       tags:
-        - Customization
+        - Themes
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}/themes/{themeId}:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
@@ -5361,11 +6540,14 @@ paths:
       operationId: getBrandTheme
       responses:
         '200':
-          description: OK
+          description: Successfully retrieved the theme
           content:
             application/json:
               schema:
                 $ref: '#/components/schemas/ThemeResponse'
+              examples:
+                Get theme response:
+                  $ref: '#/components/examples/GetThemeResponse'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -5377,7 +6559,10 @@ paths:
         - oauth2:
             - okta.brands.read
       tags:
-        - Customization
+        - Themes
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace a Theme
       description: Replaces a theme for a brand
@@ -5387,15 +6572,21 @@ paths:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/Theme'
+              $ref: '#/components/schemas/UpdateThemeRequest'
+            examples:
+              Update theme request:
+                $ref: '#/components/examples/UpdateThemeRequest'
         required: true
       responses:
         '200':
-          description: OK
+          description: Successfully replaced the theme
           content:
             application/json:
               schema:
                 $ref: '#/components/schemas/ThemeResponse'
+              examples:
+                Update theme response:
+                  $ref: '#/components/examples/UpdateThemeResponse'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -5409,7 +6600,10 @@ paths:
         - oauth2:
             - okta.brands.manage
       tags:
-        - Customization
+        - Themes
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}/themes/{themeId}/background-image:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
@@ -5433,7 +6627,7 @@ paths:
         description: background image file
       responses:
         '201':
-          description: Created
+          description: Content Created
           content:
             application/json:
               schema:
@@ -5451,7 +6645,10 @@ paths:
         - oauth2:
             - okta.brands.manage
       tags:
-        - Customization
+        - Themes
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete the Background Image
       description: Deletes a Theme background image
@@ -5471,7 +6668,10 @@ paths:
         - oauth2:
             - okta.brands.manage
       tags:
-        - Customization
+        - Themes
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}/themes/{themeId}/favicon:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
@@ -5485,7 +6685,7 @@ paths:
           multipart/form-data:
             schema:
               type: object
-              description: The file must be in PNG, or ico format and less than ?? in size and 128 x 128 dimensions
+              description: The file must be in PNG or ICO format and have a 1:1 ratio with a maximum dimension of 512 x 512
               properties:
                 file:
                   type: string
@@ -5513,7 +6713,10 @@ paths:
         - oauth2:
             - okta.brands.manage
       tags:
-        - Customization
+        - Themes
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete the Favicon
       description: Deletes a Theme favicon. The theme will use the default Okta favicon.
@@ -5533,7 +6736,10 @@ paths:
         - oauth2:
             - okta.brands.manage
       tags:
-        - Customization
+        - Themes
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/brands/{brandId}/themes/{themeId}/logo:
     parameters:
       - $ref: '#/components/parameters/pathBrandId'
@@ -5575,7 +6781,10 @@ paths:
         - oauth2:
             - okta.brands.manage
       tags:
-        - Customization
+        - Themes
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete the Logo
       description: Deletes a Theme logo. The theme will use the default Okta logo.
@@ -5595,7 +6804,10 @@ paths:
         - oauth2:
             - okta.brands.manage
       tags:
-        - Customization
+        - Themes
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/captchas:
     get:
       summary: List all CAPTCHA Instances
@@ -5620,6 +6832,11 @@ paths:
             - okta.captchas.read
       tags:
         - CAPTCHA
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
     post:
       summary: Create a CAPTCHA instance
       description: Creates a new CAPTCHA instance. Currently, an org can only configure a single CAPTCHA instance.
@@ -5669,6 +6886,11 @@ paths:
             - okta.captchas.manage
       tags:
         - CAPTCHA
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/captchas/{captchaId}:
     parameters:
       - $ref: '#/components/parameters/pathCaptchaId'
@@ -5700,6 +6922,11 @@ paths:
             - okta.captchas.read
       tags:
         - CAPTCHA
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
     post:
       summary: Update a CAPTCHA Instance
       description: Partially updates the properties of a specified CAPTCHA instance
@@ -5742,6 +6969,11 @@ paths:
             - okta.captchas.manage
       tags:
         - CAPTCHA
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
     put:
       summary: Replace a CAPTCHA Instance
       description: Replaces the properties for a specified CAPTCHA instance
@@ -5784,6 +7016,11 @@ paths:
             - okta.captchas.manage
       tags:
         - CAPTCHA
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
     delete:
       summary: Delete a CAPTCHA Instance
       description: |-
@@ -5815,6 +7052,11 @@ paths:
             - okta.captchas.manage
       tags:
         - CAPTCHA
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/device-assurances:
     get:
       summary: List all Device Assurance Policies
@@ -5839,6 +7081,11 @@ paths:
             - okta.deviceAssurance.read
       tags:
         - DeviceAssurance
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
     post:
       summary: Create a Device Assurance Policy
       description: Creates a new Device Assurance Policy
@@ -5864,6 +7111,18 @@ paths:
                 $ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersRequest'
               WindowsWithThirdPartySignalProviders:
                 $ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersRequest'
+              AndroidWithDynamicVersionRequirement:
+                $ref: '#/components/examples/DeviceAssuranceAndroidWithDynamicVersionRequirementRequest'
+              iOSWithDynamicVersionRequirement:
+                $ref: '#/components/examples/DeviceAssuranceIosWithDynamicVersionRequirementRequest'
+              MacOSWithDynamicVersionRequirement:
+                $ref: '#/components/examples/DeviceAssuranceMacOSWithDynamicVersionRequirementRequest'
+              WindowsWithDynamicVersionRequirements:
+                $ref: '#/components/examples/DeviceAssuranceWindowsWithDynamicVersionRequirementsRequest'
+              WindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionString:
+                $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringRequest'
+              WindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirement:
+                $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementRequest'
         required: true
       responses:
         '200':
@@ -5887,6 +7146,18 @@ paths:
                   $ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersResponse'
                 WindowsWithThirdPartySignalProviders:
                   $ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersResponse'
+                AndroidWithDynamicVersionRequirement:
+                  $ref: '#/components/examples/DeviceAssuranceAndroidWithDynamicVersionRequirementResponse'
+                iOSWithDynamicVersionRequirement:
+                  $ref: '#/components/examples/DeviceAssuranceIosWithDynamicVersionRequirementResponse'
+                MacOSWithDynamicVersionRequirement:
+                  $ref: '#/components/examples/DeviceAssuranceMacOSWithDynamicVersionRequirementResponse'
+                WindowsWithDynamicVersionRequirements:
+                  $ref: '#/components/examples/DeviceAssuranceWindowsWithDynamicVersionRequirementsResponse'
+                WindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionString:
+                  $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringResponse'
+                WindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirement:
+                  $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementResponse'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -5899,6 +7170,11 @@ paths:
             - okta.deviceAssurance.manage
       tags:
         - DeviceAssurance
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/device-assurances/{deviceAssuranceId}:
     parameters:
       - $ref: '#/components/parameters/pathDeviceAssuranceId'
@@ -5928,6 +7204,18 @@ paths:
                   $ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersResponse'
                 WindowsWithThirdPartySignalProviders:
                   $ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersResponse'
+                AndroidWithDynamicVersionRequirement:
+                  $ref: '#/components/examples/DeviceAssuranceAndroidWithDynamicVersionRequirementResponse'
+                iOSWithDynamicVersionRequirement:
+                  $ref: '#/components/examples/DeviceAssuranceIosWithDynamicVersionRequirementResponse'
+                MacOSWithDynamicVersionRequirement:
+                  $ref: '#/components/examples/DeviceAssuranceMacOSWithDynamicVersionRequirementResponse'
+                WindowsWithDynamicVersionRequirements:
+                  $ref: '#/components/examples/DeviceAssuranceWindowsWithDynamicVersionRequirementsResponse'
+                WindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionString:
+                  $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringResponse'
+                WindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirement:
+                  $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementResponse'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -5940,6 +7228,11 @@ paths:
             - okta.deviceAssurance.read
       tags:
         - DeviceAssurance
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
     put:
       summary: Replace a Device Assurance Policy
       description: Replaces a Device Assurance Policy by `deviceAssuranceId`
@@ -5965,6 +7258,18 @@ paths:
                 $ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersRequest'
               WindowsWithThirdPartySignalProviders:
                 $ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersRequest'
+              AndroidWithDynamicVersionRequirement:
+                $ref: '#/components/examples/DeviceAssuranceAndroidWithDynamicVersionRequirementRequest'
+              iOSWithDynamicVersionRequirement:
+                $ref: '#/components/examples/DeviceAssuranceIosWithDynamicVersionRequirementRequest'
+              MacOSWithDynamicVersionRequirement:
+                $ref: '#/components/examples/DeviceAssuranceMacOSWithDynamicVersionRequirementRequest'
+              WindowsWithDynamicVersionRequirements:
+                $ref: '#/components/examples/DeviceAssuranceWindowsWithDynamicVersionRequirementsRequest'
+              WindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionString:
+                $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringRequest'
+              WindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirement:
+                $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementRequest'
         required: true
       responses:
         '200':
@@ -5988,6 +7293,18 @@ paths:
                   $ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersResponse'
                 WindowsWithThirdPartySignalProviders:
                   $ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersResponse'
+                AndroidWithDynamicVersionRequirement:
+                  $ref: '#/components/examples/DeviceAssuranceAndroidWithDynamicVersionRequirementResponse'
+                iOSWithDynamicVersionRequirement:
+                  $ref: '#/components/examples/DeviceAssuranceIosWithDynamicVersionRequirementResponse'
+                MacOSWithDynamicVersionRequirement:
+                  $ref: '#/components/examples/DeviceAssuranceMacOSWithDynamicVersionRequirementResponse'
+                WindowsWithDynamicVersionRequirements:
+                  $ref: '#/components/examples/DeviceAssuranceWindowsWithDynamicVersionRequirementsResponse'
+                WindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionString:
+                  $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringResponse'
+                WindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirement:
+                  $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementResponse'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -6002,6 +7319,11 @@ paths:
             - okta.deviceAssurance.manage
       tags:
         - DeviceAssurance
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
     delete:
       summary: Delete a Device Assurance Policy
       description: Deletes a Device Assurance Policy by `deviceAssuranceId`. If the Device Assurance Policy is currently being used in the org Authentication Policies, the delete will not be allowed.
@@ -6031,6 +7353,11 @@ paths:
             - okta.deviceAssurance.manage
       tags:
         - DeviceAssurance
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/devices:
     get:
       summary: List all Devices
@@ -6042,7 +7369,12 @@ paths:
         This operation requires [URL encoding](https://www.w3.org/TR/html4/interact/forms.html#h-17.13.4.1). For example, `search=profile.displayName eq "Bob"` is encoded as `search=profile.displayName%20eq%20%22Bob%22`.
       operationId: listDevices
       parameters:
-        - $ref: '#/components/parameters/queryAfter'
+        - name: after
+          in: query
+          schema:
+            type: string
+            description: The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](/#pagination) for more information.
+            example: 200u3des4afA47rYJu1d7
         - name: limit
           in: query
           schema:
@@ -6050,12 +7382,14 @@ paths:
             minimum: 1
             maximum: 200
             default: 200
+            example: 20
           description: A limit on the number of objects to return (recommend `20`)
         - name: search
           in: query
           description: A SCIM filter expression that filters the results. Searches include all Device `profile` properties and the Device `id`, `status`, and `lastUpdated` properties.
           schema:
             type: string
+            example: lastUpdated gt "2019-06-01T09:00:00.000Z"
           examples:
             Devices that have a `status` of `ACTIVE`:
               value: status eq "ACTIVE"
@@ -6071,11 +7405,23 @@ paths:
               value: profile.sid sw "S-1"
         - name: expand
           in: query
+          description: Includes associated user details and management status for the device in the `_embedded` attribute
           schema:
             type: string
-            # enum:
-            #   - user # TODO: REVISIT WITH API TEAM
-          description: Lists associated users for the device in `_embedded` element
+            example: userSummary
+            enum:
+              - user
+              - userSummary
+            x-enumDescriptions:
+              user: Lists full details for associated users
+              userSummary: Lists summaries for associated users
+          examples:
+            UserFullDetails:
+              summary: Get a detailed list of associated users
+              value: user
+            UserSummaries:
+              summary: Get the list of associated user summaries
+              value: userSummary
       responses:
         '200':
           description: OK
@@ -6084,8 +7430,11 @@ paths:
               schema:
                 type: array
                 items:
-                  $ref: '#/components/schemas/Device'
+                  $ref: '#/components/schemas/DeviceList'
               examples:
+                APIDevicesResponseUserSummaryExample:
+                  type: array
+                  $ref: '#/components/examples/APIDevicesListAllUserSummaryResponse'
                 APIDevicesResponseExample:
                   type: array
                   $ref: '#/components/examples/APIDevicesListAllResponse'
@@ -6099,6 +7448,11 @@ paths:
             - okta.devices.read
       tags:
         - Device
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/devices/{deviceId}:
     parameters:
       - $ref: '#/components/parameters/pathDeviceId'
@@ -6128,10 +7482,15 @@ paths:
             - okta.devices.read
       tags:
         - Device
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
     delete:
       summary: Delete a Device
       description: |-
-        Deletes (permanently) a device by `deviceId` if it has a status of `DEACTIVATED`. You can transition the device to `DEACTIVATED` status using the [Deactivate a Device](#tag/Device/operation/deactivateDevice) endpoint.
+        Deletes (permanently) a device by `deviceId` if it has a status of `DEACTIVATED`. You can transition the device to `DEACTIVATED` status using the [Deactivate a Device](/openapi/okta-management/management/tag/Device/#tag/Device/operation/deactivateDevice) endpoint.
         This request is destructive and deletes all of the profile data related to the device. Once deleted, device data can't be recovered. However, reenrollment creates a new device record.
         > **Note:** Attempts to delete a device that isn't in a `DEACTIVATED` state raise an error.
       operationId: deleteDevice
@@ -6158,6 +7517,11 @@ paths:
             - okta.devices.manage
       tags:
         - Device
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/devices/{deviceId}/lifecycle/activate:
     parameters:
       - $ref: '#/components/parameters/pathDeviceId'
@@ -6182,6 +7546,11 @@ paths:
             - okta.devices.manage
       tags:
         - Device
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/devices/{deviceId}/lifecycle/deactivate:
     parameters:
       - $ref: '#/components/parameters/pathDeviceId'
@@ -6210,6 +7579,11 @@ paths:
             - okta.devices.manage
       tags:
         - Device
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/devices/{deviceId}/lifecycle/suspend:
     parameters:
       - $ref: '#/components/parameters/pathDeviceId'
@@ -6236,6 +7610,11 @@ paths:
             - okta.devices.manage
       tags:
         - Device
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/devices/{deviceId}/lifecycle/unsuspend:
     parameters:
       - $ref: '#/components/parameters/pathDeviceId'
@@ -6260,6 +7639,11 @@ paths:
             - okta.devices.manage
       tags:
         - Device
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/devices/{deviceId}/users:
     parameters:
       - $ref: '#/components/parameters/pathDeviceId'
@@ -6292,6 +7676,53 @@ paths:
             - okta.devices.read
       tags:
         - Device
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
+  /api/v1/directories/{appInstanceId}/groups/modify:
+    parameters:
+      - $ref: '#/components/parameters/appInstanceId'
+    post:
+      summary: Update an AD Group membership
+      description: Updates an AD Group membership directly in AD
+      operationId: updateADGroupMembership
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AgentAction'
+        required: true
+      responses:
+        '200':
+          description: OK
+        '400':
+          description: Bad Request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                APIValidationFailed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '502':
+          $ref: '#/components/responses/Error502NoConnectedAgents'
+        '504':
+          $ref: '#/components/responses/Error504AgentTimeOut'
+      security:
+        - oauth2:
+            - okta.directories.groups.manage
+      tags:
+        - DirectoriesIntegration
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
   /api/v1/domains:
     get:
       summary: List all Custom Domains
@@ -6314,36 +7745,42 @@ paths:
             - okta.domains.read
       tags:
         - CustomDomain
-    # post:
-    #   summary: Create a Custom Domain
-    #   description: Creates your custom domain
-    #   operationId: createCustomDomain
-    #   x-codegen-request-body-name: domain
-    #   requestBody:
-    #     content:
-    #       application/json:
-    #         schema:
-    #           $ref: '#/components/schemas/DomainRequest'
-    #     required: true
-    #   responses:
-    #     '200':
-    #       description: Success
-    #       content:
-    #         application/json:
-    #           schema:
-    #             $ref: '#/components/schemas/DomainResponse'
-    #     '400':
-    #       $ref: '#/components/responses/ErrorApiValidationFailed400'
-    #     '403':
-    #       $ref: '#/components/responses/ErrorAccessDenied403'
-    #     '429':
-    #       $ref: '#/components/responses/ErrorTooManyRequests429'
-    #   security:
-    #     - apiToken: []
-    #     - oauth2:
-    #         - okta.domains.manage
-    #   tags:
-    #     - CustomDomain
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+    post:
+      summary: Create a Custom Domain
+      description: Creates your custom domain
+      operationId: createCustomDomain
+      x-codegen-request-body-name: domain
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/DomainRequest'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/DomainResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.domains.manage
+      tags:
+        - CustomDomain
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/domains/{domainId}:
     parameters:
       - $ref: '#/components/parameters/pathDomainId'
@@ -6370,6 +7807,9 @@ paths:
             - okta.domains.read
       tags:
         - CustomDomain
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace a Custom Domain's Brand
       description: Replaces a custom domain's brand
@@ -6401,6 +7841,9 @@ paths:
             - okta.domains.manage
       tags:
         - CustomDomain
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete a Custom Domain
       description: Deletes a custom domain by `domainId`
@@ -6421,6 +7864,9 @@ paths:
             - okta.domains.manage
       tags:
         - CustomDomain
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/domains/{domainId}/certificate:
     parameters:
       - $ref: '#/components/parameters/pathDomainId'
@@ -6453,6 +7899,9 @@ paths:
             - okta.domains.manage
       tags:
         - CustomDomain
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/domains/{domainId}/verify:
     parameters:
       - $ref: '#/components/parameters/pathDomainId'
@@ -6479,6 +7928,9 @@ paths:
             - okta.domains.manage
       tags:
         - CustomDomain
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/email-domains:
     parameters:
       - $ref: '#/components/parameters/queryExpandEmailDomain'
@@ -6508,6 +7960,9 @@ paths:
             - okta.emailDomains.read
       tags:
         - EmailDomain
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create an Email Domain
       description: Creates an Email Domain in your org
@@ -6555,6 +8010,9 @@ paths:
             - okta.emailDomains.manage
       tags:
         - EmailDomain
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/email-domains/{emailDomainId}:
     parameters:
       - $ref: '#/components/parameters/pathEmailDomainId'
@@ -6585,6 +8043,9 @@ paths:
             - okta.emailDomains.read
       tags:
         - EmailDomain
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace an Email Domain
       description: Replaces associated username and sender display name by `emailDomainId`
@@ -6623,6 +8084,9 @@ paths:
             - okta.emailDomains.manage
       tags:
         - EmailDomain
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete an Email Domain
       description: Deletes an Email Domain by `emailDomainId`
@@ -6652,6 +8116,9 @@ paths:
             - okta.emailDomains.manage
       tags:
         - EmailDomain
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/email-domains/{emailDomainId}/verify:
     parameters:
       - $ref: '#/components/parameters/pathEmailDomainId'
@@ -6692,10 +8159,13 @@ paths:
             - okta.emailDomains.manage
       tags:
         - EmailDomain
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/email-servers:
     get:
       summary: List all enrolled SMTP servers
-      description: Lists all the enrolled custom email SMTP servers
+      description: Lists all the enrolled custom SMTP server configurations
       operationId: listEmailServers
       responses:
         '200':
@@ -6714,9 +8184,14 @@ paths:
             - okta.emailServers.read
       tags:
         - EmailServer
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
     post:
       summary: Create a custom SMTP server
-      description: Creates a custom email SMTP server configuration for your organization
+      description: Creates a custom email SMTP server configuration for your org
       operationId: createEmailServer
       requestBody:
         content:
@@ -6742,12 +8217,17 @@ paths:
             - okta.emailServers.manage
       tags:
         - EmailServer
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/email-servers/{emailServerId}:
     parameters:
       - $ref: '#/components/parameters/pathEmailServerId'
     get:
       summary: Retrieve an SMTP Server configuration
-      description: Retrieves a configuration of your organization's custom SMTP server with the given ID
+      description: Retrieves the specified custom SMTP server configuration
       operationId: getEmailServer
       responses:
         '200':
@@ -6768,9 +8248,14 @@ paths:
             - okta.emailServers.read
       tags:
         - EmailServer
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
     patch:
       summary: Update an SMTP Server configuration
-      description: Updates one or more fields of your organization's custom SMTP Server configuration
+      description: Updates the specified custom SMTP server configuration
       operationId: updateEmailServer
       requestBody:
         content:
@@ -6798,9 +8283,14 @@ paths:
             - okta.emailServers.manage
       tags:
         - EmailServer
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
     delete:
       summary: Delete an SMTP Server configuration
-      description: Deletes your organization's custom SMTP server with the given ID
+      description: Deletes the specified custom SMTP server configuration
       operationId: deleteEmailServer
       responses:
         '204':
@@ -6817,12 +8307,17 @@ paths:
             - okta.emailServers.manage
       tags:
         - EmailServer
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/email-servers/{emailServerId}/test:
     parameters:
       - $ref: '#/components/parameters/pathEmailServerId'
     post:
       summary: Test an SMTP Server configuration
-      description: Tests your organization's custom SMTP Server with the given ID
+      description: Tests the specified custom SMTP Server configuration
       operationId: testEmailServer
       requestBody:
         content:
@@ -6846,6 +8341,11 @@ paths:
             - okta.emailServers.manage
       tags:
         - EmailServer
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/eventHooks:
     get:
       summary: List all Event Hooks
@@ -6860,6 +8360,9 @@ paths:
                 type: array
                 items:
                   $ref: '#/components/schemas/EventHook'
+              examples:
+                RetrieveAllEventHooks:
+                  $ref: '#/components/examples/RetrieveAllEventHooks'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '429':
@@ -6870,9 +8373,23 @@ paths:
             - okta.eventHooks.read
       tags:
         - EventHook
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create an Event Hook
-      description: Creates an event hook
+      description: |-
+        Creates a new event hook for your organization in `ACTIVE` status. You pass an event hook object in the JSON payload
+        of your request. That object represents the set of required information about the event hook you're registering, including:
+          * The URI of your external service
+          * The [events](https://developer.okta.com/docs/reference/api/event-types/) in Okta you want to subscribe to
+          * An optional event hook filter that can reduce the number of event hook calls. This is a self-service Early Access (EA) feature.
+            See [Create an event hook filter](https://developer.okta.com/docs/concepts/event-hooks/#create-an-event-hook-filter).
+
+            Additionally, you can specify a secret API key for Okta to pass to your external service endpoint for security verification. Note that the API key you set here is unrelated to the Okta API token
+        you must supply when making calls to Okta APIs. Optionally, you can specify extra headers that Okta passes to your external
+        service with each call.
+        Your external service must use a valid HTTPS endpoint.
       operationId: createEventHook
       x-codegen-request-body-name: eventHook
       requestBody:
@@ -6880,6 +8397,11 @@ paths:
           application/json:
             schema:
               $ref: '#/components/schemas/EventHook'
+            examples:
+              CreateAnEventHook:
+                $ref: '#/components/examples/CreateAnEventHook'
+              CreateAnEventHookWithFilter:
+                $ref: '#/components/examples/CreateAnEventHookWithFilter'
         required: true
       responses:
         '200':
@@ -6888,6 +8410,11 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/EventHook'
+              examples:
+                CreateAnEventHook:
+                  $ref: '#/components/examples/RetrieveAnEventHook'
+                CreateAnEventHookWithFilter:
+                  $ref: '#/components/examples/RetrieveAnEventHookWithFilter'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -6900,6 +8427,9 @@ paths:
             - okta.eventHooks.manage
       tags:
         - EventHook
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/eventHooks/{eventHookId}:
     parameters:
       - $ref: '#/components/parameters/pathEventHookId'
@@ -6914,6 +8444,9 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/EventHook'
+              examples:
+                RetrieveAnEventHook:
+                  $ref: '#/components/examples/RetrieveAnEventHook'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -6926,9 +8459,16 @@ paths:
             - okta.eventHooks.read
       tags:
         - EventHook
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace an Event Hook
-      description: Replaces an event hook
+      description: |-
+        Replaces an event hook. Okta validates the new properties before replacing the existing values.
+        Some event hook properties are immutable and can't be updated. Refer to the parameter description in the request body schema.
+
+        >**Note:** Updating the `channel` property requires you to verify the hook again.
       operationId: replaceEventHook
       x-codegen-request-body-name: eventHook
       requestBody:
@@ -6936,6 +8476,9 @@ paths:
           application/json:
             schema:
               $ref: '#/components/schemas/EventHook'
+            examples:
+              ReplaceAnEventHook:
+                $ref: '#/components/examples/ReplaceAnEventHookWithFilter'
         required: true
       responses:
         '200':
@@ -6944,6 +8487,9 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/EventHook'
+              examples:
+                ReplaceAnEventHook:
+                  $ref: '#/components/examples/RetrieveAnEventHookWithFilter'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -6958,9 +8504,14 @@ paths:
             - okta.eventHooks.manage
       tags:
         - EventHook
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete an Event Hook
-      description: Deletes an event hook
+      description: |-
+        Deletes the event hook that matches the provided `id`. After deletion, the event hook is unrecoverable.
+        As a safety precaution, you can only delete event hooks with a status of `INACTIVE`.
       operationId: deleteEventHook
       responses:
         '204':
@@ -6978,12 +8529,15 @@ paths:
             - okta.eventHooks.manage
       tags:
         - EventHook
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/eventHooks/{eventHookId}/lifecycle/activate:
     parameters:
       - $ref: '#/components/parameters/pathEventHookId'
     post:
       summary: Activate an Event Hook
-      description: Activates an event hook
+      description: Activates the event hook that matches the provided `id`
       operationId: activateEventHook
       responses:
         '200':
@@ -6992,6 +8546,9 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/EventHook'
+              examples:
+                ActivateAnEventHook:
+                  $ref: '#/components/examples/RetrieveAnEventHook'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -7004,12 +8561,15 @@ paths:
             - okta.eventHooks.manage
       tags:
         - EventHook
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/eventHooks/{eventHookId}/lifecycle/deactivate:
     parameters:
       - $ref: '#/components/parameters/pathEventHookId'
     post:
       summary: Deactivate an Event Hook
-      description: Deactivates an event hook
+      description: Deactivates the event hook that matches the provided `id`
       operationId: deactivateEventHook
       responses:
         '200':
@@ -7018,6 +8578,9 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/EventHook'
+              examples:
+                DeactivateAnEventHook:
+                  $ref: '#/components/examples/RetrieveADeactivatedEventHook'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -7030,12 +8593,21 @@ paths:
             - okta.eventHooks.manage
       tags:
         - EventHook
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/eventHooks/{eventHookId}/lifecycle/verify:
     parameters:
       - $ref: '#/components/parameters/pathEventHookId'
     post:
       summary: Verify an Event Hook
-      description: Verifies an event hook
+      description: |-
+        Verifies that the event hook matches the provided `eventHookId`. To verify ownership, your endpoint must send information back to Okta in JSON format. See [Event hooks](https://developer.okta.com/docs/concepts/event-hooks/#one-time-verification-request).
+
+        Only `ACTIVE` and `VERIFIED` event hooks can receive events from Okta.
+
+        If a response is not received within 3 seconds, the outbound request times out. One retry is attempted after a timeout or error response.
+        If a successful response still isn't received, this operation returns a 400 error with more information about the failure.
       operationId: verifyEventHook
       responses:
         '200':
@@ -7044,6 +8616,11 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/EventHook'
+              examples:
+                VerifyAnEventHook:
+                  $ref: '#/components/examples/RetrieveAnEventHook'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -7056,10 +8633,13 @@ paths:
             - okta.eventHooks.manage
       tags:
         - EventHook
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/features:
     get:
       summary: List all Features
-      description: Lists all features
+      description: Lists all self-service features for your org
       operationId: listFeatures
       responses:
         '200':
@@ -7070,6 +8650,10 @@ paths:
                 type: array
                 items:
                   $ref: '#/components/schemas/Feature'
+              examples:
+                FeaturesList:
+                  summary: List all self-service features for your org
+                  $ref: '#/components/examples/ListFeaturesResponse'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '429':
@@ -7080,12 +8664,15 @@ paths:
             - okta.features.read
       tags:
         - Feature
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/features/{featureId}:
     parameters:
       - $ref: '#/components/parameters/pathFeatureId'
     get:
       summary: Retrieve a Feature
-      description: Retrieves a feature
+      description: Retrieves a feature by ID
       operationId: getFeature
       responses:
         '200':
@@ -7094,6 +8681,10 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/Feature'
+              examples:
+                FeaturesRetrieve:
+                  summary: Retrieve a Feature by ID
+                  $ref: '#/components/examples/RetrieveFeaturesResponse'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -7106,12 +8697,18 @@ paths:
             - okta.features.read
       tags:
         - Feature
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/features/{featureId}/dependencies:
     parameters:
       - $ref: '#/components/parameters/pathFeatureId'
     get:
-      summary: List all Dependencies
-      description: Lists all dependencies
+      summary: List all dependencies
+      description: |-
+        Lists all feature dependencies for a specified feature.
+
+        A feature's dependencies are the features that it requires to be enabled in order for itself to be enabled.
       operationId: listFeatureDependencies
       responses:
         '200':
@@ -7122,6 +8719,10 @@ paths:
                 type: array
                 items:
                   $ref: '#/components/schemas/Feature'
+              examples:
+                FeaturesDependenciesList:
+                  summary: List all Dependencies
+                  $ref: '#/components/examples/ListFeatureDependenciesResponse'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -7134,12 +8735,18 @@ paths:
             - okta.features.read
       tags:
         - Feature
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/features/{featureId}/dependents:
     parameters:
       - $ref: '#/components/parameters/pathFeatureId'
     get:
-      summary: List all Dependents
-      description: Lists all dependents
+      summary: List all dependents
+      description: |-
+        Lists all feature dependents for the specified feature.
+
+        A feature's dependents are the features that need to be disabled in order for the feature itself to be disabled.
       operationId: listFeatureDependents
       responses:
         '200':
@@ -7150,6 +8757,10 @@ paths:
                 type: array
                 items:
                   $ref: '#/components/schemas/Feature'
+              examples:
+                FeaturesDependentsList:
+                  summary: List all feature dependents for the specified feature
+                  $ref: '#/components/examples/ListFeatureDependentsResponse'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -7162,17 +8773,32 @@ paths:
             - okta.features.read
       tags:
         - Feature
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/features/{featureId}/{lifecycle}:
     parameters:
       - $ref: '#/components/parameters/pathFeatureId'
       - $ref: '#/components/parameters/pathLifecycle'
     post:
-      summary: Update a Feature Lifecycle
-      description: Updates a feature lifecycle
+      summary: Update a Feature lifecycle
+      description: |-
+        Updates a feature's lifecycle status. Use this endpoint to enable or disable a feature for your org.
+
+        Use the `mode=force` parameter to override dependency restrictions for a particular feature. Normally, you can't enable a feature if it has one or more dependencies that aren't enabled.
+
+        When you use the `mode=force` parameter while enabling a feature, Okta first tries to enable any disabled features that this feature may have as dependencies. If you don't pass the `mode=force` parameter and the feature has dependencies that need to be enabled before the feature is enabled, a 400 error is returned.
+
+        When you use the `mode=force` parameter while disabling a feature, Okta first tries to disable any enabled features that this feature may have as dependents. If you don't pass the `mode=force` parameter and the feature has dependents that need to be disabled before the feature is disabled, a 400 error is returned.
+
+        The following chart shows the different state transitions for a feature.
+
+        ![State transitions of a feature](../../../../../images/features/update-ssfeat-flowchart.png '#width=500px;')
       operationId: updateFeatureLifecycle
       parameters:
         - name: mode
           in: query
+          description: Indicates if you want to force enable or disable a feature. Supported value is `force`.
           schema:
             type: string
       responses:
@@ -7182,6 +8808,10 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/Feature'
+              examples:
+                FeaturesUpdate:
+                  summary: Update the feature lifecycle status
+                  $ref: '#/components/examples/UpdateFeatureLifecycleResponse'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -7194,6 +8824,84 @@ paths:
             - okta.features.manage
       tags:
         - Feature
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+  /api/v1/first-party-app-settings/{appName}:
+    parameters:
+      - $ref: '#/components/parameters/pathFirstPartyAppName'
+    get:
+      summary: Retrieve the Okta Application Settings
+      description: Retrieves the settings for an Okta app (also known as an Okta first-party app)
+      operationId: getFirstPartyAppSettings
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AdminConsoleSettings'
+              examples:
+                exampleSettings:
+                  $ref: '#/components/examples/AdminConsoleSettingsExample'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.read
+      tags:
+        - OktaApplicationSettings
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+    put:
+      summary: Replace the Okta Application Settings
+      description: Replaces the settings for an Okta app (also known as an Okta first-party app)
+      operationId: replaceFirstPartyAppSettings
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AdminConsoleSettings'
+            examples:
+              exampleSettings:
+                $ref: '#/components/examples/AdminConsoleSettingsExample'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AdminConsoleSettings'
+              examples:
+                exampleSettings:
+                  $ref: '#/components/examples/AdminConsoleSettingsExample'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.manage
+      tags:
+        - OktaApplicationSettings
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/groups:
     get:
       summary: List all Groups
@@ -7265,6 +8973,9 @@ paths:
             - okta.groups.read
       tags:
         - Group
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create a Group
       description: Creates a new group with `OKTA_GROUP` type
@@ -7295,6 +9006,9 @@ paths:
             - okta.groups.manage
       tags:
         - Group
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/groups/rules:
     get:
       summary: List all Group Rules
@@ -7343,6 +9057,9 @@ paths:
             - okta.groups.read
       tags:
         - Group
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create a Group Rule
       description: Creates a group rule to dynamically add users to the specified group if they match the condition
@@ -7373,6 +9090,9 @@ paths:
             - okta.groups.manage
       tags:
         - Group
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/groups/rules/{groupRuleId}:
     parameters:
       - $ref: '#/components/parameters/pathGroupRuleId'
@@ -7404,6 +9124,9 @@ paths:
             - okta.groups.read
       tags:
         - Group
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace a Group Rule
       description: Replaces a group rule. Only `INACTIVE` rules can be updated.
@@ -7436,6 +9159,9 @@ paths:
             - okta.groups.manage
       tags:
         - Group
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete a group Rule
       description: Deletes a specific group rule by `groupRuleId`
@@ -7462,6 +9188,9 @@ paths:
             - okta.groups.manage
       tags:
         - Group
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/groups/rules/{groupRuleId}/lifecycle/activate:
     parameters:
       - $ref: '#/components/parameters/pathGroupRuleId'
@@ -7485,6 +9214,9 @@ paths:
             - okta.groups.manage
       tags:
         - Group
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/groups/rules/{groupRuleId}/lifecycle/deactivate:
     parameters:
       - $ref: '#/components/parameters/pathGroupRuleId'
@@ -7508,6 +9240,9 @@ paths:
             - okta.groups.manage
       tags:
         - Group
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/groups/{groupId}:
     parameters:
       - $ref: '#/components/parameters/pathGroupId'
@@ -7534,6 +9269,9 @@ paths:
             - okta.groups.read
       tags:
         - Group
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace a Group
       description: Replaces the profile for a group with `OKTA_GROUP` type
@@ -7566,6 +9304,9 @@ paths:
             - okta.groups.manage
       tags:
         - Group
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete a Group
       description: Deletes a group with `OKTA_GROUP` type
@@ -7586,6 +9327,9 @@ paths:
             - okta.groups.manage
       tags:
         - Group
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/groups/{groupId}/apps:
     parameters:
       - $ref: '#/components/parameters/pathGroupId'
@@ -7627,6 +9371,9 @@ paths:
             - okta.groups.read
       tags:
         - Group
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/groups/{groupId}/owners:
     parameters:
       - $ref: '#/components/parameters/pathGroupId'
@@ -7635,7 +9382,7 @@ paths:
       description: Lists all owners for a specific group
       operationId: listGroupOwners
       parameters:
-        - name: filter
+        - name: search
           in: query
           description: SCIM Filter expression for group owners. Allows to filter owners by type.
           schema:
@@ -7677,17 +9424,16 @@ paths:
         - oauth2:
             - okta.groups.read
       tags:
-        - Group
+        - GroupOwner
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Assign a Group Owner
       description: Assigns a group owner
       operationId: assignGroupOwner
       parameters:
-        - name: groupId
-          in: path
-          required: true
-          schema:
-            type: string
+        - $ref: '#/components/parameters/pathGroupId'
       requestBody:
         content:
           application/json:
@@ -7720,7 +9466,10 @@ paths:
         - oauth2:
             - okta.groups.manage
       tags:
-        - Group
+        - GroupOwner
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/groups/{groupId}/owners/{ownerId}:
     parameters:
       - $ref: '#/components/parameters/pathGroupId'
@@ -7744,7 +9493,10 @@ paths:
         - oauth2:
             - okta.groups.manage
       tags:
-        - Group
+        - GroupOwner
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/groups/{groupId}/roles:
     parameters:
       - $ref: '#/components/parameters/pathGroupId'
@@ -7778,6 +9530,9 @@ paths:
             - okta.roles.read
       tags:
         - RoleAssignment
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Assign a Role to a Group
       description: Assigns a role to a group
@@ -7819,6 +9574,9 @@ paths:
             - okta.roles.manage
       tags:
         - RoleAssignment
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/groups/{groupId}/roles/{roleId}:
     parameters:
       - $ref: '#/components/parameters/pathGroupId'
@@ -7846,6 +9604,9 @@ paths:
             - okta.roles.read
       tags:
         - RoleAssignment
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Unassign a Role from a Group
       description: Unassigns a role identified by `roleId` assigned to group identified by `groupId`
@@ -7866,6 +9627,9 @@ paths:
             - okta.roles.manage
       tags:
         - RoleAssignment
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps:
     parameters:
       - $ref: '#/components/parameters/pathGroupId'
@@ -7906,6 +9670,9 @@ paths:
             - okta.roles.read
       tags:
         - RoleTarget
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}:
     parameters:
       - $ref: '#/components/parameters/pathGroupId'
@@ -7931,6 +9698,9 @@ paths:
             - okta.roles.manage
       tags:
         - RoleTarget
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Unassign an Application Target from Application Administrator Role
       description: Unassigns an application target from application administrator role
@@ -7951,6 +9721,9 @@ paths:
             - okta.roles.manage
       tags:
         - RoleTarget
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{appId}:
     parameters:
       - $ref: '#/components/parameters/pathGroupId'
@@ -7977,6 +9750,9 @@ paths:
             - okta.roles.manage
       tags:
         - RoleTarget
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Unassign an Application Instance Target from an Application Administrator Role
       description: Unassigns an application instance target from application administrator role
@@ -7997,6 +9773,9 @@ paths:
             - okta.roles.manage
       tags:
         - RoleTarget
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/groups/{groupId}/roles/{roleId}/targets/groups:
     parameters:
       - $ref: '#/components/parameters/pathGroupId'
@@ -8037,6 +9816,9 @@ paths:
             - okta.roles.read
       tags:
         - RoleTarget
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}:
     parameters:
       - $ref: '#/components/parameters/pathGroupId'
@@ -8062,6 +9844,9 @@ paths:
             - okta.roles.manage
       tags:
         - RoleTarget
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Unassign a Group Target from a Group Role
       description: Unassigns a group target from a group role
@@ -8082,6 +9867,9 @@ paths:
             - okta.roles.manage
       tags:
         - RoleTarget
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/groups/{groupId}/users:
     parameters:
       - $ref: '#/components/parameters/pathGroupId'
@@ -8090,11 +9878,26 @@ paths:
       description: Lists all users that are a member of a group
       operationId: listGroupUsers
       parameters:
-        - name: after
+        - name: search
+          in: query
+          description: Searches for users with a supported filtering expression for user name, primary email, or user name
+          schema:
+            type: string
+        - name: sortBy
+          in: query
+          description: Specifies which field to sort by. This can be any single property.
+          schema:
+            type: string
+            example: id
+        - name: sortOrder
           in: query
-          description: Specifies the pagination cursor for the next page of users
+          description: |-
+            Specifies sort order: `asc` or `desc`. This parameter is ignored if `sortBy` is not present.
+            Users with the same value for the `sortBy` parameter are ordered by `id`.
           schema:
             type: string
+            default: asc
+        - $ref: '#/components/parameters/queryAfter'
         - name: limit
           in: query
           description: Specifies the number of user results in a page
@@ -8110,7 +9913,7 @@ paths:
               schema:
                 type: array
                 items:
-                  $ref: '#/components/schemas/User'
+                  $ref: '#/components/schemas/GroupMember'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -8123,6 +9926,9 @@ paths:
             - okta.groups.read
       tags:
         - Group
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/groups/{groupId}/users/{userId}:
     parameters:
       - $ref: '#/components/parameters/pathGroupId'
@@ -8147,6 +9953,9 @@ paths:
             - okta.groups.manage
       tags:
         - Group
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Unassign a User
       description: Unassigns a user from a group with 'OKTA_GROUP' type
@@ -8167,6 +9976,9 @@ paths:
             - okta.groups.manage
       tags:
         - Group
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/hook-keys:
     get:
       summary: List all keys
@@ -8194,6 +10006,9 @@ paths:
             - okta.inlineHooks.read
       tags:
         - HookKey
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create a key
       description: |
@@ -8232,6 +10047,9 @@ paths:
             - okta.inlineHooks.manage
       tags:
         - HookKey
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/hook-keys/public/{publicKeyId}:
     parameters:
       - $ref: '#/components/parameters/pathPublicKeyId'
@@ -8261,6 +10079,9 @@ paths:
             - okta.inlineHooks.read
       tags:
         - HookKey
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/hook-keys/{hookKeyId}:
     parameters:
       - $ref: '#/components/parameters/pathHookKeyId'
@@ -8275,9 +10096,9 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/HookKey'
-                examples:
-                  ResponseExample:
-                    $ref: '#/components/examples/RetrieveKeyResponse'
+              examples:
+                ResponseExample:
+                  $ref: '#/components/examples/RetrieveKeyResponse'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -8290,6 +10111,9 @@ paths:
             - okta.inlineHooks.read
       tags:
         - HookKey
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace a key
       description: |
@@ -8313,9 +10137,9 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/HookKey'
-                examples:
-                  ResponseExample:
-                    $ref: '#/components/examples/ReplaceKeyResponse'
+              examples:
+                ResponseExample:
+                  $ref: '#/components/examples/ReplaceKeyResponse'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -8330,6 +10154,9 @@ paths:
             - okta.inlineHooks.manage
       tags:
         - HookKey
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete a key
       description: |
@@ -8353,6 +10180,9 @@ paths:
             - okta.inlineHooks.manage
       tags:
         - HookKey
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/iam/assignees/users:
     get:
       summary: List all Users with Role Assignments
@@ -8394,6 +10224,9 @@ paths:
             - okta.roles.read
       tags:
         - RoleAssignment
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/iam/resource-sets:
     get:
       summary: List all Resource Sets
@@ -8421,9 +10254,14 @@ paths:
             - okta.roles.read
       tags:
         - ResourceSet
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create a Resource Set
-      description: Creates a new Resource Set
+      description: |-
+        Creates a new Resource Set. See [Supported Resources](/openapi/okta-management/guides/roles/#supported-resources).
+        > **Note:** The maximum amount of `resources` allowed in a `resource set` object is 1000. Resources are identified by either an Okta Resource Name (ORN) or by a REST URL format. See [Okta Resource Name](/openapi/okta-management/guides/roles/#okta-resource-name-orn).
       operationId: createResourceSet
       x-codegen-request-body-name: instance
       requestBody:
@@ -8464,6 +10302,9 @@ paths:
             - okta.roles.manage
       tags:
         - ResourceSet
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/iam/resource-sets/{resourceSetId}:
     parameters:
       - $ref: '#/components/parameters/pathResourceSetId'
@@ -8493,6 +10334,9 @@ paths:
             - okta.roles.read
       tags:
         - ResourceSet
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace a Resource Set
       description: Replaces a Resource Set by `resourceSetId`
@@ -8531,6 +10375,9 @@ paths:
             - okta.roles.manage
       tags:
         - ResourceSet
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete a Resource Set
       description: Deletes a role by `resourceSetId`
@@ -8558,6 +10405,9 @@ paths:
             - okta.roles.manage
       tags:
         - ResourceSet
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/iam/resource-sets/{resourceSetId}/bindings:
     parameters:
       - $ref: '#/components/parameters/pathResourceSetId'
@@ -8589,6 +10439,9 @@ paths:
             - okta.roles.read
       tags:
         - ResourceSet
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create a Resource Set Binding
       description: Creates a new Resource Set binding
@@ -8634,6 +10487,9 @@ paths:
             - okta.roles.manage
       tags:
         - ResourceSet
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}:
     parameters:
       - $ref: '#/components/parameters/pathResourceSetId'
@@ -8664,6 +10520,9 @@ paths:
             - okta.roles.read
       tags:
         - ResourceSet
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete a Binding
       description: Deletes a Resource Set binding by `resourceSetId` and `roleIdOrLabel`
@@ -8691,6 +10550,9 @@ paths:
             - okta.roles.manage
       tags:
         - ResourceSet
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members:
     parameters:
       - $ref: '#/components/parameters/pathResourceSetId'
@@ -8723,6 +10585,9 @@ paths:
             - okta.roles.read
       tags:
         - ResourceSet
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     patch:
       summary: Add more Members to a binding
       description: Adds more members to a Resource Set binding
@@ -8768,6 +10633,9 @@ paths:
             - okta.roles.manage
       tags:
         - ResourceSet
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members/{memberId}:
     parameters:
       - $ref: '#/components/parameters/pathResourceSetId'
@@ -8799,6 +10667,9 @@ paths:
             - okta.roles.read
       tags:
         - ResourceSet
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Unassign a Member from a binding
       description: Unassigns a member identified by `memberId` from a binding
@@ -8827,6 +10698,9 @@ paths:
             - okta.roles.manage
       tags:
         - ResourceSet
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/iam/resource-sets/{resourceSetId}/resources:
     parameters:
       - $ref: '#/components/parameters/pathResourceSetId'
@@ -8856,6 +10730,9 @@ paths:
             - okta.roles.read
       tags:
         - ResourceSet
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     patch:
       summary: Add more Resource to a Resource Set
       description: Adds more resources to a Resource Set
@@ -8901,6 +10778,9 @@ paths:
             - okta.roles.manage
       tags:
         - ResourceSet
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/iam/resource-sets/{resourceSetId}/resources/{resourceId}:
     parameters:
       - $ref: '#/components/parameters/pathResourceSetId'
@@ -8932,6 +10812,9 @@ paths:
             - okta.roles.manage
       tags:
         - ResourceSet
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/iam/roles:
     get:
       summary: List all Roles
@@ -8959,6 +10842,9 @@ paths:
             - okta.roles.read
       tags:
         - Role
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create a Role
       description: Creates a new role
@@ -9002,6 +10888,9 @@ paths:
             - okta.roles.manage
       tags:
         - Role
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/iam/roles/{roleIdOrLabel}:
     parameters:
       - $ref: '#/components/parameters/pathRoleIdOrLabel'
@@ -9031,6 +10920,9 @@ paths:
             - okta.roles.read
       tags:
         - Role
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace a Role
       description: Replaces a role by `roleIdOrLabel`
@@ -9069,6 +10961,9 @@ paths:
             - okta.roles.manage
       tags:
         - Role
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete a Role
       description: Deletes a role by `roleIdOrLabel`
@@ -9096,6 +10991,9 @@ paths:
             - okta.roles.manage
       tags:
         - Role
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/iam/roles/{roleIdOrLabel}/permissions:
     parameters:
       - $ref: '#/components/parameters/pathRoleIdOrLabel'
@@ -9125,6 +11023,9 @@ paths:
             - okta.roles.read
       tags:
         - Role
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/iam/roles/{roleIdOrLabel}/permissions/{permissionType}:
     parameters:
       - $ref: '#/components/parameters/pathRoleIdOrLabel'
@@ -9155,6 +11056,9 @@ paths:
             - okta.roles.read
       tags:
         - Role
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create a Permission
       description: Creates a permission specified by `permissionType` to the role
@@ -9162,8 +11066,8 @@ paths:
       x-codegen-request-body-name: instance
       requestBody:
         x-okta-lifecycle:
-          features:
-            - CUSTOM_ADMIN_ROLES_CONDITIONS
+          lifecycle: GA
+          isGenerallyAvailable: true
         content:
           application/json:
             schema:
@@ -9189,10 +11093,13 @@ paths:
             - okta.roles.manage
       tags:
         - Role
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       x-okta-lifecycle:
-        features:
-          - CUSTOM_ADMIN_ROLES_CONDITIONS
+        lifecycle: GA
+        isGenerallyAvailable: true
       summary: Replace a Permission
       description: Replaces a permission specified by `permissionType` in the role
       operationId: replaceRolePermission
@@ -9257,6 +11164,9 @@ paths:
             - okta.roles.manage
       tags:
         - Role
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/identity-sources/{identitySourceId}/sessions:
     parameters:
       - $ref: '#/components/parameters/pathIdentitySourceId'
@@ -9288,6 +11198,10 @@ paths:
             - okta.identitySources.read
       tags:
         - IdentitySource
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
     post:
       summary: Create an Identity Source Session
       description: Creates an identity source session for the given identity source instance
@@ -9316,6 +11230,10 @@ paths:
             - okta.identitySources.manage
       tags:
         - IdentitySource
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
   /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}:
     parameters:
       - $ref: '#/components/parameters/pathIdentitySourceId'
@@ -9346,6 +11264,10 @@ paths:
             - okta.identitySources.read
       tags:
         - IdentitySource
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
     delete:
       summary: Delete an Identity Source Session
       description: Deletes an identity source session for a given `identitySourceId` and `sessionId`
@@ -9365,6 +11287,10 @@ paths:
             - okta.identitySources.manage
       tags:
         - IdentitySource
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
   /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/bulk-delete:
     parameters:
       - $ref: '#/components/parameters/pathIdentitySourceId'
@@ -9395,6 +11321,10 @@ paths:
             - okta.identitySources.manage
       tags:
         - IdentitySource
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
   /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/bulk-upsert:
     parameters:
       - $ref: '#/components/parameters/pathIdentitySourceId'
@@ -9425,6 +11355,10 @@ paths:
             - okta.identitySources.manage
       tags:
         - IdentitySource
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
   /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/start-import:
     parameters:
       - $ref: '#/components/parameters/pathIdentitySourceId'
@@ -9457,6 +11391,10 @@ paths:
             - okta.identitySources.manage
       tags:
         - IdentitySource
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
   /api/v1/idps:
     get:
       summary: List all Identity Providers
@@ -9504,6 +11442,9 @@ paths:
             - okta.idps.read
       tags:
         - IdentityProvider
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create an Identity Provider
       description: Creates a new identity provider integration
@@ -9534,6 +11475,9 @@ paths:
             - okta.idps.manage
       tags:
         - IdentityProvider
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/idps/credentials/keys:
     get:
       summary: List all Credential Keys
@@ -9571,6 +11515,9 @@ paths:
             - okta.idps.read
       tags:
         - IdentityProvider
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create an X.509 Certificate Public Key
       description: Creates a new X.509 certificate credential to the IdP key store.
@@ -9601,6 +11548,9 @@ paths:
             - okta.idps.manage
       tags:
         - IdentityProvider
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/idps/credentials/keys/{idpKeyId}:
     parameters:
       - $ref: '#/components/parameters/pathIdpKeyId'
@@ -9627,6 +11577,9 @@ paths:
             - okta.idps.read
       tags:
         - IdentityProvider
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete a Signing Credential Key
       description: Deletes a specific IdP Key Credential by `kid` if it is not currently being used by an Active or Inactive IdP
@@ -9647,6 +11600,9 @@ paths:
             - okta.idps.manage
       tags:
         - IdentityProvider
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/idps/{idpId}:
     parameters:
       - $ref: '#/components/parameters/pathIdpId'
@@ -9673,6 +11629,9 @@ paths:
             - okta.idps.read
       tags:
         - IdentityProvider
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace an Identity Provider
       description: Replaces an identity provider integration by `idpId`
@@ -9705,6 +11664,9 @@ paths:
             - okta.idps.manage
       tags:
         - IdentityProvider
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete an Identity Provider
       description: Deletes an identity provider integration by `idpId`
@@ -9725,6 +11687,9 @@ paths:
             - okta.idps.manage
       tags:
         - IdentityProvider
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/idps/{idpId}/credentials/csrs:
     parameters:
       - $ref: '#/components/parameters/pathIdpId'
@@ -9753,6 +11718,9 @@ paths:
             - okta.idps.read
       tags:
         - IdentityProvider
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Generate a Certificate Signing Request
       description: Generates a new key pair and returns a Certificate Signing Request for it
@@ -9785,6 +11753,9 @@ paths:
             - okta.idps.manage
       tags:
         - IdentityProvider
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/idps/{idpId}/credentials/csrs/{idpCsrId}:
     parameters:
       - $ref: '#/components/parameters/pathIdpId'
@@ -9812,6 +11783,9 @@ paths:
             - okta.idps.read
       tags:
         - IdentityProvider
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Revoke a Certificate Signing Request
       description: Revokes a certificate signing request and deletes the key pair from the IdP
@@ -9832,6 +11806,9 @@ paths:
             - okta.idps.manage
       tags:
         - IdentityProvider
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/idps/{idpId}/credentials/csrs/{idpCsrId}/lifecycle/publish:
     parameters:
       - $ref: '#/components/parameters/pathIdpId'
@@ -9879,6 +11856,9 @@ paths:
             - okta.idps.manage
       tags:
         - IdentityProvider
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/idps/{idpId}/credentials/keys:
     parameters:
       - $ref: '#/components/parameters/pathIdpId'
@@ -9907,6 +11887,9 @@ paths:
             - okta.idps.read
       tags:
         - IdentityProvider
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/idps/{idpId}/credentials/keys/generate:
     parameters:
       - $ref: '#/components/parameters/pathIdpId'
@@ -9941,6 +11924,9 @@ paths:
             - okta.idps.manage
       tags:
         - IdentityProvider
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/idps/{idpId}/credentials/keys/{idpKeyId}:
     parameters:
       - $ref: '#/components/parameters/pathIdpId'
@@ -9968,6 +11954,9 @@ paths:
             - okta.idps.read
       tags:
         - IdentityProvider
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/idps/{idpId}/credentials/keys/{idpKeyId}/clone:
     parameters:
       - $ref: '#/components/parameters/pathIdpId'
@@ -10001,6 +11990,9 @@ paths:
             - okta.idps.manage
       tags:
         - IdentityProvider
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/idps/{idpId}/lifecycle/activate:
     parameters:
       - $ref: '#/components/parameters/pathIdpId'
@@ -10027,6 +12019,9 @@ paths:
             - okta.idps.manage
       tags:
         - IdentityProvider
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/idps/{idpId}/lifecycle/deactivate:
     parameters:
       - $ref: '#/components/parameters/pathIdpId'
@@ -10053,6 +12048,9 @@ paths:
             - okta.idps.manage
       tags:
         - IdentityProvider
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/idps/{idpId}/users:
     parameters:
       - $ref: '#/components/parameters/pathIdpId'
@@ -10060,6 +12058,29 @@ paths:
       summary: List all Users
       description: Lists all users linked to the identity provider
       operationId: listIdentityProviderApplicationUsers
+      parameters:
+        - name: q
+          in: query
+          description: Searches the name property of IdPs for matching value
+          schema:
+            type: string
+        - name: after
+          in: query
+          description: Specifies the pagination cursor for the next page of IdPs
+          schema:
+            type: string
+        - name: limit
+          in: query
+          description: Specifies the number of IdP results in a page
+          schema:
+            type: integer
+            format: int32
+            default: 20
+        - name: expand
+          in: query
+          description: Expand user data
+          schema:
+            type: string
       responses:
         '200':
           description: Success
@@ -10081,6 +12102,9 @@ paths:
             - okta.idps.read
       tags:
         - IdentityProvider
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/idps/{idpId}/users/{userId}:
     parameters:
       - $ref: '#/components/parameters/pathIdpId'
@@ -10108,6 +12132,9 @@ paths:
             - okta.idps.read
       tags:
         - IdentityProvider
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Link a User to a Social IdP
       description: Links an Okta user to an existing Social Identity Provider. This does not support the SAML2 Identity Provider Type
@@ -10140,6 +12167,9 @@ paths:
             - okta.users.manage
       tags:
         - IdentityProvider
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Unlink a User from IdP
       description: Unlinks the link between the Okta user and the IdP user
@@ -10160,6 +12190,9 @@ paths:
             - okta.idps.manage
       tags:
         - IdentityProvider
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/idps/{idpId}/users/{userId}/credentials/tokens:
     parameters:
       - $ref: '#/components/parameters/pathIdpId'
@@ -10189,6 +12222,9 @@ paths:
             - okta.idps.read
       tags:
         - IdentityProvider
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/inlineHooks:
     get:
       summary: List all Inline Hooks
@@ -10208,6 +12244,9 @@ paths:
                 type: array
                 items:
                   $ref: '#/components/schemas/InlineHook'
+              examples:
+                AuthenticatorConfiguration:
+                  $ref: '#/components/examples/InlineHookTelephony'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '429':
@@ -10218,6 +12257,9 @@ paths:
             - okta.inlineHooks.read
       tags:
         - InlineHook
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create an Inline Hook
       description: Creates an inline hook
@@ -10248,6 +12290,9 @@ paths:
             - okta.inlineHooks.manage
       tags:
         - InlineHook
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/inlineHooks/{inlineHookId}:
     parameters:
       - $ref: '#/components/parameters/pathInlineHookId'
@@ -10262,6 +12307,9 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/InlineHook'
+              examples:
+                AuthenticatorConfiguration:
+                  $ref: '#/components/examples/InlineHookTelephony'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -10274,6 +12322,44 @@ paths:
             - okta.inlineHooks.read
       tags:
         - InlineHook
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+    post:
+      summary: Update an Inline Hook
+      description: Updates an inline hook by `inlineHookId`
+      operationId: updateInlineHook
+      x-codegen-request-body-name: inlineHook
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/InlineHook'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/InlineHook'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.inlineHooks.manage
+      tags:
+        - InlineHook
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace an Inline Hook
       description: Replaces an inline hook by `inlineHookId`
@@ -10306,6 +12392,9 @@ paths:
             - okta.inlineHooks.manage
       tags:
         - InlineHook
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete an Inline Hook
       description: Deletes an inline hook by `inlineHookId`. Once deleted, the Inline Hook is unrecoverable. As a safety precaution, only Inline Hooks with a status of INACTIVE are eligible for deletion.
@@ -10326,6 +12415,9 @@ paths:
             - okta.inlineHooks.manage
       tags:
         - InlineHook
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/inlineHooks/{inlineHookId}/execute:
     parameters:
       - $ref: '#/components/parameters/pathInlineHookId'
@@ -10361,6 +12453,9 @@ paths:
             - okta.inlineHooks.manage
       tags:
         - InlineHook
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/inlineHooks/{inlineHookId}/lifecycle/activate:
     parameters:
       - $ref: '#/components/parameters/pathInlineHookId'
@@ -10387,6 +12482,9 @@ paths:
             - okta.inlineHooks.manage
       tags:
         - InlineHook
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/inlineHooks/{inlineHookId}/lifecycle/deactivate:
     parameters:
       - $ref: '#/components/parameters/pathInlineHookId'
@@ -10413,6 +12511,9 @@ paths:
             - okta.inlineHooks.manage
       tags:
         - InlineHook
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/logStreams:
     get:
       summary: List all Log Streams
@@ -10449,6 +12550,10 @@ paths:
             - okta.logStreams.read
       tags:
         - LogStream
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
     post:
       summary: Create a Log Stream
       description: Creates a new Log Stream object
@@ -10492,6 +12597,10 @@ paths:
             - okta.logStreams.manage
       tags:
         - LogStream
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
   /api/v1/logStreams/{logStreamId}:
     parameters:
       - $ref: '#/components/parameters/pathLogStreamId'
@@ -10521,6 +12630,10 @@ paths:
             - okta.logStreams.read
       tags:
         - LogStream
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
     put:
       summary: Replace a Log Stream
       description: |-
@@ -10568,6 +12681,10 @@ paths:
             - okta.logStreams.manage
       tags:
         - LogStream
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
     delete:
       summary: Delete a Log Stream
       description: Deletes a Log Stream object from your org by ID
@@ -10595,6 +12712,10 @@ paths:
             - okta.logStreams.manage
       tags:
         - LogStream
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
   /api/v1/logStreams/{logStreamId}/lifecycle/activate:
     parameters:
       - $ref: '#/components/parameters/pathLogStreamId'
@@ -10624,6 +12745,10 @@ paths:
             - okta.logStreams.manage
       tags:
         - LogStream
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
   /api/v1/logStreams/{logStreamId}/lifecycle/deactivate:
     parameters:
       - $ref: '#/components/parameters/pathLogStreamId'
@@ -10653,6 +12778,10 @@ paths:
             - okta.logStreams.manage
       tags:
         - LogStream
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
   /api/v1/logs:
     get:
       summary: List all System Log Events
@@ -10710,6 +12839,10 @@ paths:
             - okta.logs.read
       tags:
         - SystemLog
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/mappings:
     get:
       summary: List all Profile Mappings
@@ -10766,6 +12899,10 @@ paths:
             - okta.profileMappings.read
       tags:
         - ProfileMapping
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
   /api/v1/mappings/{mappingId}:
     parameters:
       - $ref: '#/components/parameters/pathMappingId'
@@ -10796,6 +12933,10 @@ paths:
             - okta.profileMappings.read
       tags:
         - ProfileMapping
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
     post:
       summary: Update a Profile Mapping
       description: Updates an existing profile mapping by adding, updating, or removing one or many property mappings
@@ -10845,60 +12986,18 @@ paths:
             - okta.profileMappings.manage
       tags:
         - ProfileMapping
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
   /api/v1/meta/layouts/apps/{appName}:
     parameters:
       - $ref: '#/components/parameters/pathAppName'
-    get:
-      summary: Retrieve the links for UI schemas for an Application
-      description: Retrieves the links for UI schemas for an Application given `appName`
-      operationId: getAppUISchemaLinks
-      responses:
-        '200':
-          description: successful operation
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ApplicationLayouts'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - apiToken: []
-        - oauth2:
-            - okta.schemas.read
-      tags:
-        - Schema
   /api/v1/meta/layouts/apps/{appName}/sections/{section}/{operation}:
     parameters:
       - $ref: '#/components/parameters/pathAppName'
       - $ref: '#/components/parameters/pathSection'
       - $ref: '#/components/parameters/pathOperation'
-    get:
-      summary: Retrieve the UI schema for a section
-      description: Retrieves the UI schema for an Application given `appName`, `section` and `operation`
-      operationId: getAppUISchema
-      responses:
-        '200':
-          description: successful operation
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ApplicationLayout'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - apiToken: []
-        - oauth2:
-            - okta.schemas.read
-      tags:
-        - Schema
   /api/v1/meta/schemas/apps/{appId}/default:
     parameters:
       - $ref: '#/components/parameters/pathAppId'
@@ -10925,6 +13024,9 @@ paths:
             - okta.schemas.read
       tags:
         - Schema
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Update the default Application User Schema for an Application
       description: Partially updates on the User Profile properties of the Application User Schema
@@ -10963,6 +13065,9 @@ paths:
             - okta.schemas.manage
       tags:
         - Schema
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/meta/schemas/group/default:
     get:
       summary: Retrieve the default Group Schema
@@ -10989,6 +13094,9 @@ paths:
             - okta.schemas.read
       tags:
         - Schema
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Update the default Group Schema
       description: Updates the default group schema. This updates, adds, or removes one or more custom Group Profile properties in the schema.
@@ -11023,6 +13131,9 @@ paths:
             - okta.schemas.manage
       tags:
         - Schema
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/meta/schemas/logStream:
     get:
       summary: List the Log Stream Schemas
@@ -11050,6 +13161,10 @@ paths:
             - okta.logStreams.read
       tags:
         - Schema
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
   /api/v1/meta/schemas/logStream/{logStreamType}:
     parameters:
       - $ref: '#/components/parameters/pathLogStreamType'
@@ -11081,10 +13196,14 @@ paths:
             - okta.logStreams.read
       tags:
         - Schema
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
   /api/v1/meta/schemas/user/linkedObjects:
     get:
       summary: List all Linked Object Definitions
-      description: Lists all linked object definitions
+      description: Lists all Linked Object definitions
       operationId: listLinkedObjectDefinitions
       responses:
         '200':
@@ -11095,6 +13214,9 @@ paths:
                 type: array
                 items:
                   $ref: '#/components/schemas/LinkedObject'
+              examples:
+                ListLinkedObjectsEx:
+                  $ref: '#/components/examples/ListLinkedObjects'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '429':
@@ -11105,9 +13227,12 @@ paths:
             - okta.linkedObjects.read
       tags:
         - LinkedObject
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create a Linked Object Definition
-      description: Creates a linked object definition
+      description: Creates a Linked Object definition
       operationId: createLinkedObjectDefinition
       x-codegen-request-body-name: linkedObject
       requestBody:
@@ -11115,6 +13240,9 @@ paths:
           application/json:
             schema:
               $ref: '#/components/schemas/LinkedObject'
+            examples:
+              CreateLinkedObjectRequestEx:
+                $ref: '#/components/examples/CreateLinkedObjectRequest'
         required: true
       responses:
         '201':
@@ -11123,10 +13251,22 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/LinkedObject'
+              examples:
+                CreateLinkedObjectResponseEx:
+                  $ref: '#/components/examples/CreateLinkedObjectResponse'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
+        '409':
+          description: Conflict
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                ErrorInvalidLinkedObjectDefEx:
+                  $ref: '#/components/examples/ErrorInvalidLinkedObjectDef'
         '429':
           $ref: '#/components/responses/ErrorTooManyRequests429'
       security:
@@ -11135,12 +13275,15 @@ paths:
             - okta.linkedObjects.manage
       tags:
         - LinkedObject
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/meta/schemas/user/linkedObjects/{linkedObjectName}:
     parameters:
       - $ref: '#/components/parameters/pathLinkedObjectName'
     get:
       summary: Retrieve a Linked Object Definition
-      description: Retrieves a linked object definition
+      description: Retrieves a Linked Object definition
       operationId: getLinkedObjectDefinition
       responses:
         '200':
@@ -11149,6 +13292,9 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/LinkedObject'
+              examples:
+                CreateLinkedObjectResponseEx:
+                  $ref: '#/components/examples/CreateLinkedObjectResponse'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -11161,9 +13307,12 @@ paths:
             - okta.linkedObjects.read
       tags:
         - LinkedObject
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete a Linked Object Definition
-      description: Deletes a linked object definition
+      description: Deletes the Linked Object definition specified by either the `primary` or `associated` name. The entire definition is removed, regardless of which name that you specify.
       operationId: deleteLinkedObjectDefinition
       responses:
         '204':
@@ -11181,6 +13330,9 @@ paths:
             - okta.linkedObjects.manage
       tags:
         - LinkedObject
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/meta/schemas/user/{schemaId}:
     parameters:
       - $ref: '#/components/parameters/pathSchemaId'
@@ -11210,6 +13362,9 @@ paths:
             - okta.schemas.read
       tags:
         - Schema
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Update a User Schema
       description: Partially updates on the User Profile properties of the user schema
@@ -11248,6 +13403,9 @@ paths:
             - okta.schemas.manage
       tags:
         - Schema
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/meta/types/user:
     get:
       summary: List all User Types
@@ -11275,6 +13433,9 @@ paths:
             - okta.userTypes.read
       tags:
         - UserType
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create a User Type
       description: |-
@@ -11313,6 +13474,9 @@ paths:
             - okta.userTypes.manage
       tags:
         - UserType
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/meta/types/user/{typeId}:
     parameters:
       - $ref: '#/components/parameters/pathTypeId'
@@ -11342,10 +13506,13 @@ paths:
             - okta.userTypes.read
       tags:
         - UserType
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Update a User Type
       description: |-
-        Updates an existing User Type.
+        Updates an existing User Type. This operation is a partial update.
         > **Note**: You can only update the `displayName` and `description` elements. The `name` of an existing User Type can't be changed.
       operationId: updateUserType
       x-codegen-request-body-name: userType
@@ -11382,10 +13549,13 @@ paths:
             - okta.userTypes.manage
       tags:
         - UserType
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace a User Type
       description: |-
-        Replaces an existing User Type.
+        Replaces an existing User Type. This operation is a full update.
         > **Note**: The `name` of an existing User Type can't be changed, but must be part of the request body. You can only replace the `displayName` and `description` elements.
       operationId: replaceUserType
       x-codegen-request-body-name: userType
@@ -11421,6 +13591,9 @@ paths:
             - okta.userTypes.manage
       tags:
         - UserType
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete a User Type
       description: |-
@@ -11443,6 +13616,9 @@ paths:
             - okta.userTypes.manage
       tags:
         - UserType
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/meta/uischemas:
     get:
       summary: List all UI Schemas
@@ -11471,6 +13647,11 @@ paths:
             - okta.uischemas.read
       tags:
         - UISchema
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
     post:
       summary: Create a UI Schema
       description: Creates an input for an enrollment form
@@ -11507,6 +13688,11 @@ paths:
             - okta.uischemas.manage
       tags:
         - UISchema
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/meta/uischemas/{id}:
     parameters:
       - $ref: '#/components/parameters/UISchemaId'
@@ -11537,6 +13723,11 @@ paths:
             - okta.uischemas.read
       tags:
         - UISchema
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
     put:
       summary: Replace a UI Schema
       description: Replaces a UI Schema by `id`
@@ -11575,6 +13766,11 @@ paths:
             - okta.uischemas.manage
       tags:
         - UISchema
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
     delete:
       summary: Delete a UI Schema
       description: Deletes a UI Schema by `id`
@@ -11597,6 +13793,11 @@ paths:
             - okta.uischemas.manage
       tags:
         - UISchema
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/org:
     get:
       summary: Retrieve the Org Settings
@@ -11620,6 +13821,9 @@ paths:
             - okta.orgs.read
       tags:
         - OrgSetting
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Update the Org Settings
       description: Partially updates the org settings depending on provided fields
@@ -11648,6 +13852,9 @@ paths:
             - okta.orgs.manage
       tags:
         - OrgSetting
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace the Org Settings
       description: Replaces the settings of your organization
@@ -11678,6 +13885,9 @@ paths:
             - okta.orgs.manage
       tags:
         - OrgSetting
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/org/captcha:
     get:
       summary: Retrieve the Org-wide CAPTCHA Settings
@@ -11707,6 +13917,11 @@ paths:
             - okta.captchas.read
       tags:
         - CAPTCHA
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
     put:
       summary: Replace the Org-wide CAPTCHA Settings
       description: |-
@@ -11756,6 +13971,11 @@ paths:
             - okta.captchas.manage
       tags:
         - CAPTCHA
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
     delete:
       summary: Delete the Org-wide CAPTCHA Settings
       description: Deletes the CAPTCHA settings object for your organization
@@ -11775,6 +13995,11 @@ paths:
             - okta.captchas.manage
       tags:
         - CAPTCHA
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/org/contacts:
     get:
       summary: Retrieve the Org Contact Types
@@ -11800,6 +14025,9 @@ paths:
             - okta.orgs.read
       tags:
         - OrgSetting
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/org/contacts/{contactType}:
     parameters:
       - $ref: '#/components/parameters/pathContactType'
@@ -11826,6 +14054,9 @@ paths:
             - okta.orgs.read
       tags:
         - OrgSetting
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace the User of the Contact Type
       description: Replaces the User associated with the specified Contact Type
@@ -11858,6 +14089,9 @@ paths:
             - okta.orgs.manage
       tags:
         - OrgSetting
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/org/email/bounces/remove-list:
     post:
       summary: Remove Emails from Email Provider Bounce List
@@ -11902,6 +14136,9 @@ paths:
             - okta.orgs.manage
       tags:
         - OrgSetting
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/org/logo:
     post:
       summary: Upload the Org Logo
@@ -11935,6 +14172,60 @@ paths:
             - okta.apps.manage
       tags:
         - OrgSetting
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+  /api/v1/org/orgSettings/thirdPartyAdminSetting:
+    get:
+      summary: Retrieve the Org Third-Party Admin setting
+      description: Retrieves the Third-Party Admin setting
+      operationId: getThirdPartyAdminSetting
+      parameters: []
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ThirdPartyAdminSetting'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.orgs.read
+      tags:
+        - OrgSetting
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+    post:
+      summary: Update the Org Third-Party Admin setting
+      description: Updates the Third-Party Admin setting
+      operationId: updateThirdPartyAdminSetting
+      parameters: []
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ThirdPartyAdminSetting'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.orgs.manage
+      tags:
+        - OrgSetting
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/org/preferences:
     get:
       summary: Retrieve the Org Preferences
@@ -11958,6 +14249,9 @@ paths:
             - okta.orgs.read
       tags:
         - OrgSetting
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/org/preferences/hideEndUserFooter:
     post:
       summary: Update the Preference to Hide the Okta Dashboard Footer
@@ -11981,6 +14275,9 @@ paths:
             - okta.orgs.manage
       tags:
         - OrgSetting
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/org/preferences/showEndUserFooter:
     post:
       summary: Update the Preference to Show the Okta Dashboard Footer
@@ -12004,6 +14301,9 @@ paths:
             - okta.orgs.manage
       tags:
         - OrgSetting
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/org/privacy/oktaCommunication:
     get:
       summary: Retrieve the Okta Communication Settings
@@ -12027,6 +14327,9 @@ paths:
             - okta.orgs.read
       tags:
         - OrgSetting
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/org/privacy/oktaCommunication/optIn:
     post:
       summary: Opt in all Users to Okta Communication emails
@@ -12050,6 +14353,9 @@ paths:
             - okta.orgs.manage
       tags:
         - OrgSetting
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/org/privacy/oktaCommunication/optOut:
     post:
       summary: Opt out all Users from Okta Communication emails
@@ -12073,6 +14379,9 @@ paths:
             - okta.orgs.manage
       tags:
         - OrgSetting
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/org/privacy/oktaSupport:
     get:
       summary: Retrieve the Okta Support Settings
@@ -12096,6 +14405,9 @@ paths:
             - okta.orgs.read
       tags:
         - OrgSetting
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/org/privacy/oktaSupport/extend:
     post:
       summary: Extend Okta Support Access
@@ -12119,6 +14431,9 @@ paths:
             - okta.orgs.manage
       tags:
         - OrgSetting
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/org/privacy/oktaSupport/grant:
     post:
       summary: Grant Okta Support Access to your Org
@@ -12142,6 +14457,9 @@ paths:
             - okta.orgs.manage
       tags:
         - OrgSetting
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/org/privacy/oktaSupport/revoke:
     post:
       summary: Revoke Okta Support Access
@@ -12165,7 +14483,64 @@ paths:
             - okta.orgs.manage
       tags:
         - OrgSetting
-# Policy Begin        
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+  /api/v1/org/settings/clientPrivilegesSetting:
+    get:
+      summary: Retrieve the Org settings to assign the Super Admin role
+      description: Retrieves the Org settings to assign the [Super Admin role](https://help.okta.com/okta_help.htm?type=oie&id=ext_superadmin) by default to a public client app
+      operationId: getClientPrivilegesSetting
+      parameters: []
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ClientPrivilegesSetting'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.orgs.read
+      tags:
+        - OrgSetting
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+    put:
+      summary: Assign the Super Admin role to a public client app
+      description: Assigns the [Super Admin role](https://help.okta.com/okta_help.htm?type=oie&id=ext_superadmin) by default to a public client app
+      operationId: assignClientPrivilegesSetting
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ClientPrivilegesSetting'
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ClientPrivilegesSetting'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.orgs.manage
+      tags:
+        - OrgSetting
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/policies:
     get:
       summary: List all Policies
@@ -12177,15 +14552,43 @@ paths:
           required: true
           schema:
             type: string
+            enum:
+              - OKTA_SIGN_ON
+              - PASSWORD
+              - MFA_ENROLL
+              - IDP_DISCOVERY
+              - ACCESS_POLICY
+              - PROFILE_ENROLLMENT
+              - CONTINUOUS_ACCESS (EA)
+              - ENTITY_RISK (EA)
+          description: |-
+            Specifies the type of policy to return. The following policy types are available only with the Okta Identity Engine - `ACCESS_POLICY`, `PROFILE_ENROLLMENT`, `CONTINUOUS_ACCESS`, and `ENTITY_RISK`.
+            The `CONTINUOUS_ACCESS` and `ENTITY_RISK` are in Early Access (EA). Contact your Okta account team to enable these features.
         - name: status
           in: query
           schema:
             type: string
+          description: Refines the query by the `status` of the policy - `ACTIVE` or `INACTIVE`
         - name: expand
           in: query
           schema:
             type: string
             default: ''
+        - name: sortBy
+          in: query
+          schema:
+            type: string
+          description: Refines the query by sorting on the policy `name` in ascending order
+        - name: limit
+          in: query
+          schema:
+            type: string
+          description: Defines the number of policies returned, see [Pagination](https://developer.okta.com/docs/api/#pagination)
+        - name: after
+          in: query
+          schema:
+            type: string
+          description: End page cursor for pagination, see [Pagination](https://developer.okta.com/docs/api/#pagination)
       responses:
         '200':
           description: Success
@@ -12205,12 +14608,16 @@ paths:
             - okta.policies.read
       tags:
         - Policy
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create a Policy
       description: Creates a policy
       operationId: createPolicy
       parameters:
         - name: activate
+          description: This query parameter is only valid for Classic Engine orgs.
           in: query
           schema:
             type: boolean
@@ -12241,6 +14648,57 @@ paths:
             - okta.policies.manage
       tags:
         - Policy
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+  /api/v1/policies/simulate:
+    parameters:
+      - $ref: '#/components/parameters/simulateParameter'
+    post:
+      summary: Create a Policy Simulation
+      description: |-
+        Creates a policy or policy rule simulation. The access simulation evaluates policy and policy rules based on the existing policy rule configuration.
+        The evaluation result simulates what the real-world authentication flow is and what policy rules have been applied or matched to the authentication flow.
+      operationId: createPolicySimulation
+      x-codegen-request-body-name: simulatePolicy
+      requestBody:
+        content:
+          application/json:
+            schema:
+              type: array
+              items:
+                $ref: '#/components/schemas/SimulatePolicyBody'
+            examples:
+              SimulatePolicy:
+                $ref: '#/components/examples/SimulatePolicyBody'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SimulatePolicyResponse'
+              examples:
+                SimulatePolicy:
+                  $ref: '#/components/examples/SimulatePolicyResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.policies.read
+      tags:
+        - Policy
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/policies/{policyId}:
     parameters:
       - $ref: '#/components/parameters/pathPolicyId'
@@ -12273,6 +14731,9 @@ paths:
             - okta.policies.read
       tags:
         - Policy
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace a Policy
       description: Replaces the properties of a Policy identified by `policyId`
@@ -12305,6 +14766,9 @@ paths:
             - okta.policies.manage
       tags:
         - Policy
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete a Policy
       description: Deletes a policy
@@ -12324,6 +14788,9 @@ paths:
             - okta.policies.manage
       tags:
         - Policy
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/policies/{policyId}/app:
     parameters:
       - $ref: '#/components/parameters/pathPolicyId'
@@ -12356,6 +14823,9 @@ paths:
             - okta.policies.read
       tags:
         - Policy
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/policies/{policyId}/clone:
     parameters:
       - $ref: '#/components/parameters/pathPolicyId'
@@ -12384,6 +14854,11 @@ paths:
             - okta.policies.manage
       tags:
         - Policy
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/policies/{policyId}/lifecycle/activate:
     parameters:
       - $ref: '#/components/parameters/pathPolicyId'
@@ -12407,6 +14882,9 @@ paths:
             - okta.policies.manage
       tags:
         - Policy
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/policies/{policyId}/lifecycle/deactivate:
     parameters:
       - $ref: '#/components/parameters/pathPolicyId'
@@ -12430,6 +14908,9 @@ paths:
             - okta.policies.manage
       tags:
         - Policy
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/policies/{policyId}/mappings:
     parameters:
       - $ref: '#/components/parameters/pathPolicyId'
@@ -12458,6 +14939,9 @@ paths:
             - okta.policies.read
       tags:
         - Policy
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Map a resource to a Policy
       description: Maps a resource to a Policy identified by `policyId`
@@ -12489,6 +14973,9 @@ paths:
             - okta.policies.manage
       tags:
         - Policy
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/policies/{policyId}/mappings/{mappingId}:
     parameters:
       - $ref: '#/components/parameters/pathPolicyId'
@@ -12516,6 +15003,9 @@ paths:
             - okta.policies.read
       tags:
         - Policy
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete a policy resource Mapping
       description: Deletes the resource Mapping for a Policy identified by  `policyId` and `mappingId`
@@ -12536,6 +15026,9 @@ paths:
             - okta.policies.manage
       tags:
         - Policy
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/policies/{policyId}/rules:
     parameters:
       - $ref: '#/components/parameters/pathPolicyId'
@@ -12564,10 +15057,20 @@ paths:
             - okta.policies.read
       tags:
         - Policy
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create a Policy Rule
-      description: Creates a policy rule
+      description: Creates a policy rule. **Note:** You can't create additional rules for the `PROFILE_ENROLLMENT` or `CONTINUOUS_ACCESS` policies.
       operationId: createPolicyRule
+      parameters:
+        - name: activate
+          description: Set this parameter to `false` to create an `INACTIVE` rule.
+          in: query
+          schema:
+            type: boolean
+            default: true
       x-codegen-request-body-name: policyRule
       requestBody:
         content:
@@ -12582,16 +15085,15 @@ paths:
               EnableSsprNoStepUp:
                 $ref: '#/components/examples/sspr-enabled-no-step-up'
               Enable2FAPreciseAuth:
-                $ref: "#/components/examples/twofa-enabled-disallow-password-allow-phishing"
+                $ref: '#/components/examples/twofa-enabled-disallow-password-allow-phishing'
               EnableSpecificRoutingRule:
-                $ref: "#/components/examples/idp-discovery-specific-routing-rule"
+                $ref: '#/components/examples/idp-discovery-specific-routing-rule'
               EnableDynamicRoutingRule:
-                $ref: "#/components/examples/idp-discovery-dynamic-routing-rule"
-            x-okta-feature-flag-amends:
-              IDX_SSPR_EXTENDED_PRIMARY_FACTORS:
-                examples:
-                  EnableSsprWithConstraints:
-                    $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints'
+                $ref: '#/components/examples/idp-discovery-dynamic-routing-rule'
+              CreateAuthPolicyRuleDevicePlatformCondition:
+                $ref: '#/components/examples/create-auth-policy-rule-condition'
+              EnableSsprWithConstraints:
+                $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints'
         required: true
       responses:
         '200':
@@ -12610,14 +15112,13 @@ paths:
                 Enable2FAPreciseAuth:
                   $ref: '#/components/examples/twofa-enabled-disallow-password-allow-phishing-response'
                 EnableSpecificRoutingRule:
-                  $ref: "#/components/examples/idp-discovery-specific-routing-rule-response"
+                  $ref: '#/components/examples/idp-discovery-specific-routing-rule-response'
                 EnableDynamicRoutingRule:
-                  $ref: "#/components/examples/idp-discovery-dynamic-routing-rule-response"
-              x-okta-feature-flag-amends:
-                IDX_SSPR_EXTENDED_PRIMARY_FACTORS:
-                  examples:
-                    EnableSsprWithConstraints:
-                      $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-response'
+                  $ref: '#/components/examples/idp-discovery-dynamic-routing-rule-response'
+                CreateAuthPolicyRuleDevicePlatformCondition:
+                  $ref: '#/components/examples/create-auth-policy-rule-condition-response'
+                EnableSsprWithConstraints:
+                  $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-response'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -12632,6 +15133,9 @@ paths:
             - okta.policies.manage
       tags:
         - Policy
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/policies/{policyId}/rules/{ruleId}:
     parameters:
       - $ref: '#/components/parameters/pathPolicyId'
@@ -12654,11 +15158,8 @@ paths:
                   $ref: '#/components/examples/sspr-enabled-sso-step-up-update'
                 EnableSsprNoStepUp:
                   $ref: '#/components/examples/sspr-enabled-no-step-up-update'
-              x-okta-feature-flag-amends:
-                IDX_SSPR_EXTENDED_PRIMARY_FACTORS:
-                  examples:
-                    EnableSsprWithConstraints:
-                      $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-update'
+                EnableSsprWithConstraints:
+                  $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-update'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -12671,6 +15172,9 @@ paths:
             - okta.policies.read
       tags:
         - Policy
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace a Policy Rule
       description: Replaces the properties for a Policy Rule identified by `policyId` and `ruleId`
@@ -12688,11 +15192,10 @@ paths:
                 $ref: '#/components/examples/sspr-enabled-sso-step-up-update'
               EnableSsprNoStepUp:
                 $ref: '#/components/examples/sspr-enabled-no-step-up-update'
-            x-okta-feature-flag-amends:
-              IDX_SSPR_EXTENDED_PRIMARY_FACTORS:
-                examples:
-                  EnableSsprWithConstraints:
-                    $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-update'
+              UpdateAuthenticationPolicyRuleWithPlatformDeviceConstraints:
+                $ref: '#/components/examples/update-auth-policy-rule-condition'
+              EnableSsprWithConstraints:
+                $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-update'
         required: true
       responses:
         '200':
@@ -12708,11 +15211,10 @@ paths:
                   $ref: '#/components/examples/sspr-enabled-sso-step-up-response'
                 EnableSsprNoStepUp:
                   $ref: '#/components/examples/sspr-enabled-no-step-up-response'
-              x-okta-feature-flag-amends:
-                IDX_SSPR_EXTENDED_PRIMARY_FACTORS:
-                  examples:
-                    EnableSsprWithConstraints:
-                      $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-response'
+                UpdateAuthenticationPolicyRuleWithPlatformDeviceConstraints:
+                  $ref: '#/components/examples/update-auth-policy-rule-condition-response'
+                EnableSsprWithConstraints:
+                  $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-response'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -12727,6 +15229,9 @@ paths:
             - okta.policies.manage
       tags:
         - Policy
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete a Policy Rule
       description: Deletes a Policy Rule identified by `policyId` and `ruleId`
@@ -12747,6 +15252,9 @@ paths:
             - okta.policies.manage
       tags:
         - Policy
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate:
     parameters:
       - $ref: '#/components/parameters/pathPolicyId'
@@ -12770,6 +15278,9 @@ paths:
             - okta.policies.manage
       tags:
         - Policy
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate:
     parameters:
       - $ref: '#/components/parameters/pathPolicyId'
@@ -12793,49 +15304,9 @@ paths:
             - okta.policies.manage
       tags:
         - Policy
-  /api/v1/policies/simulate:
-    parameters:
-      - $ref: '#/components/parameters/simulateParameter'
-    post:
-      summary: Create a Policy Simulation
-      description: |-
-        Creates a policy or policy rule simulation. The access simulation evaluates policy and policy rules based on the existing policy rule configuration.
-        The evaluation result simulates what the real-world authentication flow is and what policy rules have been applied or matched to the authentication flow.
-      operationId: createPolicySimulation
-      x-codegen-request-body-name: simulatePolicy
-      requestBody:
-        content:
-          application/json:
-            schema:
-              type: array
-              items:
-                $ref: '#/components/schemas/SimulatePolicyBody'
-            examples:
-              SimulatePolicy:
-                $ref: '#/components/examples/SimulatePolicyBody'
-        required: true
-      responses:
-        '204':
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/SimulatePolicyResponse'
-              examples:
-                SimulatePolicy:
-                  $ref: '#/components/examples/SimulatePolicyResponse'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - apiToken: []
-        - oauth2:
-            - okta.policies.read
-      tags:
-        - Policy
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/principal-rate-limits:
     get:
       summary: List all Principal Rate Limits
@@ -12878,6 +15349,9 @@ paths:
             - okta.principalRateLimits.read
       tags:
         - PrincipalRateLimit
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create a Principal Rate Limit
       description: Creates a new Principal Rate Limit entity. In the current release, we only allow one Principal Rate Limit entity per org and principal.
@@ -12918,6 +15392,9 @@ paths:
             - okta.principalRateLimits.manage
       tags:
         - PrincipalRateLimit
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/principal-rate-limits/{principalRateLimitId}:
     parameters:
       - $ref: '#/components/parameters/pathPrincipalRateLimitId'
@@ -12947,6 +15424,9 @@ paths:
             - okta.principalRateLimits.read
       tags:
         - PrincipalRateLimit
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace a Principal Rate Limit
       description: Replaces a principal rate limit entity by `principalRateLimitId`
@@ -12987,6 +15467,9 @@ paths:
             - okta.principalRateLimits.manage
       tags:
         - PrincipalRateLimit
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/push-providers:
     get:
       summary: List all Push Providers
@@ -13003,6 +15486,39 @@ paths:
           description: OK
           content:
             application/json:
+              example:
+                value:
+                  - id: ppchvbeucdTgqeiGxR0g4
+                    providerType: APNS
+                    name: Example Push Provider 1
+                    lastUpdatedDate: '2022-01-00T00:00:00.000Z'
+                    configuration:
+                      keyId: ABC123DEFG
+                      teamId: DEF123GHIJ
+                      fileName: fileName.p8
+                    _links:
+                      self:
+                        href: https://your-subdomain.okta.com/api/v1/push-providers/{pushProviderId}
+                        hints:
+                          allow:
+                            - DELETE
+                            - GET
+                            - PUT
+                  - id: ppctekcmngGaqeiBxB0g4
+                    providerType: FCM
+                    name: Example Push Provider 2
+                    lastUpdatedDate: '2022-01-00T00:00:00.000Z'
+                    configuration:
+                      projectId: PROJECT_ID
+                      fileName: fileName.json
+                    _links:
+                      self:
+                        href: https://your-subdomain.okta.com/api/v1/push-providers/{pushProviderId}
+                        hints:
+                          allow:
+                            - DELETE
+                            - GET
+                            - PUT
               schema:
                 type: array
                 items:
@@ -13017,9 +15533,14 @@ paths:
             - okta.pushProviders.read
       tags:
         - PushProvider
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
     post:
       summary: Create a Push Provider
-      description: Creates a new push provider
+      description: Creates a new push provider. Each Push Provider must have a unique `name`.
       operationId: createPushProvider
       x-codegen-request-body-name: pushProvider
       requestBody:
@@ -13057,6 +15578,11 @@ paths:
             - okta.pushProviders.manage
       tags:
         - PushProvider
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/push-providers/{pushProviderId}:
     parameters:
       - $ref: '#/components/parameters/pathPushProviderId'
@@ -13088,6 +15614,11 @@ paths:
             - okta.pushProviders.read
       tags:
         - PushProvider
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
     put:
       summary: Replace a Push Provider
       description: Replaces a push provider by `pushProviderId`
@@ -13130,6 +15661,11 @@ paths:
             - okta.pushProviders.manage
       tags:
         - PushProvider
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
     delete:
       summary: Delete a Push Provider
       description: Deletes a push provider by `pushProviderId`. If the push provider is currently being used in the org by a custom authenticator, the delete will not be allowed.
@@ -13159,6 +15695,11 @@ paths:
             - okta.pushProviders.manage
       tags:
         - PushProvider
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /api/v1/rate-limit-settings/admin-notifications:
     get:
       summary: Retrieve the Rate Limit Admin Notification Settings
@@ -13186,6 +15727,9 @@ paths:
             - okta.rateLimits.read
       tags:
         - RateLimitSettings
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace the Rate Limit Admin Notification Settings
       description: Replaces the Rate Limit Admin Notification Settings and returns the configured properties
@@ -13226,6 +15770,9 @@ paths:
             - okta.rateLimits.manage
       tags:
         - RateLimitSettings
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/rate-limit-settings/per-client:
     get:
       summary: Retrieve the Per-Client Rate Limit Settings
@@ -13255,6 +15802,9 @@ paths:
             - okta.rateLimits.read
       tags:
         - RateLimitSettings
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace the Per-Client Rate Limit Settings
       description: Replaces the Per-Client Rate Limit Settings and returns the configured properties
@@ -13299,6 +15849,9 @@ paths:
             - okta.rateLimits.manage
       tags:
         - RateLimitSettings
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/rate-limit-settings/warning-threshold:
     get:
       summary: Retrieve the Rate Limit Warning Threshold Percentage
@@ -13324,6 +15877,9 @@ paths:
             - okta.rateLimits.read
       tags:
         - RateLimitSettings
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace the Rate Limit Warning Threshold Percentage
       description: Replaces the Rate Limit Warning Threshold Percentage and returns the configured property
@@ -13359,37 +15915,17 @@ paths:
             - okta.rateLimits.manage
       tags:
         - RateLimitSettings
-  /api/v1/realms:
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+  /api/v1/realm-assignments:
     get:
-      summary: List all Realms
-      description: Lists all Realms
-      operationId: listRealms
+      summary: List all Realm Assignments
+      description: Lists all Realm Assignments
+      operationId: listRealmAssignments
       parameters:
-        - name: limit
-          in: query
-          description: Specifies the number of results returned. Defaults to 10 if `search` is provided.
-          schema:
-            type: integer
-            format: int32
-            default: 200
+        - $ref: '#/components/parameters/queryLimit'
         - $ref: '#/components/parameters/queryAfter'
-        - name: search
-          in: query
-          description: Searches for Realms with a supported filtering expression for most properties
-          schema:
-            type: string
-        - name: sortBy
-          in: query
-          description: Specifies field to sort by and can be any single property (for search queries only).
-          schema:
-            type: string
-            example: profile.name
-        - name: sortOrder
-          in: query
-          description: Specifies sort order `asc` or `desc` (for search queries only). This parameter is ignored if `sortBy` isn't present.
-          schema:
-            type: string
-            default: asc
       responses:
         '200':
           description: OK
@@ -13398,10 +15934,10 @@ paths:
               schema:
                 type: array
                 items:
-                  $ref: '#/components/schemas/Realm'
+                  $ref: '#/components/schemas/RealmAssignment'
               examples:
-                Realm Lists:
-                  $ref: '#/components/examples/ListRealmsResponse'
+                AssignmentLists:
+                  $ref: '#/components/examples/ListRealmAssignmentsResponse'
         '403':
           description: Forbidden
           content:
@@ -13413,27 +15949,154 @@ paths:
       security:
         - apiToken: []
         - oauth2:
-            - okta.realms.read
+            - okta.realmAssignments.read
       tags:
-        - Realm
+        - RealmAssignment
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
     post:
-      summary: Create a Realm
-      description: Creates a new Realm
-      operationId: createRealm
+      summary: Create a Realm Assignment
+      description: Creates a new Realm Assignment
+      operationId: createRealmAssignment
       x-codegen-request-body-name: body
       requestBody:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/Realm'
+              $ref: '#/components/schemas/CreateRealmAssignmentRequest'
         required: true
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RealmAssignment'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.realmAssignments.manage
+      tags:
+        - RealmAssignment
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+  /api/v1/realm-assignments/operations:
+    get:
+      summary: List all Realm Assignment operations
+      description: Lists all Realm Assignment operations. The upper limit is 200 and operations are sorted in descending order from most recent to oldest by id
+      operationId: listRealmAssignmentOperations
+      parameters:
+        - $ref: '#/components/parameters/queryLimit'
+        - $ref: '#/components/parameters/queryAfter'
       responses:
         '200':
-          description: Success
+          description: OK
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/Realm'
+                type: array
+                items:
+                  $ref: '#/components/schemas/OperationResponse'
+              examples:
+                Executions:
+                  value:
+                    - id: rre4mje4ez6B2a7B60g7
+                      type: realm:assignment
+                      status: COMPLETED
+                      created: '2023-10-25T21:02:54.000Z'
+                      started: '2023-10-25T21:02:54.000Z'
+                      completed: '2023-10-25T21:02:54.000Z'
+                      realmId: 00g1b7rvh0xPLKXFf0g5
+                      realmName: Realm Name
+                      assignmentOperation:
+                        configuration:
+                          id: 0pr1b7rxZj2ibQzfP0g5
+                          name: Realm Assignment 1
+                          conditions:
+                            profileSourceId: 0oa4enoRyjwSCy5hx0g4
+                            expression:
+                              value: string
+                          actions:
+                            assignUserToRealm:
+                              realmId: 00g1b7rvh0xPLKXFf0g5
+                      numUserMoved: 50
+                      _links:
+                        self:
+                          rel: self
+                          href: http://your-subdomain.okta.com/api/v1/operations/rre4mje4ez6B2a7B60g7
+                          method: GET
+                    - id: rre4mje4ez7B2a7B60g7
+                      type: realm:assignment
+                      status: COMPLETED
+                      created: '2023-10-25T21:02:54.000Z'
+                      started: '2023-10-25T21:02:54.000Z'
+                      completed: '2023-10-25T21:02:54.000Z'
+                      assignmentOperation:
+                        configuration:
+                          id: ALL
+                          name: All Assignments
+                      numUserMoved: 50
+                      _links:
+                        self:
+                          rel: self
+                          href: http://your-subdomain.okta.com/api/v1/operations/rre4mje4ez7B2a7B60g7
+                          method: GET
+        '403':
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.realmAssignments.read
+      tags:
+        - RealmAssignment
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+    post:
+      summary: Execute a Realm Assignment
+      description: Executes a Realm Assignment
+      operationId: executeRealmAssignment
+      x-codegen-request-body-name: body
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/OperationRequest'
+            examples:
+              ExecuteSpecificAssignment:
+                value:
+                  assignmentId: 0pr1b7rxZj2ibQzfP0g5
+              ExecuteAllAssignments:
+                value:
+                  assignmentId: ALL
+        required: true
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OperationResponse'
+              examples:
+                Execution:
+                  $ref: '#/components/examples/OperationResponse'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -13443,28 +16106,32 @@ paths:
       security:
         - apiToken: []
         - oauth2:
-            - okta.realms.manage
+            - okta.realmAssignments.manage
       tags:
-        - Realm
-  /api/v1/realms/{realmId}:
+        - RealmAssignment
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+  /api/v1/realm-assignments/{assignmentId}:
     parameters:
-      - $ref: '#/components/parameters/pathRealmId'
+      - $ref: '#/components/parameters/assignmentId'
     get:
-      summary: Retrieve a Realm
-      description: Retrieves a Realm
-      operationId: getRealm
+      summary: Retrieve a Realm Assignment
+      description: Retrieves a Realm Assignment
+      operationId: getRealmAssignment
       responses:
         '200':
           description: Success
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/Realm'
+                $ref: '#/components/schemas/RealmAssignment'
               examples:
-                DefaultRealm:
-                  $ref: '#/components/examples/DefaultRealmResponse'
-                NonDefaultRealm:
-                  $ref: '#/components/examples/RealmResponse'
+                RealmAssignment:
+                  $ref: '#/components/examples/GetRealmAssignmentResponse'
+                CatchAllRealmAssignment:
+                  $ref: '#/components/examples/DefaultRealmAssignment'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -13476,19 +16143,23 @@ paths:
       security:
         - apiToken: []
         - oauth2:
-            - okta.realms.read
+            - okta.realmAssignments.read
       tags:
-        - Realm
-    post:
-      summary: Update a Realm
-      description: Updates a Realm
-      operationId: updateRealm
+        - RealmAssignment
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+    put:
+      summary: Replace a Realm Assignment
+      description: Replaces a Realm Assignment
+      operationId: replaceRealmAssignment
       x-codegen-request-body-name: body
       requestBody:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/Realm'
+              $ref: '#/components/schemas/UpdateRealmAssignmentRequest'
         required: true
       responses:
         '200':
@@ -13496,7 +16167,7 @@ paths:
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/Realm'
+                $ref: '#/components/schemas/RealmAssignment'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -13508,13 +16179,281 @@ paths:
       security:
         - apiToken: []
         - oauth2:
-            - okta.realms.manage
+            - okta.realmAssignments.manage
       tags:
-        - Realm
+        - RealmAssignment
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
     delete:
-      summary: Delete a Realm
-      description: Deletes a Realm permanently. This operation can only be performed after disassociating other entities like Users and Identity Providers from a Realm.
-      operationId: deleteRealm
+      summary: Delete a Realm Assignment
+      description: Deletes a Realm Assignment
+      operationId: deleteRealmAssignment
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '400':
+          description: Bad Request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '403':
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '404':
+          description: Not Found
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.realmAssignments.manage
+      tags:
+        - RealmAssignment
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+  /api/v1/realm-assignments/{assignmentId}/lifecycle/activate:
+    parameters:
+      - $ref: '#/components/parameters/assignmentId'
+    post:
+      summary: Activate a Realm Assignment
+      description: Activates a Realm Assignment
+      operationId: activateRealmAssignment
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.realmAssignments.manage
+      tags:
+        - RealmAssignment
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+  /api/v1/realm-assignments/{assignmentId}/lifecycle/deactivate:
+    parameters:
+      - $ref: '#/components/parameters/assignmentId'
+    post:
+      summary: Deactivate a Realm Assignment
+      description: Deactivates a Realm Assignment
+      operationId: deactivateRealmAssignment
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.realmAssignments.manage
+      tags:
+        - RealmAssignment
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+  /api/v1/realms:
+    get:
+      summary: List all Realms
+      description: Lists all Realms
+      operationId: listRealms
+      parameters:
+        - name: limit
+          in: query
+          description: Specifies the number of results returned. Defaults to 10 if `search` is provided.
+          schema:
+            type: integer
+            format: int32
+            default: 200
+        - $ref: '#/components/parameters/queryAfter'
+        - name: search
+          in: query
+          description: Searches for Realms with a supported filtering expression for most properties
+          schema:
+            type: string
+        - name: sortBy
+          in: query
+          description: Specifies field to sort by and can be any single property (for search queries only).
+          schema:
+            type: string
+            example: profile.name
+        - name: sortOrder
+          in: query
+          description: Specifies sort order `asc` or `desc` (for search queries only). This parameter is ignored if `sortBy` isn't present.
+          schema:
+            type: string
+            default: asc
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Realm'
+              examples:
+                Realm Lists:
+                  $ref: '#/components/examples/ListRealmsResponse'
+        '403':
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.realms.read
+      tags:
+        - Realm
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+    post:
+      summary: Create a Realm
+      description: Creates a new Realm
+      operationId: createRealm
+      x-codegen-request-body-name: body
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CreateRealmRequest'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Realm'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.realms.manage
+      tags:
+        - Realm
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+  /api/v1/realms/{realmId}:
+    parameters:
+      - $ref: '#/components/parameters/pathRealmId'
+    get:
+      summary: Retrieve a Realm
+      description: Retrieves a Realm
+      operationId: getRealm
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Realm'
+              examples:
+                DefaultRealm:
+                  $ref: '#/components/examples/DefaultRealmResponse'
+                NonDefaultRealm:
+                  $ref: '#/components/examples/RealmResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.realms.read
+      tags:
+        - Realm
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+    put:
+      summary: Replace the realm profile
+      description: Replaces the realm profile
+      operationId: replaceRealm
+      x-codegen-request-body-name: body
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UpdateRealmRequest'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Realm'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.realms.manage
+      tags:
+        - Realm
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+    delete:
+      summary: Delete a Realm
+      description: Deletes a Realm permanently. This operation can only be performed after disassociating other entities like Users and Identity Providers from a Realm.
+      operationId: deleteRealm
       responses:
         '204':
           description: No Content
@@ -13545,6 +16484,13 @@ paths:
             - okta.realms.manage
       tags:
         - Realm
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+  /api/v1/resource-selectors/{resourceSelectorId}:
+    parameters:
+      - $ref: '#/components/parameters/pathResourceSelectorId'
   /api/v1/risk/events/ip:
     post:
       summary: Send multiple Risk Events
@@ -13587,6 +16533,10 @@ paths:
             - okta.riskEvents.manage
       tags:
         - RiskEvent
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
   /api/v1/risk/providers:
     get:
       summary: List all Risk Providers
@@ -13614,6 +16564,10 @@ paths:
             - okta.riskProviders.read
       tags:
         - RiskProvider
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
     post:
       summary: Create a Risk Provider
       description: Creates a Risk Provider object. A maximum of three Risk Provider objects can be created.
@@ -13657,6 +16611,10 @@ paths:
             - okta.riskProviders.manage
       tags:
         - RiskProvider
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
   /api/v1/risk/providers/{riskProviderId}:
     parameters:
       - $ref: '#/components/parameters/pathRiskProviderId'
@@ -13686,6 +16644,10 @@ paths:
             - okta.riskProviders.read
       tags:
         - RiskProvider
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
     put:
       summary: Replace a Risk Provider
       description: Replaces the properties for a given Risk Provider object ID
@@ -13724,6 +16686,10 @@ paths:
             - okta.riskProviders.manage
       tags:
         - RiskProvider
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
     delete:
       summary: Delete a Risk Provider
       description: Deletes a Risk Provider object by its ID
@@ -13751,6 +16717,10 @@ paths:
             - okta.riskProviders.manage
       tags:
         - RiskProvider
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
   /api/v1/roles/{roleRef}/subscriptions:
     parameters:
       - $ref: '#/components/parameters/pathRoleRef'
@@ -13779,6 +16749,9 @@ paths:
             - okta.roles.read
       tags:
         - Subscription
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/roles/{roleRef}/subscriptions/{notificationType}:
     parameters:
       - $ref: '#/components/parameters/pathRoleRef'
@@ -13806,6 +16779,9 @@ paths:
             - okta.roles.read
       tags:
         - Subscription
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/roles/{roleRef}/subscriptions/{notificationType}/subscribe:
     parameters:
       - $ref: '#/components/parameters/pathRoleRef'
@@ -13829,6 +16805,9 @@ paths:
             - okta.roles.manage
       tags:
         - Subscription
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/roles/{roleRef}/subscriptions/{notificationType}/unsubscribe:
     parameters:
       - $ref: '#/components/parameters/pathRoleRef'
@@ -13852,71 +16831,185 @@ paths:
             - okta.roles.manage
       tags:
         - Subscription
-  /api/v1/sessions:
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+  /api/v1/security-events-providers:
+    get:
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+      summary: List all Security Events Providers
+      description: Lists all Security Events Provider instances
+      operationId: listSecurityEventsProviderInstances
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/SecurityEventsProviderResponse'
+              examples:
+                list:
+                  $ref: '#/components/examples/ListOfSecurityEventsProviderInstances'
+        '401':
+          $ref: '#/components/responses/ErrorInvalidToken401'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.securityEventsProviders.read
+      tags:
+        - SSFReceiver
     post:
-      summary: Create a Session with session token
-      description: Creates a new Session for a user with a valid session token. Use this API if, for example, you want to set the session cookie yourself instead of allowing Okta to set it, or want to hold the session ID to delete a session through the API instead of visiting the logout URL.
-      operationId: createSession
-      x-codegen-request-body-name: createSessionRequest
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+      summary: Create a Security Events Provider
+      description: Creates a Security Events Provider instance
+      operationId: createSecurityEventsProviderInstance
+      x-codegen-request-body-name: instance
       requestBody:
+        required: true
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/CreateSessionRequest'
-        required: true
+              $ref: '#/components/schemas/SecurityEventsProviderRequest'
+            examples:
+              well-known-URL-provided:
+                $ref: '#/components/examples/SecurityEventsProviderRequestWellKnownUrl'
+              issuer-and-JWKS-URL-provided:
+                $ref: '#/components/examples/SecurityEventsProviderRequestIssuerAndJwksUrl'
       responses:
         '200':
-          description: Success
+          description: OK
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/Session'
+                $ref: '#/components/schemas/SecurityEventsProviderResponse'
+              examples:
+                well-known-URL-provided:
+                  $ref: '#/components/examples/SecurityEventsProviderResponseWellKnownUrl'
+                issuer-and-JWKS-URL-provided:
+                  $ref: '#/components/examples/SecurityEventsProviderResponseIssuerAndJwksUrl'
         '400':
-          description: Bad Request
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '401':
+          $ref: '#/components/responses/ErrorInvalidToken401'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '429':
           $ref: '#/components/responses/ErrorTooManyRequests429'
       security:
         - apiToken: []
+        - oauth2:
+            - okta.securityEventsProviders.manage
       tags:
-        - Session
-  /api/v1/sessions/{sessionId}:
+        - SSFReceiver
+  /api/v1/security-events-providers/{securityEventProviderId}:
     parameters:
-      - $ref: '#/components/parameters/pathSessionId'
+      - $ref: '#/components/parameters/pathSecurityEventProviderId'
     get:
-      summary: Retrieve a Session
-      description: Retrieves information about the Session specified by the given session ID
-      operationId: getSession
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+      summary: Retrieve the Security Events Provider
+      description: Retrieves the Security Events Provider instance specified by `id`
+      operationId: getSecurityEventsProviderInstance
       responses:
         '200':
-          description: Success
+          description: OK
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/Session'
+                $ref: '#/components/schemas/SecurityEventsProviderResponse'
+              examples:
+                get:
+                  $ref: '#/components/examples/SecurityEventsProviderResponseWellKnownUrl'
+        '401':
+          $ref: '#/components/responses/ErrorInvalidToken401'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.securityEventsProviders.read
+      tags:
+        - SSFReceiver
+    put:
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+      summary: Replace a Security Events Provider
+      description: Replaces a Security Events Provider instance specified by `id`
+      operationId: replaceSecurityEventsProviderInstance
+      x-codegen-request-body-name: instance
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SecurityEventsProviderRequest'
+            examples:
+              well-known-URL-provided:
+                $ref: '#/components/examples/SecurityEventsProviderRequestWellKnownUrl'
+              issuer-and-JWKS-URL-provided:
+                $ref: '#/components/examples/SecurityEventsProviderRequestIssuerAndJwksUrl'
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SecurityEventsProviderResponse'
+              examples:
+                well-known-URL-provided:
+                  $ref: '#/components/examples/SecurityEventsProviderResponseWellKnownUrl'
+                issuer-and-JWKS-URL-provided:
+                  $ref: '#/components/examples/SecurityEventsProviderResponseIssuerAndJwksUrl'
         '400':
-          description: Bad Request
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '401':
+          $ref: '#/components/responses/ErrorInvalidToken401'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
-          description: Not Found
+          $ref: '#/components/responses/ErrorResourceNotFound404'
         '429':
           $ref: '#/components/responses/ErrorTooManyRequests429'
       security:
         - apiToken: []
         - oauth2:
-            - okta.sessions.read
+            - okta.securityEventsProviders.manage
       tags:
-        - Session
+        - SSFReceiver
     delete:
-      summary: Revoke a Session
-      description: Revokes the specified Session
-      operationId: revokeSession
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+      summary: Delete a Security Events Provider
+      description: Deletes a Security Events Provider instance specified by `id`
+      operationId: deleteSecurityEventsProviderInstance
       responses:
         '204':
           description: No Content
           content: {}
+        '401':
+          $ref: '#/components/responses/ErrorInvalidToken401'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -13926,74 +17019,97 @@ paths:
       security:
         - apiToken: []
         - oauth2:
-            - okta.sessions.manage
+            - okta.securityEventsProviders.manage
       tags:
-        - Session
-  /api/v1/sessions/{sessionId}/lifecycle/refresh:
+        - SSFReceiver
+  /api/v1/security-events-providers/{securityEventProviderId}/lifecycle/activate:
     parameters:
-      - $ref: '#/components/parameters/pathSessionId'
+      - $ref: '#/components/parameters/pathSecurityEventProviderId'
     post:
-      summary: Refresh a Session
-      description: Refreshes an existing Session using the `id` for that Session. A successful response contains the refreshed Session with an updated `expiresAt` timestamp.
-      operationId: refreshSession
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+      summary: Activate a Security Events Provider
+      description: |-
+        Activates a Security Events Provider instance by setting its status to `ACTIVE`.
+        This operation resumes the flow of events from the Security Events Provider to Okta.
+      operationId: activateSecurityEventsProviderInstance
       responses:
         '200':
-          description: Success
+          description: OK
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/Session'
+                $ref: '#/components/schemas/SecurityEventsProviderResponse'
+              examples:
+                activatedInstance:
+                  $ref: '#/components/examples/SecurityEventsProviderResponseWellKnownUrl'
+        '401':
+          $ref: '#/components/responses/ErrorInvalidToken401'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
-          description: Not Found
+          $ref: '#/components/responses/ErrorResourceNotFound404'
         '429':
           $ref: '#/components/responses/ErrorTooManyRequests429'
       security:
         - apiToken: []
         - oauth2:
-            - okta.sessions.manage
+            - okta.securityEventsProviders.manage
       tags:
-        - Session
-  /api/v1/templates/sms:
-    get:
-      summary: List all SMS Templates
-      description: Lists all custom SMS templates. A subset of templates can be returned that match a template type.
-      operationId: listSmsTemplates
-      parameters:
-        - name: templateType
-          in: query
-          schema:
-            $ref: '#/components/schemas/SmsTemplateType'
+        - SSFReceiver
+  /api/v1/security-events-providers/{securityEventProviderId}/lifecycle/deactivate:
+    parameters:
+      - $ref: '#/components/parameters/pathSecurityEventProviderId'
+    post:
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+      summary: Deactivate a Security Events Provider
+      description: |-
+        Deactivates a Security Events Provider instance by setting its status to `INACTIVE`.
+        This operation stops the flow of events from the Security Events Provider to Okta.
+      operationId: deactivateSecurityEventsProviderInstance
       responses:
         '200':
-          description: Success
+          description: OK
           content:
             application/json:
               schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/SmsTemplate'
+                $ref: '#/components/schemas/SecurityEventsProviderResponse'
+              examples:
+                deactivatedInstance:
+                  $ref: '#/components/examples/DeactivatedSecurityEventsProviderResponse'
+        '401':
+          $ref: '#/components/responses/ErrorInvalidToken401'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
         '429':
           $ref: '#/components/responses/ErrorTooManyRequests429'
       security:
         - apiToken: []
         - oauth2:
-            - okta.templates.read
+            - okta.securityEventsProviders.manage
       tags:
-        - Template
+        - SSFReceiver
+  /api/v1/sessions:
     post:
-      summary: Create an SMS Template
-      description: Creates a new custom SMS template
-      operationId: createSmsTemplate
-      x-codegen-request-body-name: smsTemplate
+      summary: Create a Session with session token
+      description: Creates a new Session for a user with a valid session token. Use this API if, for example, you want to set the session cookie yourself instead of allowing Okta to set it, or want to hold the session ID to delete a session through the API instead of visiting the logout URL.
+      operationId: createSession
+      x-codegen-request-body-name: createSessionRequest
       requestBody:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/SmsTemplate'
+              $ref: '#/components/schemas/CreateSessionRequest'
+            examples:
+              SessionsCreate:
+                $ref: '#/components/examples/CreateSessionBody'
         required: true
       responses:
         '200':
@@ -14001,113 +17117,160 @@ paths:
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/SmsTemplate'
+                $ref: '#/components/schemas/Session'
+              examples:
+                SessionsCreate:
+                  summary: Create a new Session with a valid session token
+                  $ref: '#/components/examples/CreateSessionResponse'
         '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
+          description: Bad Request
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '429':
           $ref: '#/components/responses/ErrorTooManyRequests429'
       security:
         - apiToken: []
-        - oauth2:
-            - okta.templates.manage
       tags:
-        - Template
-  /api/v1/templates/sms/{templateId}:
-    parameters:
-      - $ref: '#/components/parameters/pathTemplateId'
+        - Session
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+  /api/v1/sessions/me:
     get:
-      summary: Retrieve an SMS Template
-      description: Retrieves a specific template by `id`
-      operationId: getSmsTemplate
+      summary: Retrieve the current Session
+      description: |-
+        Retrieves Session information for the current user. Use this method in a browser-based application to determine if the user is signed in. 
+
+        > **Note:** This operation requires a session cookie for the user. An API token isn't allowed for this operation. 
+      operationId: getCurrentSession
+      parameters:
+        - in: header
+          name: Cookie
+          schema:
+            description: Session ID (`sid`) or Identity Engine (`idx`) cookie
+            type: string
+          example: sid=abcde-123 or idx=abcde-123
       responses:
         '200':
           description: Success
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/SmsTemplate'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
+                $ref: '#/components/schemas/Session'
+              examples:
+                CurrentSessionsRetrieve:
+                  summary: Retrieve current Session information
+                  $ref: '#/components/examples/RetrieveCurrentSessionResponse'
+        '404':
+          description: Not Found
+      security: []
+      tags:
+        - Session
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
+    delete:
+      summary: Close the current Session
+      description: |-
+        Closes the Session for the user who is currently signed in. Use this method in a browser-based application to sign out a user.
+
+        > **Note:** This operation requires a session cookie for the user. An API token isn't allowed for this operation.
+      operationId: closeCurrentSession
+      parameters:
+        - in: header
+          name: Cookie
+          schema:
+            description: Session ID (`sid`) or Identity Engine (`idx`) cookie
+            type: string
+          example: sid=abcde-123 or idx=abcde-123
+      responses:
+        '204':
+          description: No Content
+          content: {}
         '404':
           $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - apiToken: []
-        - oauth2:
-            - okta.templates.read
+      security: []
       tags:
-        - Template
+        - Session
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
+  /api/v1/sessions/me/lifecycle/refresh:
     post:
-      summary: Update an SMS Template
-      description: Updates an SMS template
-      operationId: updateSmsTemplate
-      x-codegen-request-body-name: smsTemplate
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/SmsTemplate'
-        required: true
+      summary: Refresh the current Session
+      description: |-
+        Refreshes the Session for the current user
+
+        > **Note:** This operation requires a session cookie for the user. An API token isn't allowed for this operation.
+      operationId: refreshCurrentSession
+      parameters:
+        - in: header
+          name: Cookie
+          schema:
+            description: Session ID (`sid`) or Identity Engine (`idx`) cookie
+            type: string
+          example: sid=abcde-123 or idx=abcde-123
       responses:
         '200':
           description: Success
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/SmsTemplate'
-        '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
+                $ref: '#/components/schemas/Session'
+              examples:
+                CurrentSessionsRefresh:
+                  summary: Refersh current Session
+                  $ref: '#/components/examples/RefreshCurrentSessionResponse'
         '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - apiToken: []
-        - oauth2:
-            - okta.templates.manage
+          description: Not Found
+      security: []
       tags:
-        - Template
-    put:
-      summary: Replace an SMS Template
-      description: Replaces the SMS template
-      operationId: replaceSmsTemplate
-      x-codegen-request-body-name: smsTemplate
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/SmsTemplate'
-        required: true
+        - Session
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
+  /api/v1/sessions/{sessionId}:
+    parameters:
+      - $ref: '#/components/parameters/pathSessionId'
+    get:
+      summary: Retrieve a Session
+      description: Retrieves information about the Session specified by the given session ID
+      operationId: getSession
       responses:
         '200':
           description: Success
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/SmsTemplate'
+                $ref: '#/components/schemas/Session'
+              examples:
+                SessionsRetrieve:
+                  summary: Retrieve Session information for a single session ID
+                  $ref: '#/components/examples/RetrieveSessionResponse'
         '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
+          description: Bad Request
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
+          description: Not Found
         '429':
           $ref: '#/components/responses/ErrorTooManyRequests429'
       security:
         - apiToken: []
         - oauth2:
-            - okta.templates.manage
+            - okta.sessions.read
       tags:
-        - Template
+        - Session
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
-      summary: Delete an SMS Template
-      description: Deletes an SMS template
-      operationId: deleteSmsTemplate
+      summary: Revoke a Session
+      description: Revokes the specified Session
+      operationId: revokeSession
       responses:
         '204':
           description: No Content
@@ -14121,13 +17284,478 @@ paths:
       security:
         - apiToken: []
         - oauth2:
-            - okta.templates.manage
+            - okta.sessions.manage
       tags:
-        - Template
-  /api/v1/threats/configuration:
-    get:
-      summary: Retrieve the ThreatInsight Configuration
-      description: Retrieves the ThreatInsight configuration for the org
+        - Session
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+  /api/v1/sessions/{sessionId}/lifecycle/refresh:
+    parameters:
+      - $ref: '#/components/parameters/pathSessionId'
+    post:
+      summary: Refresh a Session
+      description: Refreshes an existing Session using the `id` for that Session. A successful response contains the refreshed Session with an updated `expiresAt` timestamp.
+      operationId: refreshSession
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Session'
+              examples:
+                SessionsRefresh:
+                  summary: Refresh an existing Session using the session ID
+                  $ref: '#/components/examples/RefreshSessionResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          description: Not Found
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.sessions.manage
+      tags:
+        - Session
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+  /api/v1/ssf/stream:
+    get:
+      summary: Retrieve the SSF Stream configuration(s)
+      description: |-
+        Retrieves either a list of all known SSF Stream configurations or the individual configuration if specified by ID.
+
+        As Stream configurations are tied to a Client ID, only the Stream associated with the Client ID of the request OAuth 2.0 access token can be viewed.
+      operationId: getSsfStreams
+      parameters:
+        - in: query
+          name: stream_id
+          schema:
+            type: string
+          example: esc1k235GIIztAuGK0g5
+          description: The ID of the specified SSF Stream configuration
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                oneOf:
+                  - type: array
+                    title: List of Stream Configurations
+                    items:
+                      $ref: '#/components/schemas/StreamConfiguration'
+                  - $ref: '#/components/schemas/StreamConfiguration'
+              examples:
+                listResponse:
+                  $ref: '#/components/examples/listStreamConfigurationExample'
+                individualStreamResponse:
+                  $ref: '#/components/examples/streamConfigurationExample'
+        '401':
+          $ref: '#/components/responses/ErrorInvalidToken401'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - oauth2:
+            - ssf.read
+      tags:
+        - SSFTransmitter
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
+    post:
+      summary: Create an SSF Stream
+      description: |-
+        Creates an SSF Stream for an event receiver to start receiving security events in the form of Security Event Tokens (SETs) from Okta.
+
+        An SSF Stream is associated with the Client ID of the OAuth 2.0 access token used to create the stream. The Client ID is provided by Okta for an [OAuth 2.0 app integration](https://help.okta.com/okta_help.htm?id=ext_Apps_App_Integration_Wizard-oidc). One SSF Stream is allowed for each Client ID, hence, one SSF Stream is allowed for each app integration in Okta.
+
+        A maximum of 10 SSF Stream configurations can be created for one org.
+      operationId: createSsfStream
+      x-codegen-request-body-name: instance
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/StreamConfigurationCreateRequest'
+        required: true
+      responses:
+        '201':
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/StreamConfiguration'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '401':
+          $ref: '#/components/responses/ErrorInvalidToken401'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - oauth2:
+            - ssf.manage
+      tags:
+        - SSFTransmitter
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
+    put:
+      summary: Replace an SSF Stream
+      description: |-
+        Replaces all properties for an existing SSF Stream configuration.
+
+        If the `stream_id` isn't provided in the request body, the associated stream with the Client ID (through the request OAuth 2.0 access token) is replaced.
+      operationId: replaceSsfStream
+      x-codegen-request-body-name: instance
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/StreamConfiguration'
+        required: true
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/StreamConfiguration'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '401':
+          $ref: '#/components/responses/ErrorInvalidToken401'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - oauth2:
+            - ssf.manage
+      tags:
+        - SSFTransmitter
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
+    patch:
+      summary: Update an SSF Stream
+      description: |-
+        Updates properties for an existing SSF Stream configuration.
+
+        If the `stream_id` isn't provided in the request body, the associated stream with the Client ID (through the request OAuth 2.0 access token) is updated.
+      operationId: updateSsfStream
+      x-codegen-request-body-name: instance
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/StreamConfiguration'
+        required: true
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/StreamConfiguration'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '401':
+          $ref: '#/components/responses/ErrorInvalidToken401'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - oauth2:
+            - ssf.manage
+      tags:
+        - SSFTransmitter
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
+    delete:
+      summary: Delete an SSF Stream
+      description: |-
+        Deletes the specified SSF Stream.
+
+        If the `stream_id` is not provided in the query string, the associated stream with the Client ID (through the request OAuth 2.0 access token) is deleted. Otherwise, the SSF Stream with the `stream_id` is deleted, if found.
+      operationId: deleteSsfStream
+      parameters:
+        - in: query
+          name: stream_id
+          schema:
+            type: string
+          example: esc1k235GIIztAuGK0g5
+          description: The ID of the specified SSF Stream configuration
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '401':
+          $ref: '#/components/responses/ErrorInvalidToken401'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - oauth2:
+            - ssf.manage
+      tags:
+        - SSFTransmitter
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
+  /api/v1/templates/sms:
+    get:
+      summary: List all SMS Templates
+      description: Lists all custom SMS templates. A subset of templates can be returned that match a template type.
+      operationId: listSmsTemplates
+      parameters:
+        - name: templateType
+          in: query
+          schema:
+            $ref: '#/components/schemas/SmsTemplateType'
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/SmsTemplate'
+              examples:
+                SMS Template List response:
+                  $ref: '#/components/examples/SMSTemplateListResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.read
+      tags:
+        - Template
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+    post:
+      summary: Create an SMS Template
+      description: Creates a new custom SMS template
+      operationId: createSmsTemplate
+      x-codegen-request-body-name: smsTemplate
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SmsTemplate'
+            examples:
+              Create an SMS Template request:
+                $ref: '#/components/examples/CreateOrReplaceSMSTemplateRequest'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SmsTemplate'
+              examples:
+                Create an SMS Template response:
+                  $ref: '#/components/examples/CreateOrReplaceSMSTemplateResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.manage
+      tags:
+        - Template
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+  /api/v1/templates/sms/{templateId}:
+    parameters:
+      - $ref: '#/components/parameters/pathTemplateId'
+    get:
+      summary: Retrieve an SMS Template
+      description: Retrieves a specific template by `id`
+      operationId: getSmsTemplate
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SmsTemplate'
+              examples:
+                Get an SMS template response:
+                  $ref: '#/components/examples/CreateOrReplaceSMSTemplateResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.read
+      tags:
+        - Template
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+    post:
+      summary: Update an SMS Template
+      description: |
+        Updates only some of the SMS Template properties:
+          * All properties within the custom SMS Template that have values are updated.
+          * Any translation that doesn't exist is added.
+          * Any translation with a null or empty value is removed.
+          * Any translation with non-empty/null value is updated.
+      operationId: updateSmsTemplate
+      x-codegen-request-body-name: smsTemplate
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SmsTemplate'
+            examples:
+              Update an SMS Template request:
+                $ref: '#/components/examples/UpdateSMSTemplateRequest'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SmsTemplate'
+              examples:
+                Update an SMS Template response:
+                  $ref: '#/components/examples/UpdateSMSTemplateResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.manage
+      tags:
+        - Template
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+    put:
+      summary: Replace an SMS Template
+      description: |
+        Replaces the SMS Template
+        > **Notes:** You can't update the default SMS Template.
+      operationId: replaceSmsTemplate
+      x-codegen-request-body-name: smsTemplate
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SmsTemplate'
+            examples:
+              Replace an SMS Template request:
+                $ref: '#/components/examples/CreateOrReplaceSMSTemplateRequest'
+        required: true
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SmsTemplate'
+              examples:
+                Replace an SMS Template response:
+                  $ref: '#/components/examples/CreateOrReplaceSMSTemplateResponse'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.manage
+      tags:
+        - Template
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+    delete:
+      summary: Delete an SMS Template
+      description: Deletes an SMS template
+      operationId: deleteSmsTemplate
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.templates.manage
+      tags:
+        - Template
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+  /api/v1/threats/configuration:
+    get:
+      summary: Retrieve the ThreatInsight Configuration
+      description: Retrieves the ThreatInsight configuration for the org
       operationId: getCurrentConfiguration
       responses:
         '200':
@@ -14149,6 +17777,9 @@ paths:
             - okta.threatInsights.read
       tags:
         - ThreatInsight
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Update the ThreatInsight Configuration
       description: Updates the ThreatInsight configuration for the org
@@ -14185,6 +17816,9 @@ paths:
             - okta.threatInsights.manage
       tags:
         - ThreatInsight
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/trustedOrigins:
     get:
       summary: List all Trusted Origins
@@ -14192,23 +17826,32 @@ paths:
       operationId: listTrustedOrigins
       parameters:
         - name: q
+          description: A search string that will prefix match against the `name` and `origin`
           in: query
           schema:
             type: string
         - name: filter
+          description: |
+            [Filter](/#filter) Trusted Origins with a supported expression for a subset of properties. You can filter on the following properties: `name`, `origin`, `status`, and `type` (type of scopes).
           in: query
           schema:
             type: string
+          examples:
+            By name:
+              value: name eq "Example Trusted Origin"
         - name: after
+          description: The after cursor provided by a prior request.
           in: query
           schema:
             type: string
         - name: limit
+          description: Specifies the number of results.
           in: query
           schema:
             type: integer
             format: int32
-            default: -1
+            default: 20
+            maximum: 200
       responses:
         '200':
           description: Success
@@ -14218,6 +17861,9 @@ paths:
                 type: array
                 items:
                   $ref: '#/components/schemas/TrustedOrigin'
+              examples:
+                TrustedOriginsResponse:
+                  $ref: '#/components/examples/TrustedOriginsResponse'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '429':
@@ -14228,6 +17874,9 @@ paths:
             - okta.trustedOrigins.read
       tags:
         - TrustedOrigin
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create a Trusted Origin
       description: Creates a trusted origin
@@ -14237,7 +17886,14 @@ paths:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/TrustedOrigin'
+              $ref: '#/components/schemas/TrustedOriginWrite'
+            examples:
+              TrustedOriginBody:
+                $ref: '#/components/examples/TrustedOriginBody'
+              TrustedOriginBodyWithIframeEmbedding:
+                $ref: '#/components/examples/TrustedOriginBodyWithIframeEmbedding'
+              TrustedOriginBodyWithIframeEmbeddingSignIn:
+                $ref: '#/components/examples/TrustedOriginBodyWithIframeEmbeddingSignIn'
         required: true
       responses:
         '200':
@@ -14246,6 +17902,13 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/TrustedOrigin'
+              examples:
+                TrustedOriginResponse:
+                  $ref: '#/components/examples/TrustedOriginResponse'
+                TrustedOriginResponseWithIframeEmbedding:
+                  $ref: '#/components/examples/TrustedOriginResponseWithIframeEmbedding'
+                TrustedOriginResponseWithIframeEmbeddingSignIn:
+                  $ref: '#/components/examples/TrustedOriginResponseWithIframeEmbeddingSignIn'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -14258,6 +17921,9 @@ paths:
             - okta.trustedOrigins.manage
       tags:
         - TrustedOrigin
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/trustedOrigins/{trustedOriginId}:
     parameters:
       - $ref: '#/components/parameters/pathTrustedOriginId'
@@ -14272,6 +17938,13 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/TrustedOrigin'
+              examples:
+                TrustedOriginResponse:
+                  $ref: '#/components/examples/TrustedOriginResponse'
+                TrustedOriginResponseWithIframeEmbedding:
+                  $ref: '#/components/examples/TrustedOriginResponseWithIframeEmbedding'
+                TrustedOriginResponseWithIframeEmbeddingSignIn:
+                  $ref: '#/components/examples/TrustedOriginResponseWithIframeEmbeddingSignIn'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -14284,6 +17957,9 @@ paths:
             - okta.trustedOrigins.read
       tags:
         - TrustedOrigin
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace a Trusted Origin
       description: Replaces a trusted origin
@@ -14294,6 +17970,11 @@ paths:
           application/json:
             schema:
               $ref: '#/components/schemas/TrustedOrigin'
+            examples:
+              TrustedOriginPutBody:
+                $ref: '#/components/examples/TrustedOriginPutBody'
+              TrustedOriginPutBodyWithIframeEmbedding:
+                $ref: '#/components/examples/TrustedOriginPutBodyWithIframeEmbedding'
         required: true
       responses:
         '200':
@@ -14302,6 +17983,11 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/TrustedOrigin'
+              examples:
+                TrustedOriginPutResponse:
+                  $ref: '#/components/examples/TrustedOriginPutResponse'
+                TrustedOriginPutResponseWithIFrameEmbedding:
+                  $ref: '#/components/examples/TrustedOriginPutResponseWithIframeEmbedding'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -14316,6 +18002,9 @@ paths:
             - okta.trustedOrigins.manage
       tags:
         - TrustedOrigin
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete a Trusted Origin
       description: Deletes a trusted origin
@@ -14336,12 +18025,15 @@ paths:
             - okta.trustedOrigins.manage
       tags:
         - TrustedOrigin
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/trustedOrigins/{trustedOriginId}/lifecycle/activate:
     parameters:
       - $ref: '#/components/parameters/pathTrustedOriginId'
     post:
       summary: Activate a Trusted Origin
-      description: Activates a trusted origin
+      description: Activates a Trusted Origin. Sets the `status` to `ACTIVE`.
       operationId: activateTrustedOrigin
       responses:
         '200':
@@ -14350,6 +18042,9 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/TrustedOrigin'
+              examples:
+                TrustedOriginResponse:
+                  $ref: '#/components/examples/TrustedOriginResponse'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -14362,12 +18057,15 @@ paths:
             - okta.trustedOrigins.manage
       tags:
         - TrustedOrigin
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/trustedOrigins/{trustedOriginId}/lifecycle/deactivate:
     parameters:
       - $ref: '#/components/parameters/pathTrustedOriginId'
     post:
       summary: Deactivate a Trusted Origin
-      description: Deactivates a trusted origin
+      description: Deactivates a Trusted Origin. Sets the `status` to `INACTIVE`.
       operationId: deactivateTrustedOrigin
       responses:
         '200':
@@ -14376,6 +18074,9 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/TrustedOrigin'
+              examples:
+                TrustedOriginInactiveResponse:
+                  $ref: '#/components/examples/TrustedOriginInactiveResponse'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -14388,6 +18089,9 @@ paths:
             - okta.trustedOrigins.manage
       tags:
         - TrustedOrigin
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users:
     get:
       summary: List all Users
@@ -14437,12 +18141,7 @@ paths:
                   $ref: '#/components/schemas/User'
               examples:
                 UserList:
-                  $ref: '#/components/examples/ListUsersResponse'
-              x-okta-feature-flag-amends:
-                UD_REALMS:
-                  examples:
-                    UserList:
-                      $ref: '#/components/examples/ListRealmAwareUsersResponse'
+                  $ref: '#/components/examples/ListRealmAwareUsersResponse'
         '403':
           description: Forbidden
           content:
@@ -14457,6 +18156,10 @@ paths:
             - okta.users.read
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create a User
       description: |-
@@ -14527,6 +18230,109 @@ paths:
             - okta.users.manage
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
+  /api/v1/users/{userIdOrLogin}/linkedObjects/{primaryRelationshipName}/{primaryUserId}:
+    parameters:
+      - $ref: '#/components/parameters/pathUserIdOrLogin'
+      - $ref: '#/components/parameters/pathPrimaryRelationshipName'
+      - $ref: '#/components/parameters/pathPrimaryUserId'
+    put:
+      summary: Replace the Linked Object value for `primary`
+      description: Replaces the first user as the `associated` and the second user as the `primary` for the specified relationship. If the first user is already associated with a different `primary` for this relationship, replaces the previous link. A Linked Object relationship can specify only one `primary` user for an `associated` user.
+      operationId: replaceLinkedObjectForUser
+      responses:
+        '204':
+          description: Success
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
+  /api/v1/users/{userIdOrLogin}/linkedObjects/{relationshipName}:
+    parameters:
+      - $ref: '#/components/parameters/pathUserIdOrLogin'
+      - $ref: '#/components/parameters/pathRelationshipName'
+    get:
+      summary: List the primary or all of the associated Linked Object values
+      description: Lists either the self link for the `primary` user or all `associated` users in the relationship specified by `relationshipName`. If the specified user isn't associated in any relationship, an empty array is returned.
+      operationId: listLinkedObjectsForUser
+      parameters:
+        - name: after
+          in: query
+          schema:
+            type: string
+        - name: limit
+          in: query
+          schema:
+            type: integer
+            format: int32
+            default: -1
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/ResponseLinks'
+              examples:
+                GetUserLinkedObjectResponse:
+                  $ref: '#/components/examples/GetUserLinkedObjectResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.read
+      tags:
+        - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
+    delete:
+      summary: Delete a Linked Object
+      description: Deletes linked objects for a user, relationshipName can be ONLY a primary relationship name
+      operationId: deleteLinkedObjectForUser
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.users.manage
+      tags:
+        - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -14534,13 +18340,15 @@ paths:
       summary: Retrieve a User
       description: Retrieves a user from your Okta organization
       operationId: getUser
+      parameters:
+        - $ref: '#/components/parameters/queryUserExpand'
       responses:
         '200':
           description: Success
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/User'
+                $ref: '#/components/schemas/UserGetSingleton'
         '403':
           description: Forbidden
           content:
@@ -14561,6 +18369,10 @@ paths:
             - okta.users.read
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Update a User
       description: Updates a user partially determined by the request parameters
@@ -14610,6 +18422,10 @@ paths:
             - okta.users.manage
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace a User
       description: Replaces a user's profile and/or credentials using strict-update semantics
@@ -14660,6 +18476,10 @@ paths:
             - okta.users.manage
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete a User
       description: Deletes a user permanently. This operation can only be performed on users that have a `DEPROVISIONED` status.  **This action cannot be recovered!**. Calling this on an `ACTIVE` user will transition the user to `DEPROVISIONED`.
@@ -14701,6 +18521,10 @@ paths:
             - okta.users.manage
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/appLinks:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -14729,6 +18553,10 @@ paths:
             - okta.users.read
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/blocks:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -14762,6 +18590,10 @@ paths:
             - okta.users.read
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/clients:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -14790,6 +18622,10 @@ paths:
             - okta.users.read
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/clients/{clientId}/grants:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -14834,6 +18670,10 @@ paths:
             - okta.users.read
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Revoke all Grants for a Client
       description: Revokes all grants for the specified user and client
@@ -14854,6 +18694,10 @@ paths:
             - okta.users.manage
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/clients/{clientId}/tokens:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -14898,6 +18742,10 @@ paths:
             - okta.users.read
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Revoke all Refresh Tokens for a Client
       description: Revokes all refresh tokens issued for the specified User and Client
@@ -14918,6 +18766,10 @@ paths:
             - okta.users.manage
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId}:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -14960,6 +18812,10 @@ paths:
             - okta.users.read
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Revoke a Token for a Client
       description: Revokes the specified refresh token
@@ -14980,6 +18836,10 @@ paths:
             - okta.users.manage
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/credentials/change_password:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -15021,6 +18881,10 @@ paths:
             - okta.users.manage
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/credentials/change_recovery_question:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -15056,6 +18920,10 @@ paths:
             - okta.users.manage
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/credentials/forgot_password:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -15089,6 +18957,10 @@ paths:
             - okta.users.manage
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/credentials/forgot_password_recovery_question:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -15131,12 +19003,16 @@ paths:
             - okta.users.manage
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/factors:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
     get:
-      summary: List all Factors
-      description: Lists all the enrolled factors for the specified user
+      summary: List all enrolled Factors
+      description: Lists all enrolled Factors for the specified user
       operationId: listFactors
       responses:
         '200':
@@ -15159,34 +19035,49 @@ paths:
             - okta.users.read
       tags:
         - UserFactor
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Enroll a Factor
-      description: Enrolls a user with a supported factor
+      description: Enrolls a supported Factor for the specified user. Some Factor types require a seperate activation to complete the enrollment process. See [Activate a Factor](./#tag/UserFactor/operation/activateFactor).
       operationId: enrollFactor
       parameters:
         - name: updatePhone
+          description: If `true`, indicates you are replacing the currently registered phone number for the specified user. This parameter is ignored if the existing phone number is used by an activated Factor.
           in: query
           schema:
             type: boolean
             default: false
         - name: templateId
           in: query
-          description: id of SMS template (only for SMS factor)
+          description: ID of an existing custom SMS template. See the [SMS Templates API](../Template). Only used by `sms` Factors. If the provided ID doesn't exist, the default template is used instead.
           schema:
             type: string
+            example: cstk2flOtuCMDJK4b0g3
         - name: tokenLifetimeSeconds
+          description: Defines how long the token remains valid
           in: query
           schema:
             type: integer
             format: int32
+            minimum: 1
+            maximum: 86400
             default: 300
           x-okta-added-version: 1.3.0
         - name: activate
+          description: If `true`, the `sms` Factor is immediately activated as part of the enrollment. An activation text message isn't sent to the device.
           in: query
           schema:
             type: boolean
             default: false
           x-okta-added-version: 1.3.0
+        - name: Accept-Language
+          description: An ISO 639-1 two-letter language code that defines a localized message to send. Only used by `sms` Factors. If a localized message doesn't exist or the `templateId` is incorrect, the default template is used instead.
+          in: header
+          schema:
+            type: string
+            example: fr
       x-codegen-request-body-name: body
       requestBody:
         description: Factor
@@ -15216,12 +19107,15 @@ paths:
             - okta.users.manage
       tags:
         - UserFactor
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/factors/catalog:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
     get:
-      summary: List all Supported Factors
-      description: Lists all the supported factors that can be enrolled for the specified user
+      summary: List all supported Factors
+      description: Lists all the supported Factors that can be enrolled for the specified user
       operationId: listSupportedFactors
       responses:
         '200':
@@ -15231,7 +19125,7 @@ paths:
               schema:
                 type: array
                 items:
-                  $ref: '#/components/schemas/UserFactor'
+                  $ref: '#/components/schemas/UserFactorSupported'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -15244,22 +19138,33 @@ paths:
             - okta.users.read
       tags:
         - UserFactor
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/factors/questions:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
     get:
-      summary: List all Supported Security Questions
-      description: Lists all available security questions for a user's `question` factor
+      x-okta-no-scope-required: true
+      summary: List all supported Security Questions
+      description: Lists all available Security Questions for the specified user
       operationId: listSupportedSecurityQuestions
       responses:
         '200':
           description: Success
           content:
             application/json:
+              example:
+                - question: disliked_food
+                  questionText: What is the food you least liked as a child?
+                - question: name_of_first_plush_toy
+                  questionText: What is the name of your first stuffed animal?
+                - question: first_award
+                  questionText: What did you earn your first medal or award for?
               schema:
                 type: array
                 items:
-                  $ref: '#/components/schemas/SecurityQuestion'
+                  $ref: '#/components/schemas/UserFactorSecurityQuestionProfile'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -15270,13 +19175,17 @@ paths:
         - apiToken: []
       tags:
         - UserFactor
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/factors/{factorId}:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
       - $ref: '#/components/parameters/pathFactorId'
     get:
       summary: Retrieve a Factor
-      description: Retrieves a factor for the specified user
+      description: Retrieves an existing Factor for the specified user
       operationId: getFactor
       responses:
         '200':
@@ -15297,12 +19206,19 @@ paths:
             - okta.users.read
       tags:
         - UserFactor
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Unenroll a Factor
-      description: Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor
+      description: |-
+        Unenrolls an existing Factor for the specified user. This allows the user to enroll a new Factor.
+
+        > **Note**: If you unenroll the `push` or the `signed_nonce` Factors, Okta also unenrolls any other `totp`, `signed_nonce`, or Okta Verify `push` Factors associated with the user.
       operationId: unenrollFactor
       parameters:
         - name: removeRecoveryEnrollment
+          description: If `true`, removes the the phone number as both a recovery method and a Factor. Only used for `sms` and `call` Factors.
           in: query
           schema:
             type: boolean
@@ -15323,20 +19239,27 @@ paths:
             - okta.users.manage
       tags:
         - UserFactor
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/factors/{factorId}/lifecycle/activate:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
       - $ref: '#/components/parameters/pathFactorId'
     post:
       summary: Activate a Factor
-      description: Activates a factor. The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.
+      description: |-
+        Activates a Factor. Some Factors (`call`, `email`, `push`, `sms`, `token:software:totp`, `u2f`, and `webauthn`) require activation to complete the enrollment process.
+
+        Okta enforces a rate limit of five activation attempts within five minutes.
+        After a user exceeds the rate limit, Okta returns an error message.
       operationId: activateFactor
       x-codegen-request-body-name: body
       requestBody:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/ActivateFactorRequest'
+              $ref: '#/components/schemas/UserFactorActivateRequest'
         required: false
       responses:
         '200':
@@ -15359,26 +19282,34 @@ paths:
             - okta.users.manage
       tags:
         - UserFactor
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/factors/{factorId}/resend:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
       - $ref: '#/components/parameters/pathFactorId'
     post:
-      summary: Resend a factor enrollment
-      description: Resends a factor challenge (SMS/call/email OTP) as part of an enrollment flow. The current rate limit is one OTP challenge (call or SMS) per device every 30 seconds. Okta round-robins between SMS providers with every resend request to help ensure delivery of an SMS OTP across different carriers.
+      summary: Resend a Factor enrollment
+      description: |-
+        Resends an `sms`, `call`, or `email` factor challenge as part of an enrollment flow.
+
+        For `call` and `sms` factors, Okta enforces a rate limit of one OTP challenge per device every 30 seconds. You can configure your `sms` and `call` factors to use a third-party telephony provider. See the [Telephony inline hook reference](https://developer.okta.com/docs/reference/telephony-hook/). Okta round-robins between SMS providers with every resend request to help ensure delivery of an SMS and Call OTPs across different carriers.
+
+        > **Note**: Resend operations aren't allowed after a factor exceeds the activation rate limit. See [Activate a Factor](./#tag/UserFactor/operation/activateFactor).
       operationId: resendEnrollFactor
       parameters:
         - name: templateId
           in: query
-          description: ID of SMS template (only for SMS factor)
+          description: ID of an existing custom SMS template. See the [SMS Templates API](../Template). Only used by `sms` Factors.
           schema:
+            example: cstk2flOtuCMDJK4b0g3
             type: string
       requestBody:
-        description: Factor
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/UserFactor'
+              $ref: '#/components/schemas/ResendUserFactor'
         required: true
       responses:
         '200':
@@ -15386,7 +19317,7 @@ paths:
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/UserFactor'
+                $ref: '#/components/schemas/ResendUserFactor'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -15401,14 +19332,17 @@ paths:
             - okta.users.manage
       tags:
         - UserFactor
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/factors/{factorId}/transactions/{transactionId}:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
       - $ref: '#/components/parameters/pathFactorId'
       - $ref: '#/components/parameters/pathTransactionId'
     get:
-      summary: Retrieve a Factor Transaction Status
-      description: Retrieves the factors verification transaction status
+      summary: Retrieve a Factor transaction status
+      description: Retrieves the status of a `push` Factor verification transaction
       operationId: getFactorTransactionStatus
       responses:
         '200':
@@ -15416,7 +19350,7 @@ paths:
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/VerifyUserFactorResponse'
+                $ref: '#/components/schemas/UserFactorPushTransaction'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
@@ -15429,46 +19363,62 @@ paths:
             - okta.users.read
       tags:
         - UserFactor
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/factors/{factorId}/verify:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
       - $ref: '#/components/parameters/pathFactorId'
     post:
-      summary: Verify an MFA Factor
-      description: Verifies an OTP for a `token` or `token:hardware` factor
+      summary: Verify a Factor
+      description: |-
+        Verifies an OTP for a Factor. Some Factors (`call`, `email`, `push`, `sms`, `u2f`, and `webauthn`) must first issue a challenge before you can verify the Factor. Do this by making a request without a body. After a challenge is issued, make another request to verify the Factor.
+
+        **Note**: To verify a `push` factor, use the **poll** link returned when you issue the challenge. See [Retrieve a Factor Transaction Status](/openapi/okta-management/management/tag/UserFactor/#tag/UserFactor/operation/getFactorTransactionStatus).
       operationId: verifyFactor
       parameters:
         - name: templateId
+          description: ID of an existing custom SMS template. See the [SMS Templates API](../Template). Only used by `sms` Factors.
           in: query
           schema:
             type: string
+            example: cstk2flOtuCMDJK4b0g3
         - name: tokenLifetimeSeconds
+          description: Defines how long the token remains valid
           in: query
           schema:
             type: integer
             format: int32
+            minimum: 1
+            maximum: 86400
             default: 300
           x-okta-added-version: 1.3.0
         - name: X-Forwarded-For
+          description: Public IP address for the user agent
           in: header
           schema:
             type: string
           x-okta-added-version: 1.11.0
         - name: User-Agent
+          description: Type of user agent detected when the request is made. Required to verify `push` Factors.
           in: header
           schema:
             type: string
           x-okta-added-version: 1.11.0
         - name: Accept-Language
+          description: An ISO 639-1 two-letter language code that defines a localized message to send. Only used by `sms` Factors. If a localized message doesn't exist or the `templateId` is incorrect, the default template is used instead.
           in: header
           schema:
             type: string
+            example: fr
       x-codegen-request-body-name: body
       requestBody:
+        description: Some Factors (`call`, `email`, `push`, `sms`, `u2f`, and `webauthn`) must first issue a challenge before you can verify the Factor. Do this by making a request without a body. After a challenge is issued, make another request to verify the Factor.
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/VerifyFactorRequest'
+              $ref: '#/components/schemas/UserFactorVerifyRequest'
         required: false
       responses:
         '200':
@@ -15476,7 +19426,7 @@ paths:
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/VerifyUserFactorResponse'
+                $ref: '#/components/schemas/UserFactorVerifyResponse'
         '400':
           $ref: '#/components/responses/ErrorApiValidationFailed400'
         '403':
@@ -15491,6 +19441,9 @@ paths:
             - okta.users.manage
       tags:
         - UserFactor
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/grants:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -15538,6 +19491,10 @@ paths:
             - okta.users.read
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Revoke all User Grants
       description: Revokes all grants for a specified user
@@ -15558,6 +19515,10 @@ paths:
             - okta.users.manage
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/grants/{grantId}:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -15590,6 +19551,10 @@ paths:
             - okta.users.read
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Revoke a User Grant
       description: Revokes one grant for a specified user
@@ -15610,6 +19575,10 @@ paths:
             - okta.users.manage
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/groups:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -15617,6 +19586,9 @@ paths:
       summary: List all Groups
       description: Lists all groups of which the user is a member
       operationId: listUserGroups
+      parameters:
+        - $ref: '#/components/parameters/queryAfter'
+        - $ref: '#/components/parameters/queryLimit'
       responses:
         '200':
           description: Success
@@ -15638,6 +19610,10 @@ paths:
             - okta.users.read
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/idps:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -15666,6 +19642,9 @@ paths:
             - okta.users.read
       tags:
         - User
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/lifecycle/activate:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -15713,6 +19692,10 @@ paths:
             - okta.users.manage
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/lifecycle/deactivate:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -15743,6 +19726,10 @@ paths:
             - okta.users.manage
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/lifecycle/expire_password:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -15769,6 +19756,10 @@ paths:
             - okta.users.manage
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/lifecycle/expire_password_with_temp_password:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -15803,12 +19794,20 @@ paths:
             - okta.users.manage
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/lifecycle/reactivate:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
     post:
       summary: Reactivate a User
-      description: Reactivates a user.  This operation can only be performed on users with a `PROVISIONED` status.  This operation restarts the activation workflow if for some reason the user activation was not completed when using the activationToken from [Activate User](#activate-user).
+      description: |-
+        Reactivates a user. This operation can only be performed on users with a `PROVISIONED` status. 
+        This operation restarts the activation workflow if the user activation wasn't completed with the `activationToken` from [Activate a user](/openapi/okta-management/management/tag/User/#tag/User/operation/activateUser).
+
+        > **Note:** A successful request to this endpoint records the same set of events as when a user is activated in System Logs, since it invokes the same activation workflow.
       operationId: reactivateUser
       parameters:
         - name: sendEmail
@@ -15836,6 +19835,10 @@ paths:
             - okta.users.manage
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/lifecycle/reset_factors:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -15843,6 +19846,13 @@ paths:
       summary: Reset all Factors
       description: Resets all factors for the specified user. All MFA factor enrollments returned to the unenrolled state. The user's status remains ACTIVE. This link is present only if the user is currently enrolled in one or more MFA factors.
       operationId: resetFactors
+      parameters:
+        - name: removeRecoveryEnrollment
+          description: 'If `true`, removes the phone number as both a recovery method and a Factor. Supported Factors: `sms` and `call`'
+          in: query
+          schema:
+            type: boolean
+            default: false
       responses:
         '200':
           description: OK
@@ -15859,6 +19869,10 @@ paths:
             - okta.users.manage
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/lifecycle/reset_password:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -15898,6 +19912,10 @@ paths:
             - okta.users.manage
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/lifecycle/suspend:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -15921,6 +19939,10 @@ paths:
             - okta.users.manage
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/lifecycle/unlock:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -15944,6 +19966,10 @@ paths:
             - okta.users.manage
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/lifecycle/unsuspend:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -15967,90 +19993,10 @@ paths:
             - okta.users.manage
       tags:
         - User
-  /api/v1/users/{userId}/linkedObjects/{primaryRelationshipName}/{primaryUserId}:
-    parameters:
-      - $ref: '#/components/parameters/pathUserId'
-      - $ref: '#/components/parameters/pathPrimaryRelationshipName'
-      - $ref: '#/components/parameters/pathPrimaryUserId'
-    put:
-      summary: Create a Linked Object for two Users
-      description: Creates a Linked Object for two users
-      operationId: setLinkedObjectForUser
-      responses:
-        '204':
-          description: Success
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - oauth2:
-            - okta.users.manage
-      tags:
-        - User
-  /api/v1/users/{userId}/linkedObjects/{relationshipName}:
-    parameters:
-      - $ref: '#/components/parameters/pathUserId'
-      - $ref: '#/components/parameters/pathRelationshipName'
-    get:
-      summary: List all Linked Objects
-      description: Lists all linked objects for a user, relationshipName can be a primary or associated relationship name
-      operationId: listLinkedObjectsForUser
-      parameters:
-        - name: after
-          in: query
-          schema:
-            type: string
-        - name: limit
-          in: query
-          schema:
-            type: integer
-            format: int32
-            default: -1
-      responses:
-        '200':
-          description: Success
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/ResponseLinks'
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - apiToken: []
-        - oauth2:
-            - okta.users.read
-      tags:
-        - User
-    delete:
-      summary: Delete a Linked Object
-      description: Deletes linked objects for a user, relationshipName can be ONLY a primary relationship name
-      operationId: deleteLinkedObjectForUser
-      responses:
-        '204':
-          description: No Content
-          content: {}
-        '403':
-          $ref: '#/components/responses/ErrorAccessDenied403'
-        '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
-        '429':
-          $ref: '#/components/responses/ErrorTooManyRequests429'
-      security:
-        - apiToken: []
-        - oauth2:
-            - okta.users.manage
-      tags:
-        - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/roles:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -16084,6 +20030,9 @@ paths:
             - okta.roles.read
       tags:
         - RoleAssignment
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Assign a Role to a User
       description: Assigns a role to a user identified by `userId`
@@ -16122,6 +20071,9 @@ paths:
             - okta.roles.manage
       tags:
         - RoleAssignment
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/roles/{roleId}:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -16149,6 +20101,9 @@ paths:
             - okta.roles.read
       tags:
         - RoleAssignment
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Unassign a Role from a User
       description: Unassigns a role identified by `roleId` from a user identified by `userId`
@@ -16169,6 +20124,9 @@ paths:
             - okta.roles.manage
       tags:
         - RoleAssignment
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -16209,6 +20167,9 @@ paths:
             - okta.roles.read
       tags:
         - RoleTarget
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Assign all Apps as Target to Role
       description: Assigns all Apps as Target to Role
@@ -16229,6 +20190,9 @@ paths:
             - okta.roles.manage
       tags:
         - RoleTarget
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -16254,6 +20218,9 @@ paths:
             - okta.roles.manage
       tags:
         - RoleTarget
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Unassign an Application Target from an Application Administrator Role
       description: Unassigns an application target from application administrator role
@@ -16274,6 +20241,9 @@ paths:
             - okta.roles.manage
       tags:
         - RoleTarget
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{appId}:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -16300,6 +20270,9 @@ paths:
             - okta.roles.manage
       tags:
         - RoleTarget
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Unassign an Application Instance Target from an Application Administrator Role
       description: Unassigns an application instance target from an application administrator role
@@ -16320,6 +20293,9 @@ paths:
             - okta.roles.manage
       tags:
         - RoleTarget
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/roles/{roleId}/targets/groups:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -16360,6 +20336,9 @@ paths:
             - okta.roles.read
       tags:
         - RoleTarget
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -16385,6 +20364,9 @@ paths:
             - okta.roles.manage
       tags:
         - RoleTarget
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Unassign a Group Target from Role
       description: Unassigns a Group Target from Role
@@ -16405,6 +20387,9 @@ paths:
             - okta.roles.manage
       tags:
         - RoleTarget
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/sessions:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -16435,6 +20420,10 @@ paths:
             - okta.users.manage
       tags:
         - User
+      x-okta-lifecycle:
+        isCorsEnabled: true
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/subscriptions:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -16470,6 +20459,9 @@ paths:
             - okta.users.read
       tags:
         - Subscription
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/subscriptions/{notificationType}:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -16505,6 +20497,9 @@ paths:
             - okta.users.read
       tags:
         - Subscription
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/subscriptions/{notificationType}/subscribe:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -16536,6 +20531,9 @@ paths:
             - okta.users.manage
       tags:
         - Subscription
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/users/{userId}/subscriptions/{notificationType}/unsubscribe:
     parameters:
       - $ref: '#/components/parameters/pathUserId'
@@ -16567,11 +20565,14 @@ paths:
             - okta.users.manage
       tags:
         - Subscription
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/zones:
     get:
       summary: List all Network Zones
       description: |-
-        Lists all network zones with pagination. A subset of zones can be returned that match a supported filter expression or query.
+        Lists all Network Zones with pagination. A subset of zones can be returned that match a supported filter expression or query.
 
         This operation requires URL encoding. For example, `filter=(id eq "nzoul0wf9jyb8xwZm0g3" or id eq "nzoul1MxmGN18NDQT0g3")` is encoded as `filter=%28id+eq+%22nzoul0wf9jyb8xwZm0g3%22+or+id+eq+%22nzoul1MxmGN18NDQT0g3%22%29`.
 
@@ -16580,24 +20581,24 @@ paths:
       parameters:
         - name: after
           in: query
-          description: Specifies the pagination cursor for the next page of network zones
-          example: 200u7yq5goxNFTiMjW1d7
           schema:
             type: string
+            description: Specifies the pagination cursor for the next page of Network Zones
+            example: BlockedIpZones
         - name: limit
           in: query
-          description: Specifies the number of results for a page
-          example: 5
           schema:
             type: integer
+            description: Specifies the number of results for a page
             format: int32
+            example: 5
             default: -1
         - name: filter
           in: query
-          description: Filters zones by usage or ID expression
-          example: filter=%28id+eq+%22nzowc1U5Jh5xuAK0o0g3%22%29
           schema:
             type: string
+            description: Filters zones by usage or ID expression
+            example: id eq "nzowc1U5Jh5xuAK0o0g3"
       responses:
         '200':
           description: Success
@@ -16622,12 +20623,16 @@ paths:
             - okta.networkZones.read
       tags:
         - NetworkZone
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create a Network Zone
       description: |-
-        Creates a new network zone.
-        * At least one of either the `gateways` attribute or `proxies` attribute must be defined when creating a Network Zone.
-        * At least one of the following attributes must be defined: `proxyType`, `locations`, or `asns`.
+        Creates a Network Zone
+        * For an IP Network Zone, you must define either `gateways` or `proxies`.
+        * For a Dynamic Network Zone, you must define at least one of the following: `asns`, `locations`, or `proxyType`.
+        * For an Enhanced Dynamic Network Zone, you must define at least one of the following: `asns`, `locations`, or `ipServiceCategories`.
       operationId: createNetworkZone
       x-codegen-request-body-name: zone
       requestBody:
@@ -16640,6 +20645,8 @@ paths:
                 $ref: '#/components/examples/CreateIPPolicyNetworkZone'
               CreateIPPolicyBlocklistNetworkZone:
                 $ref: '#/components/examples/CreateIPPolicyBlockListNetworkZone'
+              CreateEDNetworkZone:
+                $ref: '#/components/examples/CreateEDNZRequest'
         required: true
       responses:
         '200':
@@ -16653,8 +20660,10 @@ paths:
                   $ref: '#/components/examples/CreateIPPolicyNetworkZoneResponse'
                 CreateIPPolicyBlocklistNetworkZone:
                   $ref: '#/components/examples/CreateIPPolicyBlockListNetworkZoneResponse'
+                CreateEDNetworkZone:
+                  $ref: '#/components/examples/CreateEDNZResponse'
         '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
+          $ref: '#/components/responses/NzErrorApiValidationFailed400'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '429':
@@ -16665,12 +20674,15 @@ paths:
             - okta.networkZones.manage
       tags:
         - NetworkZone
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/zones/{zoneId}:
     parameters:
       - $ref: '#/components/parameters/pathZoneId'
     get:
       summary: Retrieve a Network Zone
-      description: Retrieves a network zone by `zoneId`
+      description: Retrieves a Network Zone by `zoneId`
       operationId: getNetworkZone
       responses:
         '200':
@@ -16684,10 +20696,12 @@ paths:
                   $ref: '#/components/examples/RetrieveNetworkZoneIP'
                 RetrieveNetworkZoneDynamic:
                   $ref: '#/components/examples/RetrieveNetworkZoneDynamic'
+                RetrieveNetworkZoneEnhancedDynamic:
+                  $ref: '#/components/examples/CreateEDNZResponse'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
+          $ref: '#/components/responses/NzErrorResourceNotFound404'
         '429':
           $ref: '#/components/responses/ErrorTooManyRequests429'
       security:
@@ -16696,11 +20710,14 @@ paths:
             - okta.networkZones.read
       tags:
         - NetworkZone
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace a Network Zone
       description: |-
-        Replaces a network zone by `zoneId`. The replaced network zone type must be the same as the existing type.
-        You may replace the usage (`POLICY`, `BLOCKLIST`) of a network zone by updating the `usage` attribute.
+        Replaces a Network Zone by `zoneId`. The replaced Network Zone type must be the same as the existing type.
+        You can replace the usage (`POLICY`, `BLOCKLIST`) of a Network Zone by updating the `usage` attribute.
       operationId: replaceNetworkZone
       x-codegen-request-body-name: zone
       requestBody:
@@ -16723,11 +20740,11 @@ paths:
                 ReplaceNetworkZone:
                   $ref: '#/components/examples/ReplaceNetworkZoneResponse'
         '400':
-          $ref: '#/components/responses/ErrorApiValidationFailed400'
+          $ref: '#/components/responses/NzErrorApiValidationFailed400'
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
+          $ref: '#/components/responses/NzErrorResourceNotFound404'
         '429':
           $ref: '#/components/responses/ErrorTooManyRequests429'
       security:
@@ -16736,9 +20753,16 @@ paths:
             - okta.networkZones.manage
       tags:
         - NetworkZone
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete a Network Zone
-      description: Deletes network zone by `zoneId`
+      description: |-
+        Deletes a Network Zone by `zoneId`
+        > **Notes:**
+        > * You can't delete a Network Zone that's used by a [Policy](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Policy/) or [Rule](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Policy/#tag/Policy/operation/listPolicyRules).
+        > * For Okta Identity Engine orgs, you can't delete a Network Zone with an ACTIVE `status`. <x-lifecycle class="oie"></x-lifecycle>
       operationId: deleteNetworkZone
       responses:
         '204':
@@ -16747,7 +20771,7 @@ paths:
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
+          $ref: '#/components/responses/NzErrorResourceNotFound404'
         '429':
           $ref: '#/components/responses/ErrorTooManyRequests429'
       security:
@@ -16756,12 +20780,15 @@ paths:
             - okta.networkZones.manage
       tags:
         - NetworkZone
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/zones/{zoneId}/lifecycle/activate:
     parameters:
       - $ref: '#/components/parameters/pathZoneId'
     post:
       summary: Activate a Network Zone
-      description: Activates a network zone by `zoneId`
+      description: Activates a Network Zone by `zoneId`
       operationId: activateNetworkZone
       responses:
         '200':
@@ -16776,7 +20803,7 @@ paths:
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
+          $ref: '#/components/responses/NzErrorResourceNotFound404'
         '429':
           $ref: '#/components/responses/ErrorTooManyRequests429'
       security:
@@ -16785,12 +20812,15 @@ paths:
             - okta.networkZones.manage
       tags:
         - NetworkZone
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /api/v1/zones/{zoneId}/lifecycle/deactivate:
     parameters:
       - $ref: '#/components/parameters/pathZoneId'
     post:
       summary: Deactivate a Network Zone
-      description: Deactivates a network zone by `zoneId`
+      description: Deactivates a Network Zone by `zoneId`
       operationId: deactivateNetworkZone
       responses:
         '200':
@@ -16805,7 +20835,7 @@ paths:
         '403':
           $ref: '#/components/responses/ErrorAccessDenied403'
         '404':
-          $ref: '#/components/responses/ErrorResourceNotFound404'
+          $ref: '#/components/responses/NzErrorResourceNotFound404'
         '429':
           $ref: '#/components/responses/ErrorTooManyRequests429'
       security:
@@ -16814,6 +20844,80 @@ paths:
             - okta.networkZones.manage
       tags:
         - NetworkZone
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+  /attack-protection/api/v1/authenticator-settings:
+    get:
+      summary: Retrieve the Authenticator Settings
+      description: Retrieves the Authenticator Settings for an org
+      operationId: getAuthenticatorSettings
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/AttackProtectionAuthenticatorSettings'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.orgs.read
+      tags:
+        - AttackProtection
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
+    put:
+      summary: Replace the Authenticator Settings
+      description: Replaces the Authenticator Settings for an org
+      operationId: replaceAuthenticatorSettings
+      x-codegen-request-body-name: authenticatorSettings
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AttackProtectionAuthenticatorSettings'
+        required: true
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AttackProtectionAuthenticatorSettings'
+        '400':
+          $ref: '#/components/responses/ErrorApiValidationFailed400'
+        '403':
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.orgs.manage
+      tags:
+        - AttackProtection
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+          - Okta Identity Engine
   /attack-protection/api/v1/user-lockout-settings:
     get:
       summary: Retrieve the User Lockout Settings
@@ -16838,6 +20942,9 @@ paths:
             - okta.orgs.read
       tags:
         - AttackProtection
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     put:
       summary: Replace the User Lockout Settings
       description: Replaces the User Lockout Settings for an org
@@ -16875,6 +20982,9 @@ paths:
             - okta.orgs.manage
       tags:
         - AttackProtection
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /integrations/api/v1/api-services:
     get:
       summary: List all API Service Integration instances
@@ -16906,6 +21016,9 @@ paths:
             - okta.oauthIntegrations.read
       tags:
         - ApiServiceIntegrations
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create an API Service Integration instance
       description: Creates and authorizes an API Service Integration instance
@@ -16941,6 +21054,9 @@ paths:
         - apiToken: []
       tags:
         - ApiServiceIntegrations
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /integrations/api/v1/api-services/{apiServiceId}:
     parameters:
       - $ref: '#/components/parameters/pathApiServiceId'
@@ -16972,6 +21088,9 @@ paths:
             - okta.oauthIntegrations.read
       tags:
         - ApiServiceIntegrations
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     delete:
       summary: Delete an API Service Integration instance
       description: Deletes an API Service Integration instance by `id`. This operation also revokes access to scopes that were previously granted to this API Service Integration instance.
@@ -16993,6 +21112,9 @@ paths:
             - okta.oauthIntegrations.manage
       tags:
         - ApiServiceIntegrations
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /integrations/api/v1/api-services/{apiServiceId}/credentials/secrets:
     parameters:
       - $ref: '#/components/parameters/pathApiServiceId'
@@ -17026,6 +21148,9 @@ paths:
             - okta.oauthIntegrations.read
       tags:
         - ApiServiceIntegrations
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
     post:
       summary: Create an API Service Integration instance Secret
       description: Creates an API Service Integration instance Secret object with a new active client secret. You can create up to two Secret objects. An error is returned if you attempt to create more than two Secret objects.
@@ -17054,6 +21179,9 @@ paths:
             - okta.oauthIntegrations.manage
       tags:
         - ApiServiceIntegrations
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /integrations/api/v1/api-services/{apiServiceId}/credentials/secrets/{secretId}:
     parameters:
       - $ref: '#/components/parameters/pathApiServiceId'
@@ -17079,6 +21207,9 @@ paths:
             - okta.oauthIntegrations.manage
       tags:
         - ApiServiceIntegrations
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /integrations/api/v1/api-services/{apiServiceId}/credentials/secrets/{secretId}/lifecycle/activate:
     parameters:
       - $ref: '#/components/parameters/pathApiServiceId'
@@ -17111,6 +21242,9 @@ paths:
             - okta.oauthIntegrations.manage
       tags:
         - ApiServiceIntegrations
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
   /integrations/api/v1/api-services/{apiServiceId}/credentials/secrets/{secretId}/lifecycle/deactivate:
     parameters:
       - $ref: '#/components/parameters/pathApiServiceId'
@@ -17143,289 +21277,948 @@ paths:
             - okta.oauthIntegrations.manage
       tags:
         - ApiServiceIntegrations
-components:
-  examples:
-    APIDevicesListAllResponse:
-      summary: Response example
-      value:
-        - id: guo4a5u7YAHhjXrMK0g4
-          status: CREATED
-          created: '2019-10-02T18:03:07.000Z'
-          lastUpdated: '2019-10-02T18:03:07.000Z'
-          profile:
-            displayName: Example Device name 1
-            platform: WINDOWS
-            serialNumber: XXDDRFCFRGF3M8MD6D
-            sid: S-1-11-111
-            registered: true
-            secureHardwarePresent: false
-            diskEncryptionType: ALL_INTERNAL_VOLUMES
-          resourceType: UDDevice
-          resourceDisplayName:
-            value: Example Device name 1
-            sensitive: false
-          resourceAlternateId: null
-          resourceId: guo4a5u7YAHhjXrMK0g4
-          _links:
-            activate:
-              href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4/lifecycle/activate
-              hints:
-                allow:
-                  - POST
-            self:
-              href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4
-              hints:
-                allow:
-                  - GET
-                  - PATCH
-                  - PUT
-            users:
-              href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4/users
-              hints:
-                allow:
-                  - GET
-        - id: guo4a5u7YAHhjXrMK0g5
-          status: ACTIVE
-          created: '2023-06-21T23:24:02.000Z'
-          lastUpdated: '2023-06-21T23:24:02.000Z'
-          profile:
-            displayName: Example Device name 2
-            platform: ANDROID
-            manufacturer: Google
-            model: Pixel 6
-            osVersion: 13:2023-05-05
-            registered: true
-            secureHardwarePresent: true
-            diskEncryptionType: USER
-          resourceType: UDDevice
-          resourceDisplayName:
-            value: Example Device name 2
-            sensitive: false
-          resourceAlternateId: null
-          resourceId: guo4a5u7YAHhjXrMK0g5
-          _links:
-            activate:
-              href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5/lifecycle/activate
-              hints:
-                allow:
-                  - POST
-            self:
-              href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5
-              hints:
-                allow:
-                  - GET
-                  - PATCH
-                  - PUT
-            users:
-              href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5/users
-              hints:
-                allow:
-                  - GET
-    APIDevicesListAllUsersResponse:
-      summary: Response example
-      value:
-        created: '2021-08-20T17:13:35.000Z'
-        managementStatus: NOT_MANAGED
-        screenLockType: BIOMETRIC
-        user:
-          id: 00u17vh0q8ov8IU881d7
-          status: ACTIVE
-          created: '2021-08-20T16:08:25.000Z'
-          activated: null
-          statusChanged: '2021-08-20T16:39:41.000Z'
-          lastLogin: '2023-04-18T17:54:12.000Z'
-          lastUpdated: '2021-12-20T18:27:30.000Z'
-          passwordChanged: '2021-12-20T18:27:30.000Z'
-          type:
-            id: oty17vh0n2EHVnbYF1d7
-          profile:
-            firstName: Bunk
-            lastName: Moreland
-            mobilePhone: null
-            secondEmail: null
-            login: bunk.moreland@example.com
-            email: bunk.moreland@example.com
-          credentials:
-            password: null
-            provider:
-              type: OKTA
-              name: OKTA
-          _links:
-            suspend:
-              href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/suspend
-              method: POST
-            schema:
-              href: https://{yourOktaDomain}/api/v1/meta/schemas/user/osc17vh0n2EHVnbYF1d7
-            resetPassword:
-              href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/reset_password
-              method: POST
-            forgotPassword:
-              href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/credentials/forgot_password
-              method: POST
-            expirePassword:
-              href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/expire_password
-              method: POST
-            changeRecoveryQuestion:
-              href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/credentials/change_recovery_question
-              method: POST
-            self:
-              href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7
-            resetFactors:
-              href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/reset_factors
-              method: POST
-            type:
-              href: https://{yourOktaDomain}/api/v1/meta/types/user/oty17vh0n2EHVnbYF1d7
-            changePassword:
-              href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/credentials/change_password
-              method: POST
-            deactivate:
-              href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/deactivate
-              method: POST
-    APIServiceIntegrationInstanceSecretListResponse:
-      summary: Secrets list response example
-      value:
-        - id: ocs2f4zrZbs8nUa7p0g4
-          status: INACTIVE
-          client_secret: '***DhOW'
-          secret_hash: yk4SVx4sUWVJVbHt6M-UPA
-          created: '2023-02-21T20:08:24.000Z'
-          lastUpdated: '2023-02-21T20:08:24.000Z'
-          _links:
-            activate:
-              href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f4zrZbs8nUa7p0g4/lifecycle/activate
-              hints:
-                allow:
-                  - POST
-            delete:
-              href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f4zrZbs8nUa7p0g4
-              hints:
-                allow:
-                  - DELETE
-        - id: ocs2f50kZB0cITmYU0g4
-          status: ACTIVE
-          client_secret: '***MQGQ'
-          secret_hash: 0WOOvBSzV9clc4Nr7Rbaug
-          created: '2023-04-06T21:32:33.000Z'
-          lastUpdated: '2023-04-06T21:32:33.000Z'
-          _links:
-            deactivate:
-              href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f50kZB0cITmYU0g4/lifecycle/deactivate
-              hints:
-                allow:
-                  - POST
-    APIServiceIntegrationListResponse:
-      summary: List response example
-      value:
-        - id: 0oa72lrepvp4WqEET1d9
-          type: my_app_cie
-          name: My App Cloud Identity Engine
-          createdAt: '2023-02-21T20:08:24.000Z'
-          createdBy: 00uu3u0ujW1P6AfZC2d5
-          configGuideUrl: https://{docDomain}/my-app-cie/configuration-guide
-          grantedScopes:
-            - okta.logs.read
-            - okta.groups.read
-            - okta.users.read
-          _links:
-            self:
-              href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa72lrepvp4WqEET1d9
-              hints:
-                allow:
-                  - GET
-                  - DELETE
-            client:
-              href: https://{yourOktaDomain}/oauth2/v1/clients/0oa72lrepvp4WqEET1d9
-              hints:
-                allow:
-                  - GET
-            logo:
-              name: small
-              href: https://{logoDomain}/{logoPath}/my_app_cie_small_logo
-    APIServiceIntegrationResponse:
-      summary: Response example
-      value:
-        id: 0oa72lrepvp4WqEET1d9
-        type: my_app_cie
-        name: My App Cloud Identity Engine
-        createdAt: '2023-02-21T20:08:24.000Z'
-        createdBy: 00uu3u0ujW1P6AfZC2d5
-        configGuideUrl: https://{docDomain}/my-app-cie/configuration-guide
-        grantedScopes:
-          - okta.logs.read
-          - okta.groups.read
-          - okta.users.read
-        _links:
-          self:
-            href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa72lrepvp4WqEET1d9
-            hints:
-              allow:
-                - GET
-                - DELETE
-          client:
-            href: https://{yourOktaDomain}/oauth2/v1/clients/0oa72lrepvp4WqEET1d9
-            hints:
-              allow:
-                - GET
-          logo:
-            name: small
-            href: https://{logoDomain}/{logoPath}/my_app_cie_small_logo
-    ActivateNetworkZone:
-      summary: Activated Network Zone response
-      value:
-        type: IP
-        id: nzowc1U5Jh5xuAK0o0g3
-        name: LegacyIpZone
-        status: ACTIVE
-        usage: POLICY
-        created: '2019-05-17T18:44:31.000Z'
-        lastUpdated: '2019-05-21T13:50:49.000Z'
-        system: true
-        gateways:
-          - type: CIDR
-            value: 1.2.3.4/24
-        proxies:
-          - type: RANGE
-            value: 3.3.4.5-3.3.4.15
-        _links:
-          self:
-            href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3
-            hints:
-              allow:
-                - GET
-                - PUT
-                - DELETE
-          deactivate:
-            href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate
-            hints:
-              allow:
-                - POST
-    AddMappingBody:
-      summary: Update an existing profile mapping by adding one or more properties
-      value:
-        properties:
-          additionalProperties:
-            fullName:
-              expression: user.firstName + user.lastName
-              pushStatus: PUSH
-            nickName:
-              expression: user.nickName
-              pushStatus: PUSH
-    AddMappingResponse:
-      summary: Update an existing profile mapping by adding one or more properties
-      value:
-        id: prm1k47ghydIQOTBW0g4
-        source:
-          id: otysbePhQ3yqt4cVv0g3
-          name: user
-          type: user
-          _links:
-            self:
-              href: https://{yourOktaDomain}/api/v1/meta/types/user/otysbePhQ3yqt4cVv0g3
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+  /integrations/api/v1/submissions/{submissionId}:
+    parameters:
+      - $ref: '#/components/parameters/pathSubmissionId'
+  /integrations/api/v1/submissions/{submissionId}/submit:
+    parameters:
+      - $ref: '#/components/parameters/pathSubmissionId'
+  /integrations/api/v1/submissions/{submissionId}/testing:
+    parameters:
+      - $ref: '#/components/parameters/pathSubmissionId'
+  /oauth2/v1/clients/{clientId}/roles:
+    x-okta-lifecycle:
+      lifecycle: GA
+      isGenerallyAvailable: true
+    parameters:
+      - $ref: '#/components/parameters/pathClientId'
+    get:
+      summary: List all Roles for a Client
+      description: Lists all Roles by `clientId`
+      operationId: listRolesForClient
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Client'
+              examples:
+                All role assignments:
+                  $ref: '#/components/examples/ListRoleAssignments'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - RoleAssignment
+    post:
+      summary: Assign Role to Client
+      description: Assigns a Role to a Client
+      operationId: assignRoleToClient
+      requestBody:
+        required: true
+        content:
+          application/json:
             schema:
-              href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscsbePhQ3yqt4cVv0g3
-        target:
-          id: 0oa1qmn4LZQQEH0wZ0g4
-          name: okta_org2org
+              oneOf:
+                - $ref: '#/components/schemas/StandardRoleAssignmentSchema'
+                - $ref: '#/components/schemas/CustomRoleAssignmentSchema'
+            examples:
+              Standard Role:
+                $ref: '#/components/examples/StandardRoleAssignmentRequest'
+              Custom Role Assignment:
+                $ref: '#/components/examples/CustomRoleAssignmentRequest'
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Client'
+              examples:
+                Standard Role:
+                  $ref: '#/components/examples/StandardRoleAssignmentResponse'
+                Custom Role Assignment:
+                  $ref: '#/components/examples/CustomRoleAssignmentResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - RoleAssignment
+  /oauth2/v1/clients/{clientId}/roles/{roleId}:
+    x-okta-lifecycle:
+      lifecycle: GA
+      isGenerallyAvailable: true
+    parameters:
+      - $ref: '#/components/parameters/pathClientId'
+      - $ref: '#/components/parameters/pathRoleId'
+    get:
+      summary: Retrieve a Client Role
+      description: Retrieves a Client Role
+      operationId: retrieveClientRole
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Client'
+              examples:
+                Standard Role:
+                  $ref: '#/components/examples/StandardRoleAssignmentResponse'
+                Custom Role Assignment:
+                  $ref: '#/components/examples/CustomRoleAssignmentResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - RoleAssignment
+    delete:
+      summary: Unassign a Role from a Client
+      description: Unassigns a Role from a Client
+      operationId: deleteRoleFromClient
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - RoleAssignment
+  /oauth2/v1/clients/{clientId}/roles/{roleId}/targets/catalog/apps:
+    x-okta-lifecycle:
+      lifecycle: GA
+      isGenerallyAvailable: true
+    parameters:
+      - $ref: '#/components/parameters/pathClientId'
+      - $ref: '#/components/parameters/pathRoleId'
+    get:
+      summary: List all App Targets assigned to a Client
+      description: Lists App Targets for Client and Role
+      operationId: listAppTargetRoleToClient
+      parameters:
+        - $ref: '#/components/parameters/queryAfter'
+        - $ref: '#/components/parameters/queryLimit'
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Client'
+              examples:
+                Application target:
+                  $ref: '#/components/examples/ApplicationTargetResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - RoleTarget
+  /oauth2/v1/clients/{clientId}/roles/{roleId}/targets/catalog/apps/{appName}:
+    x-okta-lifecycle:
+      lifecycle: GA
+      isGenerallyAvailable: true
+    parameters:
+      - $ref: '#/components/parameters/pathClientId'
+      - $ref: '#/components/parameters/pathRoleId'
+      - $ref: '#/components/parameters/pathAppName'
+    put:
+      summary: Assign an App Target to a Client
+      description: Assigns an Application Target to a Client
+      operationId: assignAppTargetRoleToClient
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - RoleTarget
+    delete:
+      summary: Remove an App Target from a Client
+      description: Removes an Application Target by `clientId`
+      operationId: removeAppTargetRoleFromClient
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - RoleTarget
+  /oauth2/v1/clients/{clientId}/roles/{roleId}/targets/catalog/apps/{appName}/{appInstanceId}:
+    x-okta-lifecycle:
+      lifecycle: GA
+      isGenerallyAvailable: true
+    parameters:
+      - $ref: '#/components/parameters/pathClientId'
+      - $ref: '#/components/parameters/pathRoleId'
+      - $ref: '#/components/parameters/pathAppName'
+      - $ref: '#/components/parameters/pathAppInstanceId'
+    put:
+      summary: Replace an App Instance Target for a Client
+      description: Replaces an App Instance Target by `clientId`
+      operationId: assignAppTargetInstanceRoleForClient
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - RoleTarget
+    delete:
+      summary: Delete an App Instance Target for a Client
+      description: Deletes an App Instance Target from a Client
+      operationId: removeAppTargetInstanceRoleForClient
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - RoleTarget
+  /oauth2/v1/clients/{clientId}/roles/{roleId}/targets/groups:
+    x-okta-lifecycle:
+      lifecycle: GA
+      isGenerallyAvailable: true
+    parameters:
+      - $ref: '#/components/parameters/pathClientId'
+      - $ref: '#/components/parameters/pathRoleId'
+    get:
+      summary: List all Group Targets for a Client
+      description: Lists all Group Targets by `clientId` and `roleId`
+      operationId: listGroupTargetRoleForClient
+      parameters:
+        - $ref: '#/components/parameters/queryAfter'
+        - $ref: '#/components/parameters/queryLimit'
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Client'
+              examples:
+                Application target:
+                  $ref: '#/components/examples/GroupTargetResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.read
+      tags:
+        - RoleTarget
+  /oauth2/v1/clients/{clientId}/roles/{roleId}/targets/groups/{groupId}:
+    x-okta-lifecycle:
+      lifecycle: GA
+      isGenerallyAvailable: true
+    parameters:
+      - $ref: '#/components/parameters/pathClientId'
+      - $ref: '#/components/parameters/pathRoleId'
+      - $ref: '#/components/parameters/pathGroupId'
+    put:
+      summary: Assign a Group Target to a Client
+      description: Assigns a Group Target to a Client
+      operationId: assignGroupTargetRoleForClient
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - RoleTarget
+    delete:
+      summary: Delete a Group Target from a Client
+      description: Deletes a Group Target from a Client
+      operationId: removeGroupTargetRoleFromClient
+      responses:
+        '204':
+          description: No Content
+          content: {}
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.roles.manage
+      tags:
+        - RoleTarget
+  /security/api/v1/security-events:
+    post:
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+      summary: Publish a Security Event Token
+      description: Publishes a Security Event Token (SET) sent by a Security Events Provider. After the token is verified, Okta ingests the event and performs any appropriate action.
+      operationId: publishSecurityEventTokens
+      x-codegen-request-body-name: Security Event Token
+      requestBody:
+        required: true
+        description: |
+          The request body is a signed [SET](https://datatracker.ietf.org/doc/html/rfc8417), which is a type of JSON Web Token (JWT).
+
+          For SET JWT header and body descriptions, see [SET JWT header](/openapi/okta-management/management/tag/SSFSecurityEventToken/#tag/SSFSecurityEventToken/schema/SecurityEventTokenRequestJwtHeader) and [SET JWT body payload](/openapi/okta-management/management/tag/SSFSecurityEventToken/#tag/SSFSecurityEventToken/schema/SecurityEventTokenRequestJwtBody).
+        content:
+          application/secevent+jwt:
+            schema:
+              type: string
+            examples:
+              SET:
+                value: eyJraWQiOiJzYW1wbGVfa2lkIiwidHlwIjoic2ZXZlbnQra ... mrtmw
+      responses:
+        '202':
+          description: Accepted
+        '400':
+          description: Bad Request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SecurityEventTokenError'
+      security: []
+      tags:
+        - SSFSecurityEventToken
+  /webauthn-registration/api/v1/users/{userId}/enrollments:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+  /webauthn-registration/api/v1/users/{userId}/enrollments/{authenticatorEnrollmentId}:
+    parameters:
+      - $ref: '#/components/parameters/pathUserId'
+      - $ref: '#/components/parameters/authenticatorEnrollmentId'
+x-webhooks:
+  CreateTelephonyInlineHook:
+    post:
+      summary: Create an Okta Telephony Inline Hook
+      description: |-
+        Creates an Okta Telephony inline hook request. This is an automated request from Okta to your third-party service endpoint.
+
+        The objects that you return in the JSON payload of your response to this Okta request are an array of one or more objects,
+        which specify the Okta commands to execute.
+
+        >**Note:** The size of your response payload must be less than 256 KB.
+
+        See also:
+        * For a general introduction to Okta inline hooks, see [Inline hooks](https://developer.okta.com/docs/concepts/inline-hooks/)
+        * For information on the API for registering external service endpoints with Okta, see [Inline Hooks Management API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/InlineHook/)
+        * For an example implementation of a telephony inline hook, see [Telephony inline hook ](https://developer.okta.com/docs/guides/telephony-inline-hook)
+
+        ### About
+
+        The Okta telephony inline hook allows you to integrate your own custom code into Okta flows that send SMS or voice call messages. You can integrate this hook with enrollment, authentication, and recovery flows that involve the phone authenticator. Okta uses your external provider to deliver the one-time passcode (OTP) to the Requester. The provider can respond with commands that indicate if the delivery was successful or not.
+
+        You can have only one active telephony inline hook per org.
+
+        When you create a telephony inline hook, you must include the `authScheme` parameter. See [Create inline hook](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/InlineHook/#tag/InlineHook/operation/createInlineHook) and the [authScheme object](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/InlineHook/#tag/InlineHook/operation/createInlineHook!path=channel/0/config/authScheme&t=request)
+
+        ### Timeout behavior
+
+        If the provider response times out, Okta attempts to send the OTP using the Okta telephony providers. See [Troubleshoot](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/InlineHook/#tag/InlineHook/operation/createTelephonyInlineHook/#troubleshoot).
+
+        ### Troubleshoot
+
+        This section explains several common causes of failure for telephony inline hooks.
+
+        Note: Administrators can use the [Okta System Log](https://developer.okta.com/docs/reference/api/system-log/) to view errors. See the Troubleshooting section in the inline hooks topic for details on events captured by the Okta System Log.
+
+        | Issue                                                                               | Impact                                                                                          | Error Visibility                          | 
+        |-------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------|-------------------------------------------|
+        |External service fails to communicate or times out                                   | Inline hook operation is skipped, OTP is sent to the Requester using an Okta telephony provider | Administrators only                       |
+        |External service responds with any HTTP status code besides `200`                    | Inline hook operation is skipped, OTP is sent to the Requester using an Okta telephony provider | Administrators only                       | 
+        |External service returns an error object                                             | Inline hook operation fails, OTP is sent to the Requester using an Okta telephony provider      | Administrators, developers, and end users |
+        |Hook response is malformed or can't be mapped to the expected API response           | Inline hook operation is skipped                                                                | Administrators only                       |
+        |Request header doesn't include an `authScheme`                                       | Inline hook operation is skipped                                                                | Administrators only                       |
+        |Response uses an invalid status                                                      | Inline hook operation is skipped                                                                | Administrators only                       |
+        |Operation adds an active telephony inline hook when a hook exists                    | Inline hook operation is skipped                                                                | Administrators only                       |
+      operationId: createTelephonyInlineHook
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              allOf:
+                - $ref: '#/components/schemas/InlineHookBasePayload'
+                - $ref: '#/components/schemas/TelephonyRequest'
+            examples:
+              TelephonyPayloadExample:
+                $ref: '#/components/examples/TelephonyPayloadExample'
+      responses:
+        '200':
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/TelephonyResponse'
+              examples:
+                TelephonySuccessResponse:
+                  $ref: '#/components/examples/TelephonySuccessResponse'
+                TelephonyFailureResponse:
+                  $ref: '#/components/examples/TelephonyFailureResponse'
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+      security:
+        - apiToken: []
+        - oauth2: []
+      tags:
+        - InlineHook
+components:
+  examples:
+    APIDevicesListAllResponse:
+      summary: List all devices with embedded users
+      value:
+        - id: guo4a5u7YAHhjXrMK0g4
+          status: CREATED
+          created: '2019-10-02T18:03:07.000Z'
+          lastUpdated: '2019-10-02T18:03:07.000Z'
+          profile:
+            displayName: Example Device name 1
+            platform: WINDOWS
+            serialNumber: XXDDRFCFRGF3M8MD6D
+            sid: S-1-11-111
+            registered: true
+            secureHardwarePresent: false
+            diskEncryptionType: ALL_INTERNAL_VOLUMES
+          resourceType: UDDevice
+          resourceDisplayName:
+            value: Example Device name 1
+            sensitive: false
+          resourceAlternateId: null
+          resourceId: guo4a5u7YAHhjXrMK0g4
+          _links:
+            activate:
+              href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4/lifecycle/activate
+              hints:
+                allow:
+                  - POST
+            self:
+              href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4
+              hints:
+                allow:
+                  - GET
+                  - PATCH
+                  - PUT
+            users:
+              href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4/users
+              hints:
+                allow:
+                  - GET
+          _embedded:
+            users: []
+        - id: guo4a5u7YAHhjXrMK0g5
+          status: ACTIVE
+          created: '2023-06-21T23:24:02.000Z'
+          lastUpdated: '2023-06-21T23:24:02.000Z'
+          profile:
+            displayName: Example Device name 2
+            platform: ANDROID
+            manufacturer: Google
+            model: Pixel 6
+            osVersion: 13:2023-05-05
+            registered: true
+            secureHardwarePresent: true
+            diskEncryptionType: USER
+          resourceType: UDDevice
+          resourceDisplayName:
+            value: Example Device name 2
+            sensitive: false
+          resourceAlternateId: null
+          resourceId: guo4a5u7YAHhjXrMK0g5
+          _links:
+            activate:
+              href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5/lifecycle/activate
+              hints:
+                allow:
+                  - POST
+            self:
+              href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5
+              hints:
+                allow:
+                  - GET
+                  - PATCH
+                  - PUT
+            users:
+              href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5/users
+              hints:
+                allow:
+                  - GET
+          _embedded:
+            users:
+              - managementStatus: MANAGED
+                created: '2021-10-01T16:52:41.000Z'
+                screenLockType: BIOMETRIC
+                user:
+                  id: 00u17vh0q8ov8IU881d7
+                  status: ACTIVE
+                  created: '2020-08-12T06:46:50.000Z'
+                  activated: '2020-08-12T06:46:50.000Z'
+                  statusChanged: '2021-01-27T21:05:32.000Z'
+                  lastLogin: '2021-10-14T09:04:48.000Z'
+                  lastUpdated: '2021-01-27T21:05:32.000Z'
+                  passwordChanged: '2020-08-12T06:46:50.000Z'
+                  type:
+                    id: oty7ut9Uu76oHVUZc0w4
+                  profile:
+                    firstName: fname
+                    lastName: lname
+                    mobilePhone: null
+                    secondEmail: null
+                    login: email@email.com
+                    email: email@email.com
+                  credentials:
+                    password: {}
+                    recovery_question:
+                      question: What is the food you least liked as a child?
+                    provider:
+                      type: OKTA
+                      name: OKTA
+                  _links:
+                    suspend:
+                      href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/suspend
+                      method: POST
+                    schema:
+                      href: https://{yourOktaDomain}/api/v1/meta/schemas/user/osc7ut9Uu76oHVUZc0w4
+                    resetPassword:
+                      href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/reset_password
+                      method: POST
+                    forgotPassword:
+                      href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/credentials/forgot_password
+                      method: POST
+                    expirePassword:
+                      href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/expire_password
+                      method: POST
+                    changeRecoveryQuestion:
+                      href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/credentials/change_recovery_question
+                      method: POST
+                    self:
+                      href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7
+                    type:
+                      href: https://{yourOktaDomain}/api/v1/meta/types/user/oty7ut9Uu76oHVUZc0w4
+                    changePassword:
+                      href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/credentials/change_password
+                    deactivate:
+                      href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/deactivate
+    APIDevicesListAllUserSummaryResponse:
+      summary: List all devices with embedded user summaries
+      value:
+        - id: guo4a5u7YAHhjXrMK0g4
+          status: CREATED
+          created: '2019-10-02T18:03:07.000Z'
+          lastUpdated: '2019-10-02T18:03:07.000Z'
+          profile:
+            displayName: Example Device name 1
+            platform: WINDOWS
+            serialNumber: XXDDRFCFRGF3M8MD6D
+            sid: S-1-11-111
+            registered: true
+            secureHardwarePresent: false
+            diskEncryptionType: ALL_INTERNAL_VOLUMES
+          resourceType: UDDevice
+          resourceDisplayName:
+            value: Example Device name 1
+            sensitive: false
+          resourceAlternateId: null
+          resourceId: guo4a5u7YAHhjXrMK0g4
+          _links:
+            activate:
+              href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4/lifecycle/activate
+              hints:
+                allow:
+                  - POST
+            self:
+              href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4
+              hints:
+                allow:
+                  - GET
+                  - PATCH
+                  - PUT
+            users:
+              href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4/users
+              hints:
+                allow:
+                  - GET
+          _embedded:
+            users: []
+        - id: guo4a5u7YAHhjXrMK0g5
+          status: ACTIVE
+          created: '2023-06-21T23:24:02.000Z'
+          lastUpdated: '2023-06-21T23:24:02.000Z'
+          profile:
+            displayName: Example Device name 2
+            platform: ANDROID
+            manufacturer: Google
+            model: Pixel 6
+            osVersion: 13:2023-05-05
+            registered: true
+            secureHardwarePresent: true
+            diskEncryptionType: USER
+          resourceType: UDDevice
+          resourceDisplayName:
+            value: Example Device name 2
+            sensitive: false
+          resourceAlternateId: null
+          resourceId: guo4a5u7YAHhjXrMK0g5
+          _links:
+            activate:
+              href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5/lifecycle/activate
+              hints:
+                allow:
+                  - POST
+            self:
+              href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5
+              hints:
+                allow:
+                  - GET
+                  - PATCH
+                  - PUT
+            users:
+              href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5/users
+              hints:
+                allow:
+                  - GET
+          _embedded:
+            users:
+              - managementStatus: MANAGED
+                created: '2021-10-01T16:52:41.000Z'
+                screenLockType: BIOMETRIC
+                user:
+                  id: 00u17vh0q8ov8IU881d7
+                  realmId: 00u17vh0q8ov8IU8T0g5
+                  profile:
+                    firstName: fname
+                    lastName: lname
+                    login: email@email.com
+                    email: email@email.com
+                  _links:
+                    self:
+                      href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7
+    APIDevicesListAllUsersResponse:
+      summary: Response example
+      value:
+        - created: '2021-08-20T17:13:35.000Z'
+          managementStatus: NOT_MANAGED
+          screenLockType: BIOMETRIC
+          user:
+            id: 00u17vh0q8ov8IU881d7
+            status: ACTIVE
+            created: '2021-08-20T16:08:25.000Z'
+            activated: null
+            statusChanged: '2021-08-20T16:39:41.000Z'
+            lastLogin: '2023-04-18T17:54:12.000Z'
+            lastUpdated: '2021-12-20T18:27:30.000Z'
+            passwordChanged: '2021-12-20T18:27:30.000Z'
+            type:
+              id: oty17vh0n2EHVnbYF1d7
+            profile:
+              firstName: Bunk
+              lastName: Moreland
+              mobilePhone: null
+              secondEmail: null
+              login: bunk.moreland@example.com
+              email: bunk.moreland@example.com
+            credentials:
+              password: null
+              provider:
+                type: OKTA
+                name: OKTA
+            _links:
+              suspend:
+                href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/suspend
+                method: POST
+              schema:
+                href: https://{yourOktaDomain}/api/v1/meta/schemas/user/osc17vh0n2EHVnbYF1d7
+              resetPassword:
+                href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/reset_password
+                method: POST
+              forgotPassword:
+                href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/credentials/forgot_password
+                method: POST
+              expirePassword:
+                href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/expire_password
+                method: POST
+              changeRecoveryQuestion:
+                href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/credentials/change_recovery_question
+                method: POST
+              self:
+                href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7
+              resetFactors:
+                href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/reset_factors
+                method: POST
+              type:
+                href: https://{yourOktaDomain}/api/v1/meta/types/user/oty17vh0n2EHVnbYF1d7
+              changePassword:
+                href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/credentials/change_password
+                method: POST
+              deactivate:
+                href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/deactivate
+                method: POST
+    APIPushProvidersListAllResponse:
+      value:
+        - id: ppchvbeucdTgqeiGxR0g4
+          providerType: APNS
+          name: Example Push Provider 1
+          lastUpdatedDate: '2022-01-00T00:00:00.000Z'
+          configuration:
+            keyId: ABC123DEFG
+            teamId: DEF123GHIJ
+            fileName: fileName.p8
+          _links:
+            self:
+              href: https://your-subdomain.okta.com/api/v1/push-providers/{pushProviderId}
+              hints:
+                allow:
+                  - DELETE
+                  - GET
+                  - PUT
+        - id: ppctekcmngGaqeiBxB0g4
+          providerType: FCM
+          name: Example Push Provider 2
+          lastUpdatedDate: '2022-01-00T00:00:00.000Z'
+          configuration:
+            projectId: PROJECT_ID
+            fileName: fileName.json
+          _links:
+            self:
+              href: https://your-subdomain.okta.com/api/v1/push-providers/{pushProviderId}
+              hints:
+                allow:
+                  - DELETE
+                  - GET
+                  - PUT
+    APIServiceIntegrationInstanceSecretListResponse:
+      summary: Secrets list response example
+      value:
+        - id: ocs2f4zrZbs8nUa7p0g4
+          status: INACTIVE
+          client_secret: '***DhOW'
+          secret_hash: yk4SVx4sUWVJVbHt6M-UPA
+          created: '2023-02-21T20:08:24.000Z'
+          lastUpdated: '2023-02-21T20:08:24.000Z'
+          _links:
+            activate:
+              href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f4zrZbs8nUa7p0g4/lifecycle/activate
+              hints:
+                allow:
+                  - POST
+            delete:
+              href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f4zrZbs8nUa7p0g4
+              hints:
+                allow:
+                  - DELETE
+        - id: ocs2f50kZB0cITmYU0g4
+          status: ACTIVE
+          client_secret: '***MQGQ'
+          secret_hash: 0WOOvBSzV9clc4Nr7Rbaug
+          created: '2023-04-06T21:32:33.000Z'
+          lastUpdated: '2023-04-06T21:32:33.000Z'
+          _links:
+            deactivate:
+              href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f50kZB0cITmYU0g4/lifecycle/deactivate
+              hints:
+                allow:
+                  - POST
+    APIServiceIntegrationListResponse:
+      summary: List response example
+      value:
+        - id: 0oa72lrepvp4WqEET1d9
+          type: my_app_cie
+          name: My App Cloud Identity Engine
+          createdAt: '2023-02-21T20:08:24.000Z'
+          createdBy: 00uu3u0ujW1P6AfZC2d5
+          configGuideUrl: https://{docDomain}/my-app-cie/configuration-guide
+          grantedScopes:
+            - okta.logs.read
+            - okta.groups.read
+            - okta.users.read
+          _links:
+            self:
+              href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa72lrepvp4WqEET1d9
+              hints:
+                allow:
+                  - GET
+                  - DELETE
+            client:
+              href: https://{yourOktaDomain}/oauth2/v1/clients/0oa72lrepvp4WqEET1d9
+              hints:
+                allow:
+                  - GET
+            logo:
+              name: small
+              href: https://{logoDomain}/{logoPath}/my_app_cie_small_logo
+    APIServiceIntegrationResponse:
+      summary: Response example
+      value:
+        id: 0oa72lrepvp4WqEET1d9
+        type: my_app_cie
+        name: My App Cloud Identity Engine
+        createdAt: '2023-02-21T20:08:24.000Z'
+        createdBy: 00uu3u0ujW1P6AfZC2d5
+        configGuideUrl: https://{docDomain}/my-app-cie/configuration-guide
+        grantedScopes:
+          - okta.logs.read
+          - okta.groups.read
+          - okta.users.read
+        _links:
+          self:
+            href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa72lrepvp4WqEET1d9
+            hints:
+              allow:
+                - GET
+                - DELETE
+          client:
+            href: https://{yourOktaDomain}/oauth2/v1/clients/0oa72lrepvp4WqEET1d9
+            hints:
+              allow:
+                - GET
+          logo:
+            name: small
+            href: https://{logoDomain}/{logoPath}/my_app_cie_small_logo
+    ActivateNetworkZone:
+      summary: Activated Network Zone
+      value:
+        type: IP
+        id: nzowc1U5Jh5xuAK0o0g3
+        name: MyIpZone
+        status: ACTIVE
+        usage: POLICY
+        created: '2021-06-24T20:37:32.000Z'
+        lastUpdated: '2021-06-24T20:37:32.000Z'
+        system: false
+        gateways:
+          - type: CIDR
+            value: 1.2.3.4/24
+        proxies:
+          - type: RANGE
+            value: 3.3.4.5-3.3.4.15
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    AddMappingBody:
+      summary: Update an existing profile mapping by adding one or more properties
+      value:
+        properties:
+          additionalProperties:
+            fullName:
+              expression: user.firstName + user.lastName
+              pushStatus: PUSH
+            nickName:
+              expression: user.nickName
+              pushStatus: PUSH
+    AddMappingResponse:
+      summary: Update an existing profile mapping by adding one or more properties
+      value:
+        id: prm1k47ghydIQOTBW0g4
+        source:
+          id: otysbePhQ3yqt4cVv0g3
+          name: user
+          type: user
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/meta/types/user/otysbePhQ3yqt4cVv0g3
+            schema:
+              href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscsbePhQ3yqt4cVv0g3
+        target:
+          id: 0oa1qmn4LZQQEH0wZ0g4
+          name: okta_org2org
           type: appuser
           _links:
             self:
@@ -17442,16 +22235,41 @@ components:
         _links:
           self:
             href: https://{yourOktaDomain}/api/v1/mappings/prm1k48weFSOnEUnw0g4
+    AdminConsoleSettingsExample:
+      summary: Default Okta Admin Console Settings
+      value:
+        sessionMaxLifetimeMinutes: 720
+        sessionIdleTimeoutMinutes: 15
+    AllAssignmentsOperationResponse:
+      value:
+        id: rre4mje4ez7B2a7B60g7
+        type: realm:assignment
+        status: COMPLETED
+        created: '2023-10-25T21:02:54.000Z'
+        started: '2023-10-25T21:02:54.000Z'
+        completed: '2023-10-25T21:02:54.000Z'
+        assignmentOperation:
+          configuration:
+            id: ALL
+            name: All Assignments
+        numUserMoved: 50
+        _links:
+          self:
+            rel: self
+            href: http://your-subdomain.okta.com/api/v1/operations/rre4mje4ez7B2a7B60g7
+            method: GET
     ApiTokenListMetadataResponse:
       value:
         - name: My API Token
           userId: 00uabcdefg1234567890
           tokenWindow: P30D
+          network:
+            connection: ANYWHERE
           id: 00Tabcdefg1234567890
           clientName: Okta API
-          expiresAt: 2021-12-11T20:38:10.000Z
-          created: 2021-11-09T20:38:10.000Z
-          lastUpdated: 2021-11-11T20:38:10.000Z
+          expiresAt: '2021-12-11T20:38:10.000Z'
+          created: '2021-11-09T20:38:10.000Z'
+          lastUpdated: '2021-11-11T20:38:10.000Z'
           _links:
             self:
               href: https://{yourOktaDomain}/api/v1/api-tokens/00Tabcdefg1234567890
@@ -17469,9 +22287,9 @@ components:
           tokenWindow: PT5M
           id: 00T1234567890abcdefg
           clientName: Okta API
-          expiresAt: 2021-11-11T20:43:10.000Z
-          created: 2021-11-09T20:38:10.000Z
-          lastUpdated: 2021-11-11T20:38:10.000Z
+          expiresAt: '2021-11-11T20:43:10.000Z'
+          created: '2021-11-09T20:38:10.000Z'
+          lastUpdated: '2021-11-11T20:38:10.000Z'
           _links:
             self:
               href: https://{yourOktaDomain}/api/v1/api-tokens/00T1234567890abcdefg
@@ -17489,11 +22307,13 @@ components:
         name: My API Token
         userId: 00uXXXXXXXXXXXXXXXXX
         tokenWindow: P30D
+        network:
+          connection: ANYWHERE
         id: 00Tabcdefg1234567890
         clientName: Okta API
-        expiresAt: 2021-12-11T20:38:10.000Z
-        created: 2021-11-09T20:38:10.000Z
-        lastUpdated: 2021-11-11T20:38:10.000Z
+        expiresAt: '2021-12-11T20:38:10.000Z'
+        created: '2021-11-09T20:38:10.000Z'
+        lastUpdated: '2021-11-11T20:38:10.000Z'
         _links:
           self:
             href: https://{yourOktaDomain}/api/v1/api-tokens/00Tabcdefg1234567890
@@ -17558,6 +22378,371 @@ components:
               allow:
                 - GET
                 - PUT
+    AppGrantsEx:
+      summary: App Grants example
+      value:
+        id: oag91n9ruw3dsaXzP0h6
+        status: ACTIVE
+        created: '2023-02-21T16:54:00.000Z'
+        createdBy:
+          id: 00u6eltha0nrSc47i0h7
+          type: User
+        lastUpdated: '2023-02-21T16:54:00.000Z'
+        issuer: '{yourOktaDomain}'
+        clientId: '{clientId}'
+        scopeId: okta.users.read
+        source: ADMIN
+        _embedded:
+          scope:
+            id: okta.users.read
+        _links:
+          app:
+            href: https://{yourOktaDomain}/api/v1/apps/{appId}
+            title: Application name
+          self:
+            href: https://{yourOktaDomain}/api/v1/apps/{appId}/grants/oag91n9ruw3dsaXzP0h6
+            hints:
+              allow:
+                - GET
+                - DELETE
+          client:
+            href: https://{yourOktaDomain}/oauth2/v1/clients/{clientId}
+            title: Client name
+    AppGrantsPostEx:
+      summary: App Grants example
+      value:
+        issuer: '{yourOktaDomain}'
+        scopeId: okta.users.read
+    AppUserAssignProvRequest:
+      summary: SSO and provisioning Application User request example
+      value:
+        id: 00u15s1KDETTQMQYABRL
+        scope: USER
+        credentials:
+          username: saml.jackson@example.com
+        profile:
+          salesforceGroups:
+            - Employee
+          role: Developer
+          profile: Standard User
+    AppUserAssignSSORequest:
+      summary: SSO Application User request example
+      value:
+        id: 00ud4tVDDXYVKPXKVLCO
+        scope: USER
+        credentials:
+          username: rae.cloud@example.com
+    AppUserCredUpdateResponse:
+      summary: Application User credential update
+      value:
+        id: 00ud4tVDDXYVKPXKVLCO
+        externalId: null
+        created: '2024-01-27T03:52:45.000Z'
+        lastUpdated: '2024-01-27T05:15:30.000Z'
+        scope: USER
+        status: ACTIVE
+        statusChanged: '2024-01-27T03:52:45.000Z'
+        passwordChanged: '2024-01-27T05:15:30.000Z'
+        syncState: DISABLED
+        credentials":
+          userName: rae.cloud@example.com
+          password: {}
+        profile:
+          street_address: null
+          country: null
+          website: null
+          zoneinfo: America/Los_Angeles
+          birthdate: null
+          gender: null
+          formatted: null
+          profile: null
+          locality: null
+          given_name: Rae
+          middle_name: null
+          locale: en_US
+          picture: null
+          name: Rae Cloud
+          nickname: null
+          phone_number: null
+          region: null
+          postal_code: null
+          family_name: Cloud
+          email: rae.cloud@example.com
+        _links:
+          app:
+            href: https://{yourOktaDomain}/api/v1/apps/{appId}
+          user:
+            href: https://{yourOktaDomain}/api/v1/users/00ud4tVDDXYVKPXKVLCO
+    AppUserListEx:
+      summary: List Application User example
+      value:
+        - id: 00u1dnq5S0CfjlkpABCD
+          externalId: 00u5edt3PNbbjzvIABCD
+          created: '2024-01-31T18:25:01.000Z'
+          lastUpdated: '2024-01-31T18:25:03.000Z'
+          scope: USER
+          status: PROVISIONED
+          statusChanged: '2024-01-31T18:25:03.000Z'
+          passwordChanged: null
+          syncState: SYNCHRONIZED
+          lastSync: '2024-01-31T18:25:03.000Z'
+          credentials:
+            userName: saml.test@example.com
+          profile:
+            secondEmail: null
+            lastName: Test
+            mobilePhone: null
+            displayName: Saml O Test
+            email: saml.test@example.com
+            salesforceGroups: []
+            role: Tester
+            firstName: Saml
+            streetAddress: null
+            profile: Standard Platform User
+          _links:
+            app:
+              href: https://{yourOktaDomain}/api/v1/apps/0oajiqIRNXPPJBNZMGYL
+            user:
+              href: https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD
+          _embedded:
+            user:
+              id: 00u1dnq5S0CfjlkpABCD
+              status: ACTIVE
+              created: '2024-01-09T15:36:04.000Z'
+              activated: '2024-01-09T15:36:05.000Z'
+              statusChanged: '2024-01-09T15:36:05.000Z'
+              lastLogin: null
+              lastUpdated: '2024-01-09T15:36:05.000Z'
+              passwordChanged: '2024-01-09T15:36:05.000Z'
+              type:
+                id: otyzhh29g7Python90g3
+              profile:
+                firstName: Saml
+                lastName: Test
+                mobilePhone: null
+                secondEmail: null
+                login: saml.test@example.com
+                email: saml.test@example.com
+              credentials:
+                password: {}
+                provider:
+                  type: OKTA
+                  name: OKTA
+              _links:
+                suspend:
+                  href: https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/lifecycle/suspend
+                  method: POST
+                schema:
+                  href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscarho9g7PythoN23z9
+                resetPassword:
+                  href: https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/lifecycle/reset_password
+                  method: POST
+                expirePassword:
+                  href: https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/lifecycle/expire_password
+                  method: POST
+                changeRecoveryQuestion:
+                  href: https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/credentials/change_recovery_question
+                  method: POST
+                self:
+                  href: https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD
+                type:
+                  href: https://{yourOktaDomain}/api/v1/meta/types/user/otyzhh29g7Python90g3
+                changePassword:
+                  href: https://rain.okta1.com/api/v1/users/00u1dnq5S0CfjlkpABCD/credentials/change_password
+                  method: POST
+                deactivate:
+                  href: https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/lifecycle/deactivate
+                  method: POST
+    AppUserProfUpdateResponse:
+      summary: Application User profile update
+      value:
+        id: 00ud4tVDDXYVKPXKVLCO
+        externalId: null
+        created: '2024-01-27T03:52:45.000Z'
+        lastUpdated: '2024-01-27T05:05:32.000Z'
+        scope: USER
+        status: ACTIVE
+        statusChanged: '2024-01-27T03:52:45.000Z'
+        passwordChanged: null
+        syncState: DISABLED
+        credentials":
+          userName: rae.cloud@example.com
+        profile:
+          street_address: null
+          country: null
+          website: null
+          zoneinfo: America/Los_Angeles
+          birthdate: null
+          gender: null
+          formatted: null
+          profile: null
+          locality: null
+          given_name: Rae
+          middle_name: Mae
+          locale: en_US
+          picture: null
+          name: Rae Mae Cloud
+          nickname: null
+          phone_number: null
+          region: null
+          postal_code: null
+          family_name: Cloud
+          email: rae.cloud@example.com
+        _links:
+          app:
+            href: https://{yourOktaDomain}/api/v1/apps/{appId}
+          user:
+            href: https://{yourOktaDomain}/api/v1/users/00ud4tVDDXYVKPXKVLCO
+    AppUserProvExpandResponse:
+      summary: Application User expand example
+      value:
+        id: 00u1dnq5S0CfjlkpABCD
+        externalId: 00u5edt3PNbbjzvIABCD
+        created: '2024-01-31T18:25:01.000Z'
+        lastUpdated: '2024-01-31T18:25:03.000Z'
+        scope: USER
+        status: PROVISIONED
+        statusChanged: '2024-01-31T18:25:03.000Z'
+        passwordChanged: null
+        syncState: SYNCHRONIZED
+        lastSync: '2024-01-31T18:25:03.000Z'
+        credentials:
+          userName: saml.test@example.com
+        profile:
+          secondEmail: null
+          lastName: Test
+          mobilePhone: null
+          displayName: Saml O Test
+          email: saml.test@example.com
+          salesforceGroups: []
+          role: Tester
+          firstName: Saml
+          streetAddress: null
+          profile: Standard Platform User
+        _links:
+          app:
+            href: https://{yourOktaDomain}/api/v1/apps/0oajiqIRNXPPJBNZMGYL
+          user:
+            href: https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD
+        _embedded:
+          user:
+            id: 00u1dnq5S0CfjlkpABCD
+            status: ACTIVE
+            created: '2024-01-09T15:36:04.000Z'
+            activated: '2024-01-09T15:36:05.000Z'
+            statusChanged: '2024-01-09T15:36:05.000Z'
+            lastLogin: null
+            lastUpdated: '2024-01-09T15:36:05.000Z'
+            passwordChanged: '2024-01-09T15:36:05.000Z'
+            type:
+              id: otyzhh29g7Python90g3
+            profile:
+              firstName: Saml
+              lastName: Test
+              mobilePhone: null
+              secondEmail: null
+              login: saml.test@example.com
+              email: saml.test@example.com
+            credentials:
+              password: {}
+              provider:
+                type: OKTA
+                name: OKTA
+            _links:
+              suspend:
+                href: https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/lifecycle/suspend
+                method: POST
+              schema:
+                href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscarho9g7PythoN23z9
+              resetPassword:
+                href: https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/lifecycle/reset_password
+                method: POST
+              expirePassword:
+                href: https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/lifecycle/expire_password
+                method: POST
+              changeRecoveryQuestion:
+                href: https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/credentials/change_recovery_question
+                method: POST
+              self:
+                href: https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD
+              type:
+                href: https://{yourOktaDomain}/api/v1/meta/types/user/otyzhh29g7Python90g3
+              changePassword:
+                href: https://rain.okta1.com/api/v1/users/00u1dnq5S0CfjlkpABCD/credentials/change_password
+                method: POST
+              deactivate:
+                href: https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/lifecycle/deactivate
+                method: POST
+    AppUserProvResponse:
+      summary: SSO and provisioning Application User response example
+      value:
+        id: 00u15s1KDETTQMQYABRL
+        externalId: 005o0000000ogQ9AAI
+        created: '2014-08-16T02:35:14.000Z'
+        lastUpdated: '2014-08-16T02:56:49.000Z'
+        scope: USER
+        status: PROVISIONED
+        statusChanged: '2014-08-16T02:56:49.000Z'
+        passwordChanged: null
+        syncState: SYNCHRONIZED
+        lastSync: '2014-08-16T02:56:49.000Z'
+        credentials:
+          userName: saml.jackson@example.com
+        profile:
+          secondEmail: null
+          lastName: Jackson
+          mobilePhone: null
+          email: saml.jackson@example.com
+          salesforceGroups:
+            - Employee
+          role: Developer
+          firstName: Saml
+          profile: Standard User
+        _links:
+          app:
+            href: https://{yourOktaDomain}/api/v1/apps/{appId}
+          user:
+            href: https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL
+    AppUserSSOResponse:
+      summary: SSO Application User response example
+      value:
+        id: 00ud4tVDDXYVKPXKVLCO
+        externalId: null
+        created: '2024-01-27T03:52:45.000Z'
+        lastUpdated: '2024-01-27T03:52:45.000Z'
+        scope: USER
+        status: ACTIVE
+        statusChanged: '2024-01-27T03:52:45.000Z'
+        passwordChanged: null
+        syncState: DISABLED
+        credentials":
+          userName: rae.cloud@example.com
+        profile:
+          street_address: null
+          country: null
+          website: null
+          zoneinfo: America/Los_Angeles
+          birthdate: null
+          gender: null
+          formatted: null
+          profile: null
+          locality: null
+          given_name: Rae
+          middle_name: null
+          locale: en_US
+          picture: null
+          name: Rae Cloud
+          nickname: null
+          phone_number: null
+          region: null
+          postal_code: null
+          family_name: Cloud
+          email: rae.cloud@example.com
+        _links:
+          app:
+            href: https://{yourOktaDomain}/api/v1/apps/{appId}
+          user:
+            href: https://{yourOktaDomain}/api/v1/users/00ud4tVDDXYVKPXKVLCO
     AppUserSchemaAddRequest:
       value:
         definitions:
@@ -17612,6 +22797,50 @@ components:
             allOf:
               - $ref: '#/definitions/base'
               - $ref: '#/definitions/custom'
+    AppUserUpdateCredRequest:
+      summary: Application User credentials update
+      value:
+        credentials:
+          userName: rae.cloud@example.com
+          password:
+            value: updatedP@55word
+    AppUserUpdateProfileRequest:
+      summary: Application User profile update
+      value:
+        profile:
+          name: Rae Mae Cloud
+          middle_name: Mae
+    ApplicationTargetResponse:
+      value:
+        - name: google
+          displayName: Google Workspace
+          description: Gmail, Google Drive, Google Calendar, and Google Sites
+          status: ACTIVE
+          lastUpdated: '2021-06-23T22:23:29.000Z'
+          category: COLLABORATION
+          verificationStatus: OKTA_VERIFIED
+          website: http://www.example.com/google-apps.html
+          signOnModes:
+            - SAML_2_0
+          features:
+            - DOWNLOAD_USERS_FOR_ROGUE_REPORT
+            - EXCHANGE_ACTIVE_SYNC
+            - GROUP_PUSH
+            - IMPORT_NEW_USERS
+            - IMPORT_PROFILE_UPDATES
+            - IMPORT_USER_SCHEMA
+            - PROFILE_MASTERING
+            - PUSH_NEW_USERS
+            - PUSH_PASSWORD_UPDATES
+            - PUSH_PROFILE_UPDATES
+            - PUSH_USER_DEACTIVATION
+            - REACTIVATE_USERS
+          _links:
+            logo:
+              - name: medium,
+              - href: https://www.example.com/gfs3qpyglct9KMswo0g7
+            self:
+              href: https://{yourOktaDomain}/api/v1/catalog/apps/google
     AssignGroupOwnerRequest:
       summary: Assign a group owner request example
       value:
@@ -17627,6 +22856,82 @@ components:
         originType: OKTA_DIRECTORY
         displayName: Oliver Putnam
         lastUpdated: Wed Mar 29 18:34:31 UTC 2023
+    AuthenticatorMethodInactiveVoice:
+      value:
+        type: voice
+        status: INACTIVE
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods/voice
+            hints:
+              allow:
+                - GET
+                - PUT
+          activate:
+            href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods/voice/lifecycle/activate
+            hints:
+              allow:
+                - POST
+    AuthenticatorMethodPhone:
+      value:
+        - type: sms
+          status: ACTIVE
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods/sms
+              hints:
+                allow:
+                  - GET
+                  - PUT
+            deactivate:
+              href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods/sms/lifecycle/deactivate
+              hints:
+                allow:
+                  - POST
+        - type: voice
+          status: INACTIVE
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods/voice
+              hints:
+                allow:
+                  - GET
+                  - PUT
+            activate:
+              href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods/voice/lifecycle/activate
+              hints:
+                allow:
+                  - POST
+    AuthenticatorMethodSms:
+      value:
+        type: sms
+        status: ACTIVE
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods/sms
+            hints:
+              allow:
+                - GET
+                - PUT
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods/sms/lifecycle/deactivate
+            hints:
+              allow":
+                - POST
+    AuthenticatorMethodWebauth:
+      value:
+        type: webauthn
+        status: ACTIVE
+        settings:
+          userVerification: DISCOURAGED
+          attachment: ANY
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods/webauthn
+            hints:
+              allow:
+                - GET
+                - PUT
     AuthenticatorRequestDuo:
       value:
         key: duo
@@ -17672,7 +22977,7 @@ components:
             hints:
               allow:
                 - GET
-    AuthenticatorResponseEmail: &ref_0
+    AuthenticatorResponseEmail:
       value:
         type: email
         id: aut1nbsPHh7jNjjyP0g4
@@ -17701,7 +23006,33 @@ components:
             hints:
               allow:
                 - POST
-    AuthenticatorResponsePassword: &ref_1
+    AuthenticatorResponseInactiveWebAuthn:
+      value:
+        type: security_key
+        id: aut1nd8PQhGcQtSxB0g4
+        key: webauthn
+        status: INACTIVE
+        name: Security Key or Biometric
+        created: '2020-07-26T21:16:37.000Z'
+        lastUpdated: '2020-07-27T18:59:30.000Z'
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4
+            hints:
+              allow:
+                - GET
+                - PUT
+          methods:
+            href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods
+            hints:
+              allow:
+                - GET
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    AuthenticatorResponsePassword:
       value:
         type: password
         id: aut1nbtrJKKA9m45a0g4
@@ -17722,7 +23053,7 @@ components:
             hints:
               allow:
                 - GET
-    AuthenticatorResponsePhone: &ref_2
+    AuthenticatorResponsePhone:
       value:
         type: phone
         id: aut1nbuyD8m1ckAYc0g4
@@ -17776,7 +23107,7 @@ components:
             hints:
               allow:
                 - POST
-    AuthenticatorResponseWebAuthn: &ref_3
+    AuthenticatorResponseWebAuthn:
       value:
         type: security_key
         id: aut1nd8PQhGcQtSxB0g4
@@ -17805,10 +23136,102 @@ components:
     AuthenticatorsResponse:
       summary: Org Authenticators
       value:
-        - *ref_0
-        - *ref_1
-        - *ref_2
-        - *ref_3
+        - type: email
+          id: aut1nbsPHh7jNjjyP0g4
+          key: okta_email
+          status: ACTIVE
+          name: Email
+          created: '2020-07-26T21:05:23.000Z'
+          lastUpdated: '2020-07-28T21:45:52.000Z'
+          settings:
+            allowedFor: any
+            tokenLifetimeInMinutes: 5
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4
+              hints:
+                allow:
+                  - GET
+                  - PUT
+            methods:
+              href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4/methods
+              hints:
+                allow:
+                  - GET
+            deactivate:
+              href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4/lifecycle/deactivate
+              hints:
+                allow:
+                  - POST
+        - type: password
+          id: aut1nbtrJKKA9m45a0g4
+          key: okta_password
+          status: ACTIVE
+          name: Password
+          created: '2020-07-26T21:05:23.000Z'
+          lastUpdated: '2020-07-26T21:05:23.000Z'
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbtrJKKA9m45a0g4
+              hints:
+                allow:
+                  - GET
+                  - PUT
+            methods:
+              href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbtrJKKA9m45a0g4/methods
+              hints:
+                allow:
+                  - GET
+        - type: phone
+          id: aut1nbuyD8m1ckAYc0g4
+          key: phone_number
+          status: INACTIVE
+          name: Phone
+          created: '2020-07-26T21:05:23.000Z'
+          lastUpdated: '2020-07-29T00:21:29.000Z'
+          settings:
+            allowedFor: none
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4
+              hints:
+                allow:
+                  - GET
+                  - PUT
+            methods:
+              href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4/methods
+              hints:
+                allow:
+                  - GET
+            activate:
+              href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4/lifecycle/activate
+              hints:
+                allow:
+                  - POST
+        - type: security_key
+          id: aut1nd8PQhGcQtSxB0g4
+          key: webauthn
+          status: ACTIVE
+          name: Security Key or Biometric
+          created: '2020-07-26T21:16:37.000Z'
+          lastUpdated: '2020-07-27T18:59:30.000Z'
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4
+              hints:
+                allow:
+                  - GET
+                  - PUT
+            methods:
+              href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods
+              hints:
+                allow:
+                  - GET
+            deactivate:
+              href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/lifecycle/deactivate
+              hints:
+                allow:
+                  - POST
     BehaviorRuleRequest:
       value:
         name: My Behavior Rule
@@ -17821,8 +23244,8 @@ components:
         settings:
           velocityKph: 805
         status: ACTIVE
-        created: 2021-11-09T20:38:10.000Z
-        lastUpdated: 2021-11-11T20:38:10.000Z
+        created: '2021-11-09T20:38:10.000Z'
+        lastUpdated: '2021-11-11T20:38:10.000Z'
         _link:
           self:
             href: https://your-subdomain.okta.com/api/v1/behaviors/abcd1234
@@ -17832,6 +23255,23 @@ components:
                 - POST
                 - PUT
                 - DELETE
+    BundleEntitlementsResponse:
+      summary: List of governance bundle entitlements
+      value:
+        entitlements:
+          - id: espfxqCAJWWGELFTYASJ
+            role: GROUP_MEMBERSHIP_ADMIN
+            name: Group Membership Admin
+            description: Perform all admin activities for groups in the org
+            _links:
+              values: http://your-subdomain.okta.com/api/v1/iam/governance/bundles/0bbfxqCAJWWGELFTYAAA/entitlements/espfxqCAJWWGELFTYASJ/values
+        _links:
+          self:
+            href: http://your-subdomain.okta.com/api/v1/iam/governance/bundles?limit=2&after=10
+          next:
+            href: http://your-subdomain.okta.com/api/v1/iam/governance/bundles?after=bundleId12
+          bundle:
+            href: http://your-subdomain.okta.com/api/v1/iam/governance/bundles/0bbfxqCAJWWGELFTYAAA
     CAPTCHAInstanceRequestHCaptcha:
       value:
         name: myHCaptcha
@@ -17874,6 +23314,150 @@ components:
                 - POST
                 - PUT
                 - DELETE
+    CreateAnEventHook:
+      summary: Create an event hook
+      value:
+        name: Event Hook Test
+        events:
+          type: EVENT_TYPE
+          items:
+            - group.user_membership.add
+        channel:
+          type: HTTP
+          version: 1.0.0
+          config:
+            uri: https://example_external_service/userAdded
+            headers:
+              - key: X-Other-Header
+                value: my-header-value
+            authScheme:
+              type: HEADER
+              key: Authorization
+              value: my-shared-secret
+    CreateAnEventHookWithFilter:
+      summary: Create an event hook with a filter
+      value:
+        name: Event Hook with Filter
+        description: An event hook using an Okta Expression Language filter
+        events:
+          type: EVENT_TYPE
+          items:
+            - group.user_membership.add
+          filter:
+            type: EXPRESSION_LANGUAGE
+            eventFilterMap:
+              - event: group.user_membership.add
+                condition:
+                  expression: event.target.?[type eq 'UserGroup'].size()>0 && event.target.?[displayName eq 'Sales'].size()>0
+        channel:
+          type: HTTP
+          version: 1.0.0
+          config:
+            uri: https://example_external_service/userAdded
+            authScheme:
+              type: HEADER
+              key: Authorization
+              value: my-shared-secret
+    CreateAssocAuthServerBody:
+      summary: Create a trusted relationship between authorization servers
+      value:
+        - trusted: '{authorizationServerId}'
+    CreateAssocAuthServerResponse:
+      summary: Create a trusted relationship between authorization servers
+      value:
+        - id: '{authorizationServerId}'
+          name: Sample Authorization Server
+          description: Sample Authorization Server description
+          audiences:
+            - https://api.resource.com
+          issuer: https://{yourOktaDomain}/oauth2/{authorizationServerId}
+          issuerMode: CUSTOM_URL
+          status: ACTIVE
+          created: '2023-05-17T22:25:57.000Z'
+          lastUpdated: '2023-05-17T22:25:57.000Z'
+          credentials:
+            signing:
+              rotationMode: AUTO
+              lastRotated: '2023-05-17T22:25:57.000Z'
+              nextRotation: '2023-08-15T22:25:57.000Z'
+              kid: WYQxoK4XAwGFn5Zw5AzLxFvqEKLP79BbsKmWeuc5TB4
+              use: sig
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}
+              hints:
+                allow:
+                  - DELETE
+    CreateAuthServerBody:
+      summary: Create a custom authorization server
+      value:
+        name: Sample Authorization Server
+        description: Sample Authorization Server description
+        audiences:
+          - api://default
+    CreateAuthServerResponse:
+      summary: Create a custom authorization server
+      value:
+        id: '{authorizationServerId}'
+        name: Sample Authorization Server
+        description: Sample Authorization Server description
+        audiences:
+          - https://api.resource.com
+        issuer: https://{yourOktaDomain}/oauth2/{authorizationServerId}
+        issuerMode: ORG_URL
+        status: ACTIVE
+        created: '2023-05-17T22:25:57.000Z'
+        lastUpdated: '2023-05-17T22:25:57.000Z'
+        credentials:
+          signing:
+            rotationMode: AUTO
+            lastRotated: '2023-05-17T22:25:57.000Z'
+            nextRotation: '2023-08-15T22:25:57.000Z'
+            kid: WYQxoK4XAwGFn5Zw5AzLxFvqEKLP79BbsKmWeuc5TB4
+        _links:
+          scopes:
+            href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes
+            hints:
+              allow:
+                - GET
+          claims:
+            href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims
+            hints:
+              allow:
+                - GET
+          policies:
+            href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/policies
+            hints:
+              allow:
+                - GET
+          self:
+            href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}
+            hints:
+              allow:
+                - GET
+                - DELETE
+                - PUT
+          metadata:
+            - name: oauth-authorization-server
+              href: https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/oauth-authorization-server
+              hints:
+                allow:
+                  - GET
+            - name: openid-configuration
+              href: https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/openid-configuration
+              hints:
+                allow:
+                  - GET
+          rotateKey:
+            href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/credentials/lifecycle/keyRotate
+            hints:
+              allow:
+                - POST
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
     CreateBrandRequest:
       value:
         name: My Awesome Brand
@@ -17881,11 +23465,12 @@ components:
       value:
         id: bnd114iNkrcN6aR680g5
         removePoweredByOkta: false
-        customPrivacyPolicyUrl: null
+        customPrivacyPolicyUrl: null,
+        agreeToCustomPrivacyPolicy: false,
         name: My Awesome Brand
         locale: en
         defaultApp:
-          appInstanceId: 0oa114iNkrcN6aR680g4
+          appInstanceId: null
           appLinkName: null
           classicApplicationUri: null
         isDefault: false
@@ -17902,12 +23487,110 @@ components:
             hints:
               allow:
                 - GET
+    CreateCustomTokenClaimBody:
+      summary: Create a custom token Claim
+      value:
+        - alwaysIncludeInToken: true
+          claimType: IDENTITY
+          conditions:
+            scopes:
+              - profile
+          group_filter_type: CONTAINS
+          name: Support
+          status: ACTIVE
+          system: false
+          value: Support
+          valueType: GROUPS
+    CreateCustomTokenClaimResponse:
+      summary: Create a custom token Claim response
+      value:
+        - id: '{claimId}'
+          name: Support
+          status: ACTIVE
+          claimType: IDENTITY
+          valueType: GROUPS
+          value: Support
+          conditions:
+            scopes:
+              - profile
+          system: false
+          alwaysIncludeInToken: true
+          apiResourceId: null
+          group_filter_type: CONTAINS
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims/{claimId}
+              hints:
+                allow:
+                  - GET
+                  - PUT
+                  - DELETE
+    CreateEDNZRequest:
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+      summary: Create an Enhanced Dynamic Network Zone
+      value:
+        type: DYNAMIC_V2
+        name: testZone106
+        status: ACTIVE
+        usage: BLOCKLIST
+        locations:
+          include: []
+          exclude: []
+        asns:
+          include: []
+          exclude: []
+        ipServiceCategories:
+          include:
+            - ALL_ANONYMIZERS
+          exclude: []
+    CreateEDNZResponse:
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+      summary: Enhanced Dynamic Network Zone
+      value:
+        type: DYNAMIC_V2
+        id: nzok0oz2xYHOZtIch0g4
+        name: testZone106
+        status: ACTIVE
+        usage: BLOCKLIST
+        create: '2024-05-13T16:33:44.000Z'
+        lastUpdated: '2024-05-13T16:33:44.000Z'
+        system: false
+        locations:
+          include: []
+          exclude: []
+        asns:
+          include: []
+          exclude: []
+        ipServiceCategories:
+          include:
+            - ALL_ANONYMIZERS
+          exclude: []
+        _links:
+          self:
+            href: http://{yourOktaDomain}/api/v1/zones/nzok0oz2xYHOZtIch0g4
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: http://{yourOktaDomain}/api/v1/zones/nzok0oz2xYHOZtIch0g4/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
     CreateEmailDomainRequest:
       value:
         displayName: Admin
         userName: admin
         domain: example.com
         brandId: bnd100iSrkcN6aR680g1
+        validationSubdomain: mail
     CreateHookKeyResponse:
       summary: Create a key response example
       value:
@@ -17925,7 +23608,7 @@ components:
           e: AQAB
           'n': 2naqCnv6r4xNQs7207lRtKQvdtnlVND-8k5iYBIiqoKGY3CqUmRm1jleoOniiQoMkFX8Wj2DmVqr002efF3vOQ7_gjtTatBTVUNbNIQLybun4dkVoUtfP7pRc5SLpcP3eGPRVar734ZrpQXzmCEdpqBt3jrVjwYjNE5DqOjbYXFJtMsy8CWE9LRJ3kyHEoHPzo22dG_vMrXH0_sAQoCk_4TgNCbvyzVmGVYXI_BkUnp0hv2pR4bQVRYzGB9dKJdctOh8zULqc_EJ8tiYsS05YnF7whrWEyARK0rH-e4d4W-OmBTga_zhY4kJ4NsoQ4PyvcatZkxjPO92QHQOFDnf3w`
     CreateIPPolicyBlockListNetworkZone:
-      summary: Create an IP Policy Blocklist Network Zone
+      summary: Create an IP Blocklist Network Zone
       value:
         type: IP
         name: newBlockListNetworkZone
@@ -17938,15 +23621,15 @@ components:
             value: 2.3.4.5/24
         proxies: null
     CreateIPPolicyBlockListNetworkZoneResponse:
-      summary: IP Policy Blocklist Network Zone Response
+      summary: IP Blocklist Network Zone
       value:
         type: IP
         id: nzo1qasnPb1kqEq0e0g4
         name: newBlockListNetworkzone
         status: ACTIVE
         usage: BLOCKLIST
-        created: '2020-10-12T18:58:02.000Z'
-        lastUpdated: '2020-10-12T18:58:02.000Z'
+        created: '2021-08-09T20:22:09.000Z'
+        lastUpdated: '2021-08-09T20:22:09.000Z'
         system: false
         gateways:
           - type: CIDR
@@ -17983,15 +23666,15 @@ components:
           - type: CIDR
             value: 3.3.4.5/24
     CreateIPPolicyNetworkZoneResponse:
-      summary: IP Policy Network Zone Response
+      summary: IP Policy Network Zone
       value:
         type: IP
-        id: nzowc1U5Jh5xuAK0o0g3
+        id: nzowb8T5Jh5xuAJ0o0g7
         name: newNetworkZone
         status: ACTIVE
         usage: POLICY
-        created: '2019-05-17T18:44:31.000Z'
-        lastUpdated: '2019-05-21T13:50:49.000Z'
+        created: '2021-08-09T21:32:01.000Z'
+        lastUpdated: '2021-08-09T21:32:01.000Z'
         system: false
         gateways:
           - type: CIDR
@@ -18005,17 +23688,93 @@ components:
             value: 3.3.4.5/24
         _links:
           self:
-            href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3
+            href: https://{yourOktaDomain}/api/v1/zones/nzowb8T5Jh5xuAJ0o0g7
             hints:
               allow:
                 - GET
                 - PUT
                 - DELETE
           deactivate:
-            href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate
+            href: https://{yourOktaDomain}/api/v1/zones/nzowb8T5Jh5xuAJ0o0g7/lifecycle/deactivate
             hints:
               allow:
                 - POST
+    CreateLinkedObjectRequest:
+      summary: Create manager-subordinate link request
+      value:
+        primary:
+          name: manager
+          title: manager
+          description: Manager link property
+          type: USER
+        associated:
+          name: subordinate
+          title: subordinate
+          description: Subordinate link property
+          type: USER
+    CreateLinkedObjectResponse:
+      summary: Create manager-subordinate link property response
+      value:
+        primary:
+          name: manager
+          title: manager
+          description: Manager link property
+          type: USER
+        associated:
+          name: subordinate
+          title: subordinate
+          description: Subordinate link property
+          type: USER
+        _links:
+          self:
+            href: http://your-subdomain.okta.com/api/v1/meta/schemas/user/linkedObjects/manager
+    CreateOrReplaceSMSTemplateRequest:
+      value:
+        name: Custom
+        type: SMS_VERIFY_CODE
+        template: '${org.name}: your verification code is ${code}'
+        translations:
+          es: '${org.name}: el código de verificación es ${code}'
+          fr: '${org.name}: votre code de vérification est ${code}'
+          it: '${org.name}: il codice di verifica è ${code}'
+    CreateOrReplaceSMSTemplateResponse:
+      value:
+        id: 6NQUJ5yR3bpgEiYmq8IC
+        name: Custom
+        type: SMS_VERIFY_CODE
+        template: '${org.name}: your verification code is ${code}'
+        translations:
+          es: '${org.name}: el código de verificación es ${code}'
+          fr: '${org.name}: votre code de vérification est ${code}'
+          it: '${org.name}: il codice di verifica è ${code}'
+        created: '2024-04-25T17:35:02.000Z'
+        lastUpdated: '2024-04-25T17:35:02.000Z'
+    CreateSessionBody:
+      summary: Create a new Session with a valid session token
+      value:
+        sessionToken: 00HiohZYpJgMSHwmL9TQy7RRzuY-q9soKp1SPmYYow
+    CreateSessionResponse:
+      summary: Create a new Session with a valid session token
+      value:
+        amr:
+          - pwd
+        createdAt: '2019-08-24T14:15:22Z'
+        expiresAt: '2019-08-24T14:15:22Z'
+        id: l7FbDVqS8zHSy65uJD85
+        idp:
+          id: 01a2bcdef3GHIJKLMNOP
+          type: ACTIVE_DIRECTORY
+        lastFactorVerification: '2019-08-24T14:15:22Z'
+        lastPasswordVerification: '2019-08-24T14:15:22Z'
+        login: user@example.com
+        status: ACTIVE
+        userId: 00u0abcdefGHIJKLMNOP
+        _links:
+          self:
+            hints:
+              allow:
+                - DELETE
+          href: https://{yourOktaDomain}/api/v1/sessions/l7FbDVqS8zHSy65uJD85
     CreateUISchemaBody:
       summary: UI Schema body request
       value:
@@ -18086,8 +23845,8 @@ components:
         body: <!DOCTYPE html><html><body><p>Bonjour ${user.profile.firstName}. <a href="${activationLink}">Activer le compte</a></p></body></html>
         isDefault: false
         id: oel11u6DqUiMbQkpl0g4
-        created: 2021-11-09T20:38:10.000Z
-        lastUpdated: 2021-11-11T20:38:10.000Z
+        created: '2021-11-09T20:38:10.000Z'
+        lastUpdated: '2021-11-11T20:38:10.000Z'
         _links:
           self:
             href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4
@@ -18142,17 +23901,44 @@ components:
             href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
           schema:
             href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+    CustomRoleAssignmentRequest:
+      value:
+        type: CUSTOM
+        role: cr04cxy6yzSCtNciD0g7
+        resource-set: iam4cxy6z7hhaZCSk0g7
+    CustomRoleAssignmentResponse:
+      value:
+        id: irb4ey26fpFI3vQ8y0g7
+        label: view_minimal
+        type: CUSTOM
+        status: ACTIVE
+        created: '2023-05-01T15:16:47.000Z'
+        lastUpdated: '2023-05-01T15:16:47.000Z'
+        assignmentType: CLIENT
+        resource-set: iam4cxy6z7hhaZCSk0g7
+        role: cr04cxy6yzSCtNciD0g7
+        _links:
+          role:
+            href: https://{yourOktaDomain}/api/v1/iam/roles/cr04cxy6yzSCtNciD0g7
+          resource-set:
+            href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iam4cxy6z7hhaZCSk0g7
+          permissions:
+            href: https://{yourOktaDomain}/api/v1/iam/roles/cr04cxy6yzSCtNciD0g7/permissions
+          member:
+            href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iam4cxy6z7hhaZCSk0g7/bindings/cr04cxy6yzSCtNciD0g7/members/irb4ey26fpFI3vQ8y0g7
+          assignee:
+            href: https://{yourOktaDomain}/oauth2/v1/clients/0oa4ee9vgbIuqTUvd0g7
     DeactivateNetworkZone:
-      summary: Deactivated Network Zone response
+      summary: Deactivated Network Zone
       value:
         type: IP
         id: nzowc1U5Jh5xuAK0o0g3
-        name: LegacyIpZone
+        name: MyIpZone
         status: INACTIVE
         usage: POLICY
-        created: '2019-05-17T18:44:31.000Z'
-        lastUpdated: '2019-05-21T13:50:49.000Z'
-        system: true
+        created: '2021-06-24T20:37:32.000Z'
+        lastUpdated: '2021-06-24T20:37:32.000Z'
+        system: false
         gateways:
           - type: CIDR
             value: 1.2.3.4/24
@@ -18167,16 +23953,147 @@ components:
                 - GET
                 - PUT
                 - DELETE
+          activate:
+            href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/activate
+            hints:
+              allow:
+                - POST
+    DeactivatedSecurityEventsProviderResponse:
+      summary: Inactive Security Events Provider
+      value:
+        id: sse1qg25RpusjUP6m0g5
+        name: Security Events Provider with well-known URL
+        type: okta
+        status: INACTIVE
+        settings:
+          well_known_url: https://example.okta.com/.well-known/ssf-configuration
+          issuer: Issuer
+          jwks_url: https://example.okta.com/jwks/path
+        _links:
+          self:
+            href: https://example.okta.com/api/v1/security-events-providers/sse1qg25RpusjUP6m0g5
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          activate:
+            href: https://example.okta.com/api/v1/security-events-providers/sse1qg25RpusjUP6m0g5/lifecycle/activate
+            hints:
+              allow:
+                - POST
+    DefaultEnhancedDynamicNetworkZone:
+      summary: Default Enhanced Dynamic Network Zone
+      value:
+        type: DYNAMIC_V2
+        id: nzohcnxFrSgsiwyHp0g4
+        name: DefaultEnhancedDynamicZone
+        status: ACTIVE
+        usage: BLOCKLIST
+        created: '2024-05-06T19:12:29.000Z'
+        lastUpdated: '2024-05-09T21:02:31.000Z'
+        system: true
+        locations:
+          include: []
+          exclude: []
+        ipServiceCategories:
+          include:
+            - ALL_ANONYMIZERS
+          exclue: []
+        asns:
+          include: []
+          exclude: []
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/zones/nzou3u0stMCmgOzXK1d6
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
           deactivate:
-            href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate
+            href: https://{yourOktaDomain}/api/v1/zones/nzou3u0stMCmgOzXK1d6/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    DefaultIpBlocklistNetworkZone:
+      summary: Default IP Blocklist Network Zone
+      value:
+        type: IP
+        id: nzou3u0stMCmgOzXK1d6
+        name: BlockedIpZone
+        status: ACTIVE
+        usage: BLOCKLIST
+        created: '2021-06-09T21:32:46.000Z'
+        lastUpdated: '2021-06-09T21:32:46.000Z'
+        system: true
+        gateways: null
+        proxies: null
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/zones/nzou3u0stMCmgOzXK1d6
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/zones/nzou3u0stMCmgOzXK1d6/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    DefaultIpNetworkZone:
+      summary: Default IP Network Zone
+      value:
+        type: IP
+        id: nzou3u0ssJfZjYsWL1d6
+        name: LegacyIpZone
+        status: ACTIVE
+        usage: POLICY
+        created: '2021-06-09T21:32:46.000Z'
+        lastUpdated: '2021-06-09T21:32:46.000Z'
+        system: true
+        gateways: null
+        proxies: null
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/zones/nzou3u0ssJfZjYsWL1d6
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/zones/nzou3u0ssJfZjYsWL1d6/lifecycle/deactivate
             hints:
               allow:
                 - POST
+    DefaultRealmAssignment:
+      value:
+        id: rul2jy7jLUlnO5ng00g4
+        status: ACTIVE
+        name: Catch-all
+        created: '2022-04-04T15:56:05.000Z'
+        lastUpdated: '2022-05-05T18:15:44.000Z'
+        isDefault: true
+        conditions:
+          profileSourceId: 0oa4enoRyjwSCy6hx0g4,
+          expression:
+            value: string
+        actions:
+          assignUserToRealm:
+            realmId: 00g1b7rvh0xPLKXFf2g5
+        priority: 499
+        _links:
+          self:
+            rel: self
+            href: http://your-subdomain.okta.com/api/v1/realm-assignments/rul2jy7jLUlnO5ng00g4
+            method: GET
     DefaultRealmResponse:
       value:
         id: guox9jQ16k9V8IQWL0g3
-        created: 2022-04-04T15:56:05.000Z
-        lastUpdated: 2022-05-05T18:15:44.000Z
+        created: '2022-04-04T15:56:05.000Z'
+        lastUpdated: '2022-05-05T18:15:44.000Z'
         isDefault: true
         profile:
           name: Default Realm
@@ -18190,7 +24107,7 @@ components:
       value:
         name: Device Assurance Android
         osVersion:
-          minimum: 12.4.5
+          minimum: 12
         diskEncryptionType:
           include:
             - USER
@@ -18230,10 +24147,68 @@ components:
                 - DELETE
                 - GET
                 - PUT
+    DeviceAssuranceAndroidWithDynamicVersionRequirementRequest:
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+      summary: Android with dynamic version requirement request
+      value:
+        name: Device Assurance Android
+        osVersion:
+          dynamicVersionRequirement:
+            type: MINIMUM
+            distanceFromLatestMajor: 0
+        diskEncryptionType:
+          include:
+            - USER
+            - FULL
+        jailbreak: false
+        platform: ANDROID
+        screenLockType:
+          include:
+            - BIOMETRIC
+        secureHardwarePresent: true
+    DeviceAssuranceAndroidWithDynamicVersionRequirementResponse:
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+      summary: Android with dynamic version requirement response
+      value:
+        id: dae3m8o4rWhwReDeM1c5
+        name: Device Assurance Android
+        lastUpdate: '2022-01-01T00:00:00.000Z'
+        createdUpdate: '2022-01-01T00:00:00.000Z'
+        lastUpdatedBy: 00u217pyf72CdUrBt1c5
+        createdBy: 00u217pyf72CdUrBt1c5
+        osVersion:
+          dynamicVersionRequirement:
+            type: MINIMUM
+            distanceFromLatestMajor: 0
+        diskEncryptionType:
+          include:
+            - USER
+            - FULL
+        jailbreak: false
+        platform: ANDROID
+        screenLockType:
+          include:
+            - BIOMETRIC
+        secureHardwarePresent: true
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+            hints:
+              allow:
+                - DELETE
+                - GET
+                - PUT
     DeviceAssuranceChromeOSWithThirdPartySignalProvidersRequest:
       x-okta-lifecycle:
-        features:
-          - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
       summary: ChromeOS with third-party signal providers request
       value:
         name: Device Assurance ChromeOS
@@ -18258,8 +24233,9 @@ components:
             keyTrustLevel: CHROME_OS_VERIFIED_MODE
     DeviceAssuranceChromeOSWithThirdPartySignalProvidersResponse:
       x-okta-lifecycle:
-        features:
-          - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
       summary: ChromeOS with third-party signal providers response
       value:
         id: dae3m8o4rWhwReDeM1c5
@@ -18330,6 +24306,53 @@ components:
                 - DELETE
                 - GET
                 - PUT
+    DeviceAssuranceIosWithDynamicVersionRequirementRequest:
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+      summary: iOS with dynamic version requirement request
+      value:
+        name: Device Assurance iOS
+        osVersion:
+          dynamicVersionRequirement:
+            type: EXACT_ANY_SUPPORTED
+            latestSecurityPatch: true
+        jailbreak: false
+        platform: IOS
+        screenLockType:
+          include:
+            - BIOMETRIC
+    DeviceAssuranceIosWithDynamicVersionRequirementResponse:
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+      summary: iOS with dynamic version requirement response
+      value:
+        id: dae3m8o4rWhwReDeM1c5
+        name: Device Assurance iOS
+        lastUpdate: '2022-01-01T00:00:00.000Z'
+        createdUpdate: '2022-01-01T00:00:00.000Z'
+        lastUpdatedBy: 00u217pyf72CdUrBt1c5
+        createdBy: 00u217pyf72CdUrBt1c5
+        osVersion:
+          dynamicVersionRequirement:
+            type: EXACT_ANY_SUPPORTED
+            latestSecurityPatch: true
+        jailbroken: false
+        platform: IOS
+        screenLockType:
+          include:
+            - BIOMETRIC
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+            hints:
+              allow:
+                - DELETE
+                - GET
+                - PUT
     DeviceAssuranceMacOSRequest:
       summary: macOS request
       value:
@@ -18373,10 +24396,68 @@ components:
                 - DELETE
                 - GET
                 - PUT
+    DeviceAssuranceMacOSWithDynamicVersionRequirementRequest:
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+      summary: macOS with dynamic version requirement request
+      value:
+        name: Device Assurance macOS
+        osVersion:
+          dynamicVersionRequirement:
+            type: EXACT
+            distanceFromLatestMajor: 0
+            latestSecurityPatch: true
+        diskEncryptionType:
+          include:
+            - ALL_INTERNAL_VOLUMES
+        platform: MACOS
+        screenLockType:
+          include:
+            - PASSCODE
+            - BIOMETRIC
+        secureHardwarePresent: true
+    DeviceAssuranceMacOSWithDynamicVersionRequirementResponse:
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+      summary: macOS with dynamic version requirement response
+      value:
+        id: dae3m8o4rWhwReDeM1c5
+        name: Device Assurance macOS
+        lastUpdate: '2022-01-01T00:00:00.000Z'
+        createdUpdate: '2022-01-01T00:00:00.000Z'
+        lastUpdatedBy: 00u217pyf72CdUrBt1c5
+        createdBy: 00u217pyf72CdUrBt1c5
+        osVersion:
+          dynamicVersionRequirement:
+            type: EXACT
+            distanceFromLatestMajor: 0
+            latestSecurityPatch: true
+        diskEncryptionType:
+          include:
+            - ALL_INTERNAL_VOLUMES
+        platform: MACOS
+        screenLockType:
+          include:
+            - PASSCODE
+            - BIOMETRIC
+        secureHardwarePresent: true
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+            hints:
+              allow:
+                - DELETE
+                - GET
+                - PUT
     DeviceAssuranceMacOSWithThirdPartySignalProvidersRequest:
       x-okta-lifecycle:
-        features:
-          - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
       summary: macOS with third-party signal providers request
       value:
         name: Device Assurance macOS
@@ -18409,8 +24490,9 @@ components:
             realtimeUrlCheckMode": true
     DeviceAssuranceMacOSWithThirdPartySignalProvidersResponse:
       x-okta-lifecycle:
-        features:
-          - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
       summary: macOS with third-party signal providers response
       value:
         id: dae3m8o4rWhwReDeM1c5
@@ -18498,10 +24580,76 @@ components:
                 - DELETE
                 - GET
                 - PUT
+    DeviceAssuranceWindowsWithDynamicVersionRequirementsRequest:
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+      summary: Windows with Windows 11 and Windows 10 dynamic version requirements request
+      value:
+        name: Device Assurance Windows
+        osVersionConstraints:
+          - majorVersionConstraint: WINDOWS_11
+            dynamicVersionRequirement:
+              type: MINIMUM
+              distanceFromLatestMajor: 1
+              latestSecurityPatch: true
+          - majorVersionConstraint: WINDOWS_10
+            dynamicVersionRequirement:
+              type: EXACT_ANY_SUPPORTED
+        diskEncryptionType:
+          include:
+            - ALL_INTERNAL_VOLUMES
+        platform: WINDOWS
+        screenLockType:
+          include:
+            - PASSCODE
+            - BIOMETRIC
+        secureHardwarePresent: true
+    DeviceAssuranceWindowsWithDynamicVersionRequirementsResponse:
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+      summary: Windows with Windows 11 and Windows 10 dynamic version requirements response
+      value:
+        id: dae3m8o4rWhwReDeM1c5
+        name: Device Assurance Windows
+        lastUpdate: '2022-01-01T00:00:00.000Z'
+        createdUpdate: '2022-01-01T00:00:00.000Z'
+        lastUpdatedBy: 00u217pyf72CdUrBt1c5
+        createdBy: 00u217pyf72CdUrBt1c5
+        osVersionConstraints:
+          - majorVersionConstraint: WINDOWS_11
+            dynamicVersionRequirement:
+              type: MINIMUM
+              distanceFromLatestMajor: 1
+              latestSecurityPatch: true
+          - majorVersionConstraint: WINDOWS_10
+            dynamicVersionRequirement:
+              type: EXACT_ANY_SUPPORTED
+        diskEncryptionType:
+          include:
+            - ALL_INTERNAL_VOLUMES
+        platform: WINDOWS
+        screenLockType:
+          include:
+            - PASSCODE
+            - BIOMETRIC
+        secureHardwarePresent: true
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+            hints:
+              allow:
+                - DELETE
+                - GET
+                - PUT
     DeviceAssuranceWindowsWithThirdPartySignalProvidersRequest:
       x-okta-lifecycle:
-        features:
-          - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
       summary: Windows with third-party signal providers request
       value:
         name: Device Assurance Windows
@@ -18541,8 +24689,9 @@ components:
             keyTrustLevel: CHROME_BROWSER_HW_KEY
     DeviceAssuranceWindowsWithThirdPartySignalProvidersResponse:
       x-okta-lifecycle:
-        features:
-          - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
       summary: Windows with third-party signal providers response
       value:
         id: dae3m8o4rWhwReDeM1c5
@@ -18593,6 +24742,126 @@ components:
                 - DELETE
                 - GET
                 - PUT
+    DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringRequest:
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+      summary: Windows with Windows 11 dynamic version requirement and Windows 10 minimum version request
+      value:
+        name: Device Assurance Windows
+        osVersionConstraints:
+          - majorVersionConstraint: WINDOWS_11
+            dynamicVersionRequirement:
+              type: EXACT
+              distanceFromLatestMajor: 1
+          - majorVersionConstraint: WINDOWS_10
+            minimum: 10.0.19045.0
+        diskEncryptionType:
+          include:
+            - ALL_INTERNAL_VOLUMES
+        platform: WINDOWS
+        screenLockType:
+          include:
+            - PASSCODE
+            - BIOMETRIC
+        secureHardwarePresent: true
+    DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringResponse:
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+      summary: Windows with Windows 11 dynamic version requirement and Windows 10 minimum version response
+      value:
+        id: dae3m8o4rWhwReDeM1c5
+        name: Device Assurance Windows
+        lastUpdate: '2022-01-01T00:00:00.000Z'
+        createdUpdate: '2022-01-01T00:00:00.000Z'
+        lastUpdatedBy: 00u217pyf72CdUrBt1c5
+        createdBy: 00u217pyf72CdUrBt1c5
+        osVersionConstraints:
+          - majorVersionConstraint: WINDOWS_11
+            dynamicVersionRequirement:
+              type: EXACT
+              distanceFromLatestMajor: 1
+          - majorVersionConstraint: WINDOWS_10
+            minimum: 10.0.19045.0
+        diskEncryptionType:
+          include:
+            - ALL_INTERNAL_VOLUMES
+        platform: WINDOWS
+        screenLockType:
+          include:
+            - PASSCODE
+            - BIOMETRIC
+        secureHardwarePresent: true
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+            hints:
+              allow:
+                - DELETE
+                - GET
+                - PUT
+    DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementRequest:
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+      summary: Windows with Windows 11 minimum version and a Windows 10 dynamic version requirement request
+      value:
+        name: Device Assurance Windows
+        osVersionConstraints:
+          - majorVersionConstraint: WINDOWS_11
+            minimum: 10.0.22000.0
+          - majorVersionConstraint: WINDOWS_10
+            dynamicVersionRequirement:
+              type: NOT_ALLOWED
+        diskEncryptionType:
+          include:
+            - ALL_INTERNAL_VOLUMES
+        platform: WINDOWS
+        screenLockType:
+          include:
+            - PASSCODE
+            - BIOMETRIC
+        secureHardwarePresent: true
+    DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementResponse:
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+      summary: Windows with Windows 11 minimum version and Windows 10 dynamic version requirement response
+      value:
+        id: dae3m8o4rWhwReDeM1c5
+        name: Device Assurance Windows
+        lastUpdate: '2022-01-01T00:00:00.000Z'
+        createdUpdate: '2022-01-01T00:00:00.000Z'
+        lastUpdatedBy: 00u217pyf72CdUrBt1c5
+        createdBy: 00u217pyf72CdUrBt1c5
+        osVersionConstraints:
+          - majorVersionConstraint: WINDOWS_11
+            minimum: 10.0.22000.0
+          - majorVersionConstraint: WINDOWS_10
+            dynamicVersionRequirement:
+              type: NOT_ALLOWED
+        diskEncryptionType:
+          include:
+            - ALL_INTERNAL_VOLUMES
+        platform: WINDOWS
+        screenLockType:
+          include:
+            - PASSCODE
+            - BIOMETRIC
+        secureHardwarePresent: true
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+            hints:
+              allow:
+                - DELETE
+                - GET
+                - PUT
     DeviceResponse:
       value:
         id: guo8jx5vVoxfvJeLb0w4
@@ -18647,8 +24916,8 @@ components:
         subject: Welcome to ${org.name}!
         body: <!DOCTYPE html><html><body><p>Hello, ${user.profile.firstName}. Click <a href="${activationLink}">here</a> to activate your account.</body></html>
         id: oel11u6DqUiMbQkpl0g4
-        created: 2021-11-09T20:38:10.000Z
-        lastUpdated: 2021-11-11T20:38:10.000Z
+        created: '2021-11-09T20:38:10.000Z'
+        lastUpdated: '2021-11-11T20:38:10.000Z'
         _links:
           self:
             href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4
@@ -18679,6 +24948,7 @@ components:
         displayName: Admin
         userName: admin
         domain: example.com
+        validationSubdomain: mail
         dnsValidationRecords:
           - recordType: TXT
             fqdn: _oktaverification.example.com
@@ -18692,6 +24962,9 @@ components:
           - recordType: CNAME
             fqdn: t022._domainkey.example.com
             verificationValue: t02.domainkey.u22224444.wl024.sendgrid.net
+    EmailSettingsRequest:
+      value:
+        recipients: ALL_USERS
     EmailSettingsResponse:
       value:
         recipients: ALL_USERS
@@ -18727,6 +25000,190 @@ components:
             hints:
               allow:
                 - GET
+    EmbeddedGroupAssignmentSampleResponse:
+      summary: Application Group with an embedded Group
+      value:
+        id: 00g15acRUy0SYb9GT0g4
+        priority: 0
+        lastUpdated: '2024-06-02T13:17:57.000Z'
+        profile:
+          preferredLanguage: English
+          manager: Donald Glover
+          securityQuestion: Who is the footballer to have played the game
+          securityAnswer: Ronaldinho
+          timezone: Canada/Eastern
+          initialStatus: active_with_pass
+          managerId: ike.ogb@gmail.com
+          locale: en_US
+          division: top
+          organization: wazobia
+          userType: null
+          department: marketing
+        _links:
+          app:
+            href: http://{yourOktaDomain}/api/v1/apps/0oa15anjcUHSI6hTB0g4
+          self:
+            href: http://{yourOktaDomain}/api/v1/apps/0oa15anjcUHSI6hTB0g4/groups/00g15acRUy0SYb9GT0g4
+          group:
+            href: http://{yourOktaDomain}/api/v1/groups/00g15acRUy0SYb9GT0g4
+        _embedded:
+          group:
+            id: 00g15acRUy0SYb9GT0g4
+            created: '2024-06-02T13:02:12.000Z'
+            lastUpdated: '2024-06-02T13:02:12.000Z'
+            lastMembershipUpdated: '2024-06-02T13:03:13.000Z'
+            objectClass:
+              - okta:user_group
+            type: OKTA_GROUP
+            profile:
+              name: Football Group
+              description: Group with professional footballers
+            _links:
+              logo:
+                - name: medium
+                  href: http://{yourOktaDomain}/assets/img/logos/groups/odyssey/okta-medium.30ce6d4085dff29412984e4c191bc874.png
+                  type: image/png
+                - name: large
+                  href: http://{yourOktaDomain}/assets/img/logos/groups/odyssey/okta-large.c3cb8cda8ae0add1b4fe928f5844dbe3.png
+                  type: image/png
+              users:
+                href: http://{yourOktaDomain}/api/v1/groups/00g15acRUy0SYb9GT0g4/users
+              apps:
+                href: http://{yourOktaDomain}/api/v1/groups/00g15acRUy0SYb9GT0g4/apps
+    EmbeddedMetadataGroupAssignmentSampleResponse:
+      summary: Application Group with embedded metadata
+      value:
+        id: 00g15acRUy0SYb9GT0g4
+        priority: 0
+        lastUpdated: '2024-06-02T13:17:57.000Z'
+        profile:
+          preferredLanguage: English
+          manager: Donald Glover
+          securityQuestion: Who is the footballer to have played the game
+          securityAnswer: Ronaldinho
+          timezone: Canada/Eastern
+          initialStatus: active_with_pass
+          managerId: ike.ogb@gmail.com
+          locale: en_US
+          division: top
+          organization: wazobia
+          userType: null
+          department: marketing
+        _links:
+          app:
+            href: http://{yourOktaDomain}/api/v1/apps/0oa15anjcUHSI6hTB0g4
+          self:
+            href: http://{yourOktaDomain}/api/v1/apps/0oa15anjcUHSI6hTB0g4/groups/00g15acRUy0SYb9GT0g4
+          group:
+            href: http://{yourOktaDomain}/api/v1/groups/00g15acRUy0SYb9GT0g4
+        _embedded:
+          metadata:
+            credentials: {}
+            profile:
+              division:
+                source:
+                  type: USER
+                  value:
+                    - id: 00uzojLwDGgUynjJS0g3
+                      self:
+                        href: http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3
+                lastUpdated: null
+              preferredLanguage:
+                source:
+                  type: USER
+                  value:
+                    - id: 00uzojLwDGgUynjJS0g3
+                      self:
+                        href: http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3
+                lastUpdated: null
+              manager:
+                source:
+                  type: MAPPING
+                  value:
+                    - id: null
+                lastUpdated: null
+              securityQuestion:
+                source:
+                  type: USER
+                  value:
+                    - id: 00uzojLwDGgUynjJS0g3
+                      self:
+                        href: http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3
+                lastUpdated: null
+              securityAnswer:
+                source:
+                  type: USER
+                  value:
+                    - id: 00uzojLwDGgUynjJS0g3
+                      self:
+                        href: http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3
+                lastUpdated: null
+              timezone:
+                source:
+                  type: USER
+                  value:
+                    - id: 00uzojLwDGgUynjJS0g3
+                      self:
+                        href: http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3
+                lastUpdated: null
+              organization:
+                source:
+                  type: USER
+                  value:
+                    - id: 00uzojLwDGgUynjJS0g3
+                      self:
+                        href: http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3
+                lastUpdated: null
+              initialStatus:
+                source:
+                  type: USER
+                  value:
+                    - id: 00uzojLwDGgUynjJS0g3
+                      self:
+                        href: http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3
+                lastUpdated: null
+              managerId:
+                source:
+                  type: MAPPING
+                  value:
+                    - id: null
+                lastUpdated: null
+              userType:
+                source:
+                  type: MAPPING
+                  value:
+                    - id: null
+                lastUpdated: null
+              locale:
+                source:
+                  type: USER
+                  value:
+                    - id: 00uzojLwDGgUynjJS0g3
+                      self:
+                        href: http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3
+                lastUpdated: null
+              department:
+                source:
+                  type: MAPPING
+                  value:
+                    - id: null
+                lastUpdated: null
+    EntitlementValuesResponse:
+      summary: List of bundle entitlement values
+      value:
+        entitlementValues:
+          - id: entfxqCAJWWGELFTYAAA
+            value: orn:okta:00o5rb5mt2H3d1TJd0h7:groups:00guaxWZ0AOa5NFAj0g3
+            name: Restricted users group
+            _links:
+              group: http://your-subdomain.okta.com/api/v1/groups/00guaxWZ0AOa5NFAj0g3
+        _links:
+          self:
+            href: http://your-subdomain.okta.com/api/v1/iam/governance/bundles?limit=2&after=10
+          bundle:
+            href: http://your-subdomain.okta.com/api/v1/iam/governance/bundles/0bbfxqCAJWWGELFTYAAA
+          entitlements:
+            href: http://your-subdomain.okta.com/api/v1/iam/governance/bundles/0bbfxqCAJWWGELFTYAAA/entitlements
     ErrorAccessDenied:
       summary: Access Denied
       value:
@@ -18735,6 +25192,13 @@ components:
         errorLink: E0000006
         errorId: sampleNUSD_8fdkFd8fs8SDBK
         errorCauses: []
+    ErrorAgentTimeOut:
+      value:
+        errorCode: E0000237
+        errorSummary: Timed out waiting for agent.
+        errorLink: E0000237
+        errorId: sampleMlLvGUj_YD5v16vkYWY
+        errorCauses: []
     ErrorApiValidationFailed:
       summary: API Validation Failed
       value:
@@ -18752,6 +25216,25 @@ components:
         errorId: oaeZLxeiHUUQomPkM8xOqvu1A
         errorCauses:
           - errorSummary: Provisioning is not enabled for the app instance.
+    ErrorAppUserForbiddenAction:
+      summary: Forbidden action
+      description: If the `PUSH_NEW_USERS` or `PUSH_PROFILE_UPDATES` feature is enabled and the request specifies a value for a profile-mapped (Universal Directory) attribute that doesn't match the mapped value, then a 403 error is returned.
+      value:
+        errorCode: E0000075
+        errorSummary: Cannot modify the firstName attribute because it has a field mapping and profile push is enabled.
+        errorLink: E0000075
+        errorId: sampleWXiR_K-WwaTKhlgBQ
+        errorCauses: []
+    ErrorAppUserUpdateBadRequest:
+      summary: Bad request
+      description: If you attempt to assign a username or password to an app with an incompatible authentication scheme, then a 400 error is returned.
+      value:
+        errorCode: E0000041
+        errorSummary: Credentials should not be set on this resource based on the scheme.
+        errorLink: E0000041
+        errorId: oaeUM77NBynQQu4C_qT5ngjGQ
+        errorCauses:
+          errorSummary: User level credentials should not be provided for this scheme.
     ErrorCAPTCHALimitOfOne:
       value:
         errorCode: E0000165
@@ -18775,6 +25258,13 @@ components:
         errorId: oae-hk3rssXQmOWDRsaFfxe8A
         errorCauses:
           errorSummary: 'captchaId: Invalid CAPTCHA ID. The value of captchaId cannot be blank when enabledPages is not empty. Please resubmit with an existing CAPTCHA ID or disable CAPTCHA support on all supported pages.'
+    ErrorCreateBrandExists:
+      value:
+        errorCode: E0000202
+        errorSummary: Brand name already exists.
+        errorLink: E0000202
+        errorId: oaeKABuesTdRvCXeCTpSpXAcQ
+        errorCauses: []
     ErrorCreateUserWithExpiredPasswordWithNullPassword:
       value:
         errorCode: E0000124
@@ -18882,6 +25372,22 @@ components:
         errorLink: E0000189
         errorId: oae8L1-UkcNTeGi5xVQ28_lww
         errorCauses: []
+    ErrorInvalidLinkedObjectDef:
+      summary: Invalid linked objection definition
+      value:
+        errorCode: E0000127
+        errorSummary: Invalid linked objection definition. Linked object identifier is already in use.
+        errorLink: E0000127
+        errorId: oaeh5FICFF2RnqakoNofPadhw
+        errorCauses:
+          - errorSummary: Linked object identifier for primary is already in use.
+            reason: UNIQUE_CONSTRAINT
+            locationType: body
+            domain: linkedObjects
+          - errorSummary: Linked object identifier for associated is already in use.
+            reason: UNIQUE_CONSTRAINT
+            locationType: body
+            domain: linkedObjects
     ErrorInvalidTokenProvided:
       summary: Invalid Token Provided
       value:
@@ -18898,6 +25404,31 @@ components:
         errorLink: E0000028
         errorId: sampleiCF-l7mr9XqM1NQ
         errorCauses: []
+    ErrorNoConnectedAgents:
+      value:
+        errorCode: E0000236
+        errorSummary: There are no connected agents.
+        errorLink: E0000236
+        errorId: sampleMlLvGUj_YD5v16vkYWY
+        errorCauses: []
+    ErrorPinOrCredRequestsGenerationFailure:
+      summary: PIN or Cred Requests Generation Failed
+      value:
+        errorCode: E0000001
+        errorSummary: 'Api validation failed: pinRequest|credRequests'
+        errorLink: E0000001
+        errorId: oaehk3rssXQmOWDRsaFfxe8A
+        errorCauses:
+          errorSummary: There was a problem generating the pinRequest|credRequests.
+    ErrorPinOrCredResponsesProcessingFailure:
+      summary: PIN or Cred Response Processing Failed
+      value:
+        errorCode: E0000001
+        errorSummary: 'Api validation failed: pinResponse|credResponses'
+        errorLink: E0000001
+        errorId: oaehk3rssXQmOWDRsaFfxe8B
+        errorCauses:
+          errorSummary: There was a problem generating the pinResponse|credResponses.
     ErrorPushProviderUsedByCustomAppAuthenticator:
       value:
         errorCode: E0000187
@@ -18924,6 +25455,7 @@ components:
     GetBrandResponse:
       value:
         id: bnd114iNkrcN6aR680g4
+        agreeToCustomPrivacyPolicy: false
         removePoweredByOkta: false
         customPrivacyPolicyUrl: null
         name: Okta Default
@@ -18947,9 +25479,31 @@ components:
             hints:
               allow:
                 - GET
+          emailDomain:
+            href: https://{yourOktaDomain}/api/v1/email-domains/OeD114iNkrcN6aR680g4
+            hints:
+              allow:
+                - GET
+                - PUT
     GetEmailTemplateResponse:
       value:
         name: UserActivation
+        _embedded:
+          customizationCount: 0
+          settings:
+            recipients: ALL_USERS
+            _links:
+              self:
+                href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/settings
+                hints:
+                  allow:
+                    - GET
+                    - PUT
+              template:
+                href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
+                hints:
+                  allow:
+                    - GET
         _links:
           self:
             href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
@@ -18979,6 +25533,48 @@ components:
             hints:
               allow:
                 - POST
+    GetRealmAssignmentResponse:
+      value:
+        id: rul2jy7jLUlnO3ng00g4
+        status: ACTIVE
+        name: Realm Assignment 1
+        created: '2022-04-04T15:56:05.000Z'
+        lastUpdated: '2022-05-05T18:15:44.000Z'
+        isDefault: false
+        conditions:
+          profileSourceId: 0oa4enoRyjwSCy5hx0g4
+          expression:
+            value: string
+        actions:
+          assignUserToRealm:
+            realmId: 00g1b7rvh0xPLKXFf0g5
+        priority: 0
+        _links:
+          self:
+            rel: self
+            href: http://your-subdomain.okta.com/api/v1/realm-assignments/rul2jy7jLUlnO3ng00g4
+            method: GET
+    GetThemeResponse:
+      value:
+        id: thdul904tTZ6kWVhP0g3
+        logo: https://{yourOktaDomain}/assets/img/logos/okta-logo.47066819ac7db5c13f4c431b2687cef6.png
+        favicon: https://{yourOktaDomain}/favicon.ico
+        backgroundImage: null
+        primaryColorHex: '#1662dd'
+        primaryColorContrastHex: '#000000'
+        secondaryColorHex: '#ebebed'
+        secondaryColorContrastHex: '#000000'
+        signInPageTouchPointVariant: OKTA_DEFAULT
+        endUserDashboardTouchPointVariant: OKTA_DEFAULT
+        errorPageTouchPointVariant: OKTA_DEFAULT
+        emailTemplateTouchPointVariant: OKTA_DEFAULT
+        loadingPageTouchPointVariant: OKTA_DEFAULT
+    GetUserLinkedObjectResponse:
+      summary: Retrieve User Linked Object value
+      value:
+        - _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/users/00u5t60iloOHN9pBi0h7
     GetUserResponse:
       summary: Retrieve a user type response
       value:
@@ -18996,6 +25592,302 @@ components:
             href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
           schema:
             href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+    GovernanceBundle:
+      summary: Governance Bundle
+      value:
+        id: 0bbfxqCAJWWGELFTYAAA
+        name: Group admin bundle
+        description: Group bundle for administrative access
+        status: ACTIVE
+        orn: orn:okta:governance:00o5rb5mt2H3d1TJd0h7:bundles:0bbfxqCAJWWGELFTYAAA
+        _links:
+          self: http://your-subdomain.okta.com/api/v1/iam/governance/bundles/0bbfxqCAJWWGELFTYAAA
+          entitlements: http://your-subdomain.okta.com/api/v1/iam/governance/bundles/0bbfxqCAJWWGELFTYAAA/entitlements
+    GovernanceBundleCreateRequestCustomRole:
+      summary: Create governance bundle with custom role
+      value:
+        name: Custom admin bundle
+        description: Custom bundle for administrative access
+        entitlements:
+          role: cr0WxyzJxGIr0ouum0g4
+          resourceSets:
+            - iamoJDFKaJxGIr0oamd9g
+    GovernanceBundleCreateRequestScopedStandardRole:
+      summary: Create governance bundle with scoped standard role
+      value:
+        name: Group admin bundle
+        description: Group bundle for administrative access
+        entitlements:
+          role: GROUP_MEMBERSHIP_ADMIN
+          targets:
+            - 00guaxWZ0AOa5NFAj0g3
+    GovernanceBundleCreateRequestStandardRole:
+      summary: Create governance bundle with non-scoped standard role
+      value:
+        name: Group admin bundle
+        description: Group bundle for administrative access
+        entitlements:
+          role: GROUP_MEMBERSHIP_ADMIN
+    GovernanceBundleUpdateRequestCustomRole:
+      summary: Update governance bundle with custom role
+      value:
+        name: Custom admin bundle
+        description: Custom bundle for administrative access
+        entitlements:
+          role: cr0WxyzJxGIr0ouum0g4
+          resourceSets:
+            - iamoJDFKaJxGIr0oamd9g
+    GovernanceBundleUpdateRequestScopedStandardRole:
+      summary: Update governance bundle with scoped standard role
+      value:
+        name: Group admin bundle
+        description: Group bundle for administrative access
+        entitlements:
+          role: GROUP_MEMBERSHIP_ADMIN
+          targets:
+            - 00guaxWZ0AOa5NFAj0g3
+    GovernanceBundleUpdateRequestStandardRole:
+      summary: Update governance bundle with non-scoped standard role
+      value:
+        name: Group admin bundle
+        description: Group bundle for administrative access
+        entitlements:
+          role: GROUP_MEMBERSHIP_ADMIN
+    GovernanceBundlesResponse:
+      summary: List of governance bundles
+      value:
+        bundles:
+          - id: 0bbfxqCAJWWGELFTYAAA
+            name: Group admin bundle
+            description: Group bundle for administrative access
+            status: ACTIVE
+            orn: orn:okta:governance:00o5rb5mt2H3d1TJd0h7:bundles:0bbfxqCAJWWGELFTYAAA
+            _links:
+              entitlements: http://your-subdomain.okta.com/api/v1/iam/governance/bundles/0bbfxqCAJWWGELFTYAAA/entitlements
+        _links:
+          self:
+            href: http://your-subdomain.okta.com/api/v1/iam/governance/bundles?limit=2&after=10
+          next:
+            href: http://your-subdomain.okta.com/api/v1/iam/governance/bundles?after=bundleId12
+    GroupAssignmentExListResponse:
+      summary: Application Groups list with embedded metadata
+      value:
+        - id: 00g15acRUy0SYb9GT0g4
+          priority: 0
+          lastUpdated: '2024-06-02T13:17:57.000Z'
+          profile:
+            preferredLanguage: English
+            manager: Donald Glover
+            securityQuestion: Who is the footballer to have played the game
+            securityAnswer: Ronaldinho
+            timezone: Canada/Eastern
+            initialStatus: active_with_pass
+            managerId: ike.ogb@gmail.com
+            locale: en_US
+            division: top
+            organization: wazobia
+            userType: null
+            department: marketing
+          _links:
+            app:
+              href: http://{yourOktaDomain}/api/v1/apps/0oa15anjcUHSI6hTB0g4
+            self:
+              href: http://{yourOktaDomain}/api/v1/apps/0oa15anjcUHSI6hTB0g4/groups/00g15acRUy0SYb9GT0g4
+            group:
+              href: http://{yourOktaDomain}/api/v1/groups/00g15acRUy0SYb9GT0g4
+          _embedded:
+            metadata:
+              credentials: {}
+              profile:
+                division:
+                  source:
+                    type: USER
+                    value:
+                      - id: 00uzojLwDGgUynjJS0g3
+                        self:
+                          href: http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3
+                  lastUpdated: null
+                preferredLanguage:
+                  source:
+                    type: USER
+                    value:
+                      - id: 00uzojLwDGgUynjJS0g3
+                        self:
+                          href: http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3
+                  lastUpdated: null
+                manager:
+                  source:
+                    type: MAPPING
+                    value:
+                      - id: null
+                  lastUpdated: null
+                securityQuestion:
+                  source:
+                    type: USER
+                    value:
+                      - id: 00uzojLwDGgUynjJS0g3
+                        self:
+                          href: http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3
+                  lastUpdated: null
+                securityAnswer:
+                  source:
+                    type: USER
+                    value:
+                      - id: 00uzojLwDGgUynjJS0g3
+                        self:
+                          href: http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3
+                  lastUpdated: null
+                timezone:
+                  source:
+                    type: USER
+                    value:
+                      - id: 00uzojLwDGgUynjJS0g3
+                        self:
+                          href: http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3
+                  lastUpdated: null
+                organization:
+                  source:
+                    type: USER
+                    value:
+                      - id: 00uzojLwDGgUynjJS0g3
+                        self:
+                          href: http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3
+                  lastUpdated: null
+                initialStatus:
+                  source:
+                    type: USER
+                    value:
+                      - id: 00uzojLwDGgUynjJS0g3
+                        self:
+                          href: http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3
+                  lastUpdated: null
+                managerId:
+                  source:
+                    type: MAPPING
+                    value:
+                      - id: null
+                  lastUpdated: null
+                userType:
+                  source:
+                    type: MAPPING
+                    value:
+                      - id: null
+                  lastUpdated: null
+                locale:
+                  source:
+                    type: USER
+                    value:
+                      - id: 00uzojLwDGgUynjJS0g3
+                        self:
+                          href: http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3
+                  lastUpdated: null
+                department:
+                  source:
+                    type: MAPPING
+                    value:
+                      - id: null
+                  lastUpdated: null
+    GroupAssignmentExResponse:
+      summary: Application Group response
+      value:
+        id: 00g15acRUy0SYb9GT0g4
+        priority: 0
+        lastUpdated: '2024-06-02T13:17:57.000Z'
+        profile:
+          preferredLanguage: English
+          manager: Donald Glover
+          securityQuestion: Who is the footballer to have played the game
+          securityAnswer: Ronaldinho
+          timezone: Canada/Eastern
+          initialStatus: active_with_pass
+          managerId: ike.ogb@gmail.com
+          locale: en_US
+          division: top
+          organization: wazobia
+          userType: null
+          department: marketing
+        _links:
+          app:
+            href: http://{yourOktaDomain}/api/v1/apps/0oa15anjcUHSI6hTB0g4
+          self:
+            href: http://{yourOktaDomain}/api/v1/apps/0oa15anjcUHSI6hTB0g4/groups/00g15acRUy0SYb9GT0g4
+          group:
+            href: http://{yourOktaDomain}/api/v1/groups/00g15acRUy0SYb9GT0g4
+    GroupAssignmentPatchRequestExample:
+      summary: Update app group request
+      value:
+        - op: replace
+          path: /profile/manager
+          value: Carlo Ancelotti
+    GroupAssignmentPatchResponseExample:
+      summary: Update Application Group response
+      value:
+        id: 00g15acRUy0SYb9GT0g4
+        priority: 0
+        lastUpdated: '2024-06-03T13:42:20.000Z'
+        profile:
+          preferredLanguage: English
+          securityQuestion: Who is the footballer to have played the game
+          securityAnswer: Jay Jay Okocha
+          timezone: Canada/Eastern
+          initialStatus: active_with_pass
+          managerId: ike.ogb@gmail.com
+          locale: en_US
+          division: top
+          organization: null
+          userType: null
+          department: Accounting
+          manager: Carlo Ancelotti
+        _links:
+          app:
+            href: http://{yourOktaDomain}/api/v1/apps/0oa15anjcUHSI6hTB0g4
+          self:
+            href: http://{yourOktaDomain}/api/v1/apps/0oa15anjcUHSI6hTB0g4/groups/00g15acRUy0SYb9GT0g4
+          group:
+            href: http://{yourOktaDomain}/api/v1/groups/00g15acRUy0SYb9GT0g4
+    GroupAssignmentPutRequestExample:
+      summary: Assign Application Group request
+      value:
+        id: 00g15acRUy0SYb9GT0g4
+        profile:
+          preferredLanguage: English
+          manager: Arsene Wenger
+          securityQuestion: Who is the footballer to have played the game
+          securityAnswer: Jay Jay Okocha
+          timezone: Canada/Eastern
+          initialStatus: active_with_pass
+          managerId: ike.ogb@gmail.com
+          locale: en_US
+          division: top
+          organization: null
+          userType: null
+          department: Accounting
+    GroupAssignmentPutResponseExample:
+      summary: Assign Application Group response
+      value:
+        id: 00g15acRUy0SYb9GT0g4
+        priority: 0
+        lastUpdated: '2024-06-03T13:52:07.000Z'
+        profile:
+          preferredLanguage: English
+          manager: Arsene Wenger
+          securityQuestion: Who is the footballer to have played the game
+          securityAnswer: Jay Jay Okocha
+          timezone: Canada/Eastern
+          initialStatus: active_with_pass
+          managerId: ike.ogb@gmail.com
+          locale: en_US
+          division: top
+          organization: null
+          userType: null
+          department: Accounting
+        _links:
+          app:
+            href: http://{yourOktaDomain}/api/v1/apps/0oa15anjcUHSI6hTB0g4
+          self:
+            href: http://{yourOktaDomain}/api/v1/apps/0oa15anjcUHSI6hTB0g4/groups/00g15acRUy0SYb9GT0g4
+          group:
+            href: http://{yourOktaDomain}/api/v1/groups/00g15acRUy0SYb9GT0g4
     GroupSchemaAddRequest:
       value:
         definitions:
@@ -19057,6 +25949,62 @@ components:
               - $ref: '#/definitions/base'
         title: Okta group
         type: object
+    GroupTargetResponse:
+      value:
+        - id: 00g4cweckiXJaEqWl0g7
+          created: '2023-01-20T08:28:32.000Z'
+          lastUpdated: '2023-01-20T08:28:32.000Z'
+          lastMembershipUpdated: '2023-01-20T08:54:49.000Z'
+          objectClass:
+            - okta:user_group
+          type: OKTA_GROUP
+          profile:
+            name: test_group
+            description: null
+          _links:
+            logo:
+              - name: medium
+                href: https://www.example.com/okta-medium.png
+                type: image/png
+              - name: large
+                href: https://www.example.com/okta-large.png
+                type: image/png
+            users:
+              href: https://{yourOktaDomain}/api/v1/groups/00g4cweckiXJaEqWl0g7/users
+            apps:
+              href: https://{yourOktaDomain}/api/v1/groups/00g4cweckiXJaEqWl0g7/apps
+    InlineHookTelephony:
+      value:
+        channel:
+          type: HTTP
+          version: 1.0.0
+          config:
+            uri: https://your-external-webservice/sendOtp
+            headers: []
+            method: POST
+            authScheme:
+              type: HEADER
+              key: x-telephony-key
+        created: '2024-03-28T17:30:25.000Z'
+        id: caldpyulr3nbET2du1d7
+        lastUpdated: '2024-05-07T16:35:18.000Z'
+        name: testTelephonyHook
+        status: ACTIVE
+        type: com.okta.telephony.provider
+        version: null
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/inlineHooks/caldpyulr3nbET2du1d7
+          execute:
+            href: https://{yourOktaDomain}/api/v1/inlineHooks/caldpyulr3nbET2du1d7/execute
+            hints:
+              allow":
+                - POST
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/inlineHooks/caldpyulr3nbET2du1d7/lifecycle/deactivate
+            hints:
+              allow":
+                - POST
     ListAllKeysResponse:
       summary: List All Keys response example
       value:
@@ -19072,11 +26020,158 @@ components:
           created: '2022-08-31T18:09:58.000Z'
           lastUpdated: '2022-08-31T18:09:58.000Z'
           isUsed: 'false'
+    ListAppGrantsEx:
+      summary: List all app Grants example
+      value:
+        - id: oag91n9ruw3dsaXzP0h6
+          status: ACTIVE
+          created: '2023-02-21T16:54:00.000Z'
+          createdBy:
+            id: 00u6eltha0nrSc47i0h7
+            type: User
+          lastUpdated: '2023-02-21T16:54:00.000Z'
+          issuer: '{yourOktaDomain}'
+          clientId: '{clientId}'
+          scopeId: okta.users.read
+          source: ADMIN
+          _embedded:
+            scope:
+              id: okta.users.read
+          _links:
+            app:
+              href: https://{yourOktaDomain}/api/v1/apps/{appId}
+              title: Application name
+            self:
+              href: https://{yourOktaDomain}/api/v1/apps/{appId}/grants/oag91n9ruw3dsaXzP0h6
+              hints:
+                allow:
+                  - GET
+                  - DELETE
+            client:
+              href: https://{yourOktaDomain}/oauth2/v1/clients/{clientId}
+              title: Client name
+        - id: oaghm3sh9ukdkvDmO0h6
+          status: ACTIVE
+          created: '2023-02-03T21:57:49.000Z'
+          createdBy:
+            id: 00u6eltha0nrSc47i0h7
+            type: User
+          lastUpdated: '2023-02-03T21:57:49.000Z'
+          issuer: '{yourOktaDomain}'
+          clientId: '{clientId}'
+          scopeId: okta.apps.manage
+          source: ADMIN
+          _embedded:
+            scope:
+              id: okta.apps.manage
+          _links:
+            app:
+              href: https://{yourOktaDomain}/api/v1/apps/{appId}
+              title: Application name
+            self:
+              href: https://{yourOktaDomain}/api/v1/apps/{appId}/grants/oaghm3sh9ukdkvDmO0h6
+              hints:
+                allow:
+                  - GET
+                  - DELETE
+            client:
+              href: https://{yourOktaDomain}/oauth2/v1/clients/{clientId}
+              title: Client name
+    ListAssocAuthServerResponse:
+      summary: List associated Authorization Servers
+      value:
+        - id: '{authorizationServerId}'
+          name: Sample Authorization Server
+          description: Sample Authorization Server description
+          audiences:
+            - https://api.resource.com
+          issuer: https://{yourOktaDomain}/oauth2/{authorizationServerId}
+          issuerMode: CUSTOM_URL
+          status: ACTIVE
+          created: '2023-05-17T22:25:57.000Z'
+          lastUpdated: '2023-05-17T22:25:57.000Z'
+          credentials:
+            signing:
+              rotationMode: DYNAMIC
+              lastRotated: '2023-05-17T22:25:57.000Z'
+              nextRotation: '2023-08-15T22:25:57.000Z'
+              kid: WYQxoK4XAwGFn5Zw5AzLxFvqEKLP79BbsKmWeuc5TB4
+              use: sig
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}
+              hints:
+                allow:
+                  - DELETE
+    ListAuthServersResponse:
+      summary: List all custom authorization servers in your org
+      value:
+        - id: '{authorizationServerId}'
+          name: Sample Authorization Server
+          description: Sample Authorization Server description
+          audiences:
+            - https://api.resource.com
+          issuer: https://{yourOktaDomain}/oauth2/{authorizationServerId}
+          issuerMode: ORG_URL
+          status: ACTIVE
+          created: '2023-05-17T22:25:57.000Z'
+          lastUpdated: '2023-05-17T22:25:57.000Z'
+          credentials:
+            signing:
+              rotationMode: AUTO
+              lastRotated: '2023-05-17T22:25:57.000Z'
+              nextRotation: '2023-08-15T22:25:57.000Z'
+              kid: WYQxoK4XAwGFn5Zw5AzLxFvqEKLP79BbsKmWeuc5TB4
+          _links:
+            scopes:
+              href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes
+              hints:
+                allow:
+                  - GET
+            claims:
+              href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims
+              hints:
+                allow:
+                  - GET
+            policies:
+              href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/policies
+              hints:
+                allow:
+                  - GET
+            self:
+              href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}
+              hints:
+                allow:
+                  - GET
+                  - DELETE
+                  - PUT
+            metadata:
+              - name: oauth-authorization-server
+                href: https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/oauth-authorization-server
+                hints:
+                  allow:
+                    - GET
+              - name: openid-configuration
+                href: https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/openid-configuration
+                hints:
+                  allow:
+                    - GET
+            rotateKey:
+              href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/credentials/lifecycle/keyRotate
+              hints:
+                allow:
+                  - POST
+            deactivate:
+              href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/lifecycle/deactivate
+              hints:
+                allow:
+                  - POST
     ListBrandsResponse:
       value:
         - id: bnd114iNkrcN6aR680g4
           name: Okta Default
           isDefault: true
+          agreeToCustomPrivacyPolicy: false
           removePoweredByOkta: false
           customPrivacyPolicyUrl: null
           locale: en
@@ -19098,6 +26193,52 @@ components:
               hints:
                 allow:
                   - GET
+            emailDomain:
+              href: https://{yourOktaDomain}/api/v1/email-domains/OeD114iNkrcN6aR680g4
+              hints:
+                allow:
+                  - GET
+                  - PUT
+    ListClientsResponse:
+      summary: List all Client resources for which an authorization server has tokens
+      value:
+        - client_id: '{clientId}'
+          client_name: My Web App
+          client_uri: null,
+          logo_uri: null,
+          _links:
+            client:
+              href: https://{yourOktaDomain}/oauth2/v1/clients/{clientId}
+              title: My Web App
+            tokens:
+              href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/clients/{clientId}/tokens
+              hints:
+                allow:
+                  - GET
+                  - DELETE
+    ListCustomTokenClaimsResponse:
+      summary: List all custom token Claims for an authorization server
+      value:
+        - id: '{claimId}'
+          name: sub
+          status: ACTIVE
+          claimType: RESOURCE
+          valueType: EXPRESSION
+          value: '(appuser != null) ? appuser.userName : app.clientId'
+          conditions:
+            scopes:
+              - profile
+          system: true
+          alwaysIncludeInToken: true
+          apiResourceId: null
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims/{claimId}
+              hints:
+                allow:
+                  - GET
+                  - PUT
+                  - DELETE
     ListEmailCustomizationResponse:
       value:
         - language: en
@@ -19105,8 +26246,8 @@ components:
           subject: Welcome to ${org.name}!
           body: <!DOCTYPE html><html><body><p>Hello, ${user.profile.firstName}. Click <a href="${activationLink}">here</a> to activate your account.</body></html>
           id: oel11u6DqUiMbQkpl0g4
-          created: 2021-11-09T20:38:10.000Z
-          lastUpdated: 2021-11-11T20:38:10.000Z
+          created: '2021-11-09T20:38:10.000Z'
+          lastUpdated: '2021-11-11T20:38:10.000Z'
           _links:
             self:
               href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4
@@ -19133,6 +26274,22 @@ components:
     ListEmailTemplateResponse:
       value:
         - name: UserActivation
+          _embedded:
+            customizationCount: 0
+            settings:
+              recipients: ALL_USERS
+              _links:
+                self:
+                  href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/settings
+                  hints:
+                    allow:
+                      - GET
+                      - PUT
+                template:
+                  href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
+                  hints:
+                    allow:
+                      - GET
           _links:
             self:
               href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
@@ -19162,6 +26319,85 @@ components:
               hints:
                 allow:
                   - POST
+    ListFeatureDependenciesResponse:
+      summary: List all dependencies for a feature
+      value:
+        - id: ftrZooGoT8b41iWRiQs7
+          description: Example feature description
+          name: Example feature name
+          stage:
+            state: OPEN
+            value: EA
+          status: ENABLED
+          type: self-service
+          _links:
+            self:
+              hints:
+                allow:
+                  - POST
+              href: https://{yourOktaDomain}/api/v1/features/ftrZooGoT8b41iWRiQs7
+            dependents:
+              href: https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependents
+            dependencies:
+              href: https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependencies
+    ListFeatureDependentsResponse:
+      summary: List all feature dependents for the specified feature
+      value:
+        - id: ftrZooGoT8b41iWRiQs7
+          description: Example feature description
+          name: Example feature name
+          stage:
+            state: OPEN
+            value: EA
+          status: ENABLED
+          type: self-service
+          _links:
+            self:
+              hints:
+                allow:
+                  - POST
+              href: https://{yourOktaDomain}/api/v1/features/ftrZooGoT8b41iWRiQs7
+            dependents:
+              href: https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependents
+            dependencies:
+              href: https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependencies
+    ListFeaturesResponse:
+      summary: List all self-service features for your org
+      value:
+        - id: ftrZooGoT8b41iWRiQs7
+          description: Example feature description
+          name: Example feature name
+          stage:
+            state: CLOSED
+            value: BETA
+          status: DISABLED
+          type: self-service
+          _links:
+            self:
+              hints:
+                allow:
+                  - POST
+              href: https://{yourOktaDomain}/api/v1/features/ftrZooGoT8b41iWRiQs7
+            dependents:
+              href: https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependents
+            dependencies:
+              href: https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependencies
+    ListLinkedObjects:
+      summary: List all Linked Object definitions
+      value:
+        - primary:
+            name: manager
+            title: manager
+            description: Manager link property
+            type: USER
+          associated:
+            name: subordinate
+            title: subordinate
+            description: Subordinate link property
+            type: USER
+          _links:
+            self:
+              href: http://your-subdomain.okta.com/api/v1/meta/schemas/user/linkedObjects/manager
     ListMappingsResponse:
       summary: List all Profile Mappings response
       value:
@@ -19187,17 +26423,101 @@ components:
           _links:
             self:
               href: https://{yourOktaDomain}/api/v1/mappings/prm1k48weFSOnEUnw0g4
+    ListOfSecurityEventsProviderInstances:
+      summary: List of Security Events Providers
+      value:
+        - id: sse1qg25RpusjUP6m0g5
+          name: Security Events Provider with well-known URL
+          type: okta
+          status: ACTIVE
+          settings:
+            well_known_url: https://example.okta.com/.well-known/ssf-configuration
+            issuer: Issuer
+            jwks_url: https://example.okta.com/jwks/path
+          _links:
+            self:
+              href: https://example.okta.com/api/v1/security-events-providers/sse1qg25RpusjUP6m0g5
+              hints:
+                allow:
+                  - GET
+                  - PUT
+                  - DELETE
+            deactivate:
+              href: https://example.okta.com/api/v1/security-events-providers/sse1qg25RpusjUP6m0g5/lifecycle/deactivate
+              hints:
+                allow:
+                  - POST
+        - id: sse1qu4fUtsoD12iF0g5
+          name: Security Events Provider with an issuer and a JWKS URL
+          type: okta
+          status: ACTIVE
+          settings:
+            issuer: Issuer
+            jwks_url: https://example.okta.com/jwks/path
+          _links:
+            self:
+              href: https://example.okta.com/api/v1/security-events-providers/sse1qu4fUtsoD12iF0g5
+              hints:
+                allow:
+                  - GET
+                  - PUT
+                  - DELETE
+            deactivate:
+              href: https://example.okta.com/api/v1/security-events-providers/sse1qu4fUtsoD12iF0g5/lifecycle/deactivate
+              hints:
+                allow:
+                  - POST
+    ListRealmAssignmentsResponse:
+      value:
+        - id: rul2jy7jLUlnO3ng00g4
+          status: ACTIVE
+          name: Realm Assignment 1
+          created: '2022-04-04T15:56:05.000Z'
+          lastUpdated: '2022-05-05T18:15:44.000Z'
+          isDefault: false
+          conditions:
+            profileSourceId: 0oa4enoRyjwSCy5hx0g4
+            expression:
+              value: user.profile.role ==\"Manager\"
+          actions:
+            assignUserToRealm:
+              realmId: 00g1b7rvh0xPLKXFf0g5
+          priority: 0
+          _links:
+            self:
+              rel: self
+              href: http://your-subdomain.okta.com/api/v1/realm-assignments/rul2jy7jLUlnO3ng00g4
+              method: GET
+        - id: rul2jy7jLUlnO5ng00g4
+          status: ACTIVE
+          name: Catch-all
+          created: '2022-04-04T15:56:05.000Z'
+          lastUpdated: '2022-05-05T18:15:44.000Z'
+          isDefault: true
+          conditions:
+            profileSourceId: 0oa4enoRyjwSCy6hx0g4,
+            expression:
+              value: string
+          actions:
+            assignUserToRealm:
+              realmId: 00g1b7rvh0xPLKXFf2g5
+          priority: 499
+          _links:
+            self:
+              rel: self
+              href: http://your-subdomain.okta.com/api/v1/realm-assignments/rul2jy7jLUlnO5ng00g4
+              method: GET
     ListRealmAwareUsersResponse:
       summary: List all Users
       value:
         - id: 00u118oQYT4TBGuay0g4
           status: ACTIVE
-          created: 2022-04-04T15:56:05.000Z
+          created: '2022-04-04T15:56:05.000Z'
           activated: null
           statusChanged: null
-          lastLogin: 2022-05-04T19:50:52.000Z
-          lastUpdated: 2022-05-05T18:15:44.000Z
-          passwordChanged: 2022-04-04T16:00:22.000Z
+          lastLogin: '2022-05-04T19:50:52.000Z'
+          lastUpdated: '2022-05-05T18:15:44.000Z'
+          passwordChanged: '2022-04-04T16:00:22.000Z'
           type:
             id: oty1162QAr8hJjTaq0g4
           profile:
@@ -19219,16 +26539,69 @@ components:
     ListRealmsResponse:
       value:
         - id: guox9jQ16k9V8IFEL0g3
-          created: 2022-04-04T15:56:05.000Z
-          lastUpdated: 2022-05-05T18:15:44.000Z
+          created: '2022-04-04T15:56:05.000Z'
+          lastUpdated: '2022-05-05T18:15:44.000Z'
           isDefault: false
           profile:
             name: Car Co
+            realmType: PARTNER
           _links:
             self:
               rel: self
               href: http://your-subdomain.okta.com/api/v1/realms/guox9jQ16k9V8IFEL0g3
               method: GET
+    ListRefreshTokensClientsResponse:
+      summary: List all refresh tokens for a Client
+      value:
+        - id: '{refreshTokenId}'
+          status: ACTIVE
+          created: '2023-09-21T19:59:56.000Z'
+          lastUpdated: '2023-09-21T20:00:38.000Z'
+          expiresAt: '2023-09-28T20:00:38.000Z'
+          issuer: https://{yourOktaDomain}/oauth2/{authorizationServerId}
+          client_id: '{clientId}'
+          userId: '{userId}'
+          scopes:
+            - offline_access
+            - openid
+          _embedded:
+            scopes:
+              - id: '{scopeId}'
+                name: openid
+                displayName: openid
+                description: Signals that a request is an OpenID request
+                _links:
+                  scope:
+                    href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes/{scopeId}
+                    title: openid
+              - id: '{scopeID}'
+                name: offline_access
+                displayName: Keep you signed in to the app
+                description: This keeps you signed in to the app, even when you aren't using it.
+                _links:
+                  scope:
+                    href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes/{scopeId}
+                    itle: Keep you signed in to the app
+          _links:
+            app:
+              href: https://{yourOktaDomain}/api/v1/apps/{appId}
+              title: My Web App
+            authorizationServer:
+              href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}
+              title: Authorization Server name
+            self:
+              href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/clients/{clientId}/tokens/{tokenId}
+            revoke:
+              href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/clients/{clientId}/tokens/{tokenId}
+              hints:
+                allow:
+                  - DELETE
+            client:
+              href: https://{yourOktaDomain}/oauth2/v1/clients/{clientId}
+              title: My Web App
+            user:
+              href: https://{yourOktaDomain}/api/v1/users/{userId}
+              title: Joe User
     ListRiskProviderResponse:
       summary: List Risk Provider response example
       value:
@@ -19245,46 +26618,93 @@ components:
                 allow:
                   - GET
                   - PUT
+    ListRoleAssignments:
+      value:
+        - id: JBCUYUC7IRCVGS27IFCE2SKO
+          label: Help Desk Administrator
+          type: HELP_DESK_ADMIN
+          status: ACTIVE
+          created: '2023-05-01T14:24:54.000Z'
+          lastUpdated: '2023-05-01T14:24:54.000Z'
+          assignmentType: CLIENT
+          _links:
+            assignee:
+              href: https://{yourOktaDomain}/oauth2/v1/clients/0jrabyQWm4B9zVJPbotY/roles
+        - id: irb4ey26fpFI3vQ8y0g7
+          label: view_minimal
+          type: CUSTOM
+          status: ACTIVE
+          created: '2023-05-01T15:16:47.000Z'
+          lastUpdated: '2023-05-01T15:16:47.000Z'
+          assignmentType: CLIENT
+          resource-set: iam4cxy6z7hhaZCSk0g7
+          role: cr04cxy6yzSCtNciD0g7
+          _links:
+            role:
+              href: https://{yourOktaDomain}/api/v1/iam/roles/cr04cxy6yzSCtNciD0g7
+            resource-set:
+              href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iam4cxy6z7hhaZCSk0g7
+            permissions:
+              href: https://{yourOktaDomain}/api/v1/iam/roles/cr04cxy6yzSCtNciD0g7/permissions
+            member:
+              href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iam4cxy6z7hhaZCSk0g7/bindings/cr04cxy6yzSCtNciD0g7/members/irb4ey26fpFI3vQ8y0g7
+            assignee:
+              href: https://{yourOktaDomain}/oauth2/v1/clients/0oa4ee9vgbIuqTUvd0g7
     ListSessionsResponse:
       value:
         - id: uij4ri8ZLk0ywyqxB0g1
           identitySourceId: 0oa3l6l6WK6h0R0QW0g4
           status: CREATED
           importType: INCREMENTAL
-          created: 2022-04-04T15:56:05.000Z
-          lastUpdated: 2022-05-05T16:15:44.000Z
+          created: '2022-04-04T15:56:05.000Z'
+          lastUpdated: '2022-05-05T16:15:44.000Z'
     ListSessionsResponseForGetSessions:
       value:
         - id: uij4ri8ZLk0ywyqxB0g1
           identitySourceId: 0oa3l6l6WK6h0R0QW0g4
           status: CREATED
           importType: INCREMENTAL
-          created: 2022-04-04T15:56:05.000Z
-          lastUpdated: 2022-05-05T16:15:44.000Z
+          created: '2022-04-04T15:56:05.000Z'
+          lastUpdated: '2022-05-05T16:15:44.000Z'
         - id: uij4ri8ZLk0ywyqxB0g2
           identitySourceId: 0oa3l6l6WK6h0R0QW0g4
           status: TRIGGERED
           importType: INCREMENTAL
-          created: 2022-04-04T16:56:05.000Z
-          lastUpdated: 2022-05-05T17:15:44.000Z
+          created: '2022-04-04T16:56:05.000Z'
+          lastUpdated: '2022-05-05T17:15:44.000Z'
         - id: uij4ri8ZLk0ywyqxB0g3
           identitySourceId: 0oa3l6l6WK6h0R0QW0g4
           status: IN_PROGRESS
           importType: INCREMENTAL
-          created: 2022-04-04T17:56:05.000Z
-          lastUpdated: 2022-05-05T18:15:44.000Z
+          created: '2022-04-04T17:56:05.000Z'
+          lastUpdated: '2022-05-05T18:15:44.000Z'
         - id: uij4ri8ZLk0ywyqxB0g4
           identitySourceId: 0oa3l6l6WK6h0R0QW0g4
           status: EXPIRED
           importType: INCREMENTAL
-          created: 2022-04-04T18:56:05.000Z
-          lastUpdated: 2022-05-05T19:15:44.000Z
+          created: '2022-04-04T18:56:05.000Z'
+          lastUpdated: '2022-05-05T19:15:44.000Z'
         - id: uij4ri8ZLk0ywyqxB0g5
           identitySourceId: 0oa3l6l6WK6h0R0QW0g4
           status: CLOSED
           importType: INCREMENTAL
-          created: 2022-04-04T19:56:05.000Z
-          lastUpdated: 2022-05-05T20:15:44.000Z
+          created: '2022-04-04T19:56:05.000Z'
+          lastUpdated: '2022-05-05T20:15:44.000Z'
+    ListThemesResponse:
+      value:
+        - id: thdul904tTZ6kWVhP0g3
+          logo: https://{yourOktaDomain}/assets/img/logos/okta-logo.47066819ac7db5c13f4c431b2687cef6.png
+          favicon: https://{yourOktaDomain}/favicon.ico
+          backgroundImage: null
+          primaryColorHex: '#1662dd'
+          primaryColorContrastHex: '#000000'
+          secondaryColorHex: '#ebebed'
+          secondaryColorContrastHex: '#000000'
+          signInPageTouchPointVariant: OKTA_DEFAULT
+          endUserDashboardTouchPointVariant: OKTA_DEFAULT
+          errorPageTouchPointVariant: OKTA_DEFAULT
+          emailTemplateTouchPointVariant: OKTA_DEFAULT
+          loadingPageTouchPointVariant: OKTA_DEFAULT
     ListUISchemaResponse:
       summary: Lists all UI Schemas response
       value:
@@ -19401,12 +26821,12 @@ components:
       value:
         - id: 00u118oQYT4TBTemp0g4
           status: ACTIVE
-          created: 2022-04-04T15:56:05.000Z
+          created: '2022-04-04T15:56:05.000Z'
           activated: null
           statusChanged: null
-          lastLogin: 2022-05-04T19:50:52.000Z
-          lastUpdated: 2022-05-05T18:15:44.000Z
-          passwordChanged: 2022-04-04T16:00:22.000Z
+          lastLogin: '2022-05-04T19:50:52.000Z'
+          lastUpdated: '2022-05-05T18:15:44.000Z'
+          passwordChanged: '2022-04-04T16:00:22.000Z'
           type:
             id: oty1162QAr8hJjTaq0g4
           profile:
@@ -19474,14 +26894,14 @@ components:
           originId: 'null'
           originType: OKTA_DIRECTORY
           displayName: Mabel Mora
-          lastUpdated: 2023-03-29T18:30:58.000Z
+          lastUpdated: '2023-03-29T18:30:58.000Z'
         - id: 00u1cmc52x5B86cnZ0h8
           type: USER
           resolved: true
           originId: 'null'
           originType: OKTA_DIRECTORY
           displayName: Cinda Canning
-          lastUpdated: 2023-03-29T18:30:55.000Z
+          lastUpdated: '2023-03-29T18:30:55.000Z'
     LogStreamActivateResponse:
       summary: Activate Log Stream response
       value:
@@ -19600,7 +27020,7 @@ components:
             href: http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4/lifecycle/deactivate
             method: POST
     LogStreamSchemaAws:
-      value: &ref_4
+      value:
         $schema: https://json-schema.org/draft/2020-12/schema
         $id: http://{yourOktaDomain}/api/v1/meta/schemas/logStream/aws_eventbridge
         title: AWS EventBridge
@@ -19672,9 +27092,76 @@ components:
             name: Name can't exceed 100 characters.
     LogStreamSchemaList:
       value:
-        - *ref_4
-        - &ref_5
-          $schema: https://json-schema.org/draft/2020-12/schema
+        - $schema: https://json-schema.org/draft/2020-12/schema
+          $id: http://{yourOktaDomain}/api/v1/meta/schemas/logStream/aws_eventbridge
+          title: AWS EventBridge
+          type: object
+          properties:
+            settings:
+              description: Configuration properties specific to AWS EventBridge
+              type: object
+              properties:
+                accountId:
+                  title: AWS Account ID
+                  description: Your Amazon AWS Account ID.
+                  type: string
+                  writeOnce: true
+                  pattern: ^\d{12}$
+                eventSourceName:
+                  title: AWS Event Source Name
+                  description: An alphanumeric name (no spaces) to identify this event source in AWS EventBridge.
+                  type: string
+                  writeOnce: true
+                  pattern: ^[\.\-_A-Za-z0-9]{1,75}$
+                region:
+                  title: AWS Region
+                  description: The destination AWS region for your system log events.
+                  type: string
+                  writeOnce: true
+                  oneOf:
+                    - title: US East (Ohio)
+                      const: us-east-2
+                    - title: US East (N. Virginia)
+                      const: us-east-1
+                    - title: US West (N. California)
+                      const: us-west-1
+                    - title: US West (Oregon)
+                      const: us-west-2
+                    - title: Canada (Central)
+                      const: ca-central-1
+                    - title: Europe (Frankfurt)
+                      const: eu-central-1
+                    - title: Europe (Ireland)
+                      const: eu-west-1
+                    - title: Europe (London)
+                      const: eu-west-2
+                    - title: Europe (Paris)
+                      const: eu-west-3
+                    - title: Europe (Milan)
+                      const: eu-south-1
+                    - title: Europe (Stockholm)
+                      const: eu-north-1
+              required:
+                - eventSourceName
+                - accountId
+                - region
+              errorMessage:
+                properties:
+                  accountId: Account number must be 12 digits.
+                  eventSourceName: Event source name can use numbers, letters, the symbols ".", "-" or "_". It must use fewer than 76 characters.
+            name:
+              title: Name
+              description: A name for this log stream in Okta
+              type: string
+              writeOnce: false
+              pattern: ^.{1,100}$
+          required:
+            - name
+            - settings
+          errorMessage:
+            properties:
+              name: Name can't exceed 100 characters.
+        - $schema: https://json-schema.org/draft/2020-12/schema
           $id: http://{yourOktaDomain}/api/v1/meta/schemas/logStream/splunk_cloud_logstreaming
           title: Splunk Cloud
           type: object
@@ -19714,7 +27201,205 @@ components:
             properties:
               name: Name can't exceed 100 characters.
     LogStreamSchemaSplunk:
-      value: *ref_5
+      value:
+        $schema: https://json-schema.org/draft/2020-12/schema
+        $id: http://{yourOktaDomain}/api/v1/meta/schemas/logStream/splunk_cloud_logstreaming
+        title: Splunk Cloud
+        type: object
+        properties:
+          settings:
+            description: Configuration properties specific to Splunk Cloud
+            type: object
+            properties:
+              host:
+                title: Host
+                description: 'The domain for your Splunk Cloud instance without http or https. For example: acme.splunkcloud.com'
+                type: string
+                writeOnce: false
+                pattern: ^([a-z0-9]+(-[a-z0-9]+)*){1,100}\.splunkcloud(gc|fed)?\.com$
+              token:
+                title: HEC Token
+                description: The token from your Splunk Cloud HTTP Event Collector (HEC).
+                type: string
+                writeOnce: false
+                pattern: '[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}'
+            required:
+              - host
+              - token
+            errorMessage:
+              properties:
+                host: 'Host should be a domain without http or https. For example: acme.splunkcloud.com'
+          name:
+            title: Name
+            description: A name for this log stream in Okta
+            type: string
+            writeOnce: false
+            pattern: ^.{1,100}$
+        required:
+          - name
+          - settings
+        errorMessage:
+          properties:
+            name: Name can't exceed 100 characters.
+    NzErrorApiValidationFailed:
+      summary: API Validation Failed
+      value:
+        errorCode: E0000003
+        errorSummary: The request body was not well-formed.
+        errorLink: E0000003
+        errorId: samplewNxQUR9iohr4QYlD0eg
+        errorCauses: []
+    NzErrorResourceNotFound:
+      summary: Resource Not Found
+      value:
+        errorCode: E0000007
+        errorSummary: 'Not found: Resource not found: itd (NetworkZone)'
+        errorLink: E0000007
+        errorId: samplejCSVaKFDkCMElmKQ
+        errorCauses: []
+    OAuth2RefreshTokenResponseEx:
+      summary: OAuth 2.0 refresh token example
+      value:
+        id: oar579Mcp7OUsNTlo0g3
+        status: ACTIVE
+        created: '2023-03-09T03:18:06.000Z'
+        lastUpdated: '2023-03-09T03:18:06.000Z'
+        expiresAt: '2023-03-16T03:18:06.000Z'
+        issuer: https://{yourOktaDomain}/oauth2/ausain6z9zIedDCxB0h7
+        clientId: 0oabskvc6442nkvQO0h7
+        userId: 00u5t60iloOHN9pBi0h7
+        scopes:
+          - offline_access
+          - car:drive
+        _embedded:
+          scopes:
+            - id: scppb56cIl4GvGxy70g3
+              name: offline_access
+              description: Requests a refresh token by default and is used to obtain more access tokens without re-prompting the user for authentication
+              _links:
+                scope:
+                  href: https://{yourOktaDomain}/api/v1/authorizationServers/ausain6z9zIedDCxB0h7/scopes/scppb56cIl4GvGxy70g3
+                  title: offline_access
+            - id: scp142iq2J8IGRUCS0g4
+              name: car:drive
+              displayName: Drive car
+              description: Allows the user to drive a car
+              _links:
+                scope:
+                  href: https://{yourOktaDomain}/api/v1/authorizationServers/ausain6z9zIedDCxB0h7/scopes/scp142iq2J8IGRUCS0g4
+                  title: Drive car
+        _links:
+          app:
+            href: https://{yourOktaDomain}/api/v1/apps/0oabskvc6442nkvQO0h7
+            title: Native
+          self:
+            href: https://{yourOktaDomain}/api/v1/apps/0oabskvc6442nkvQO0h7/tokens/oar579Mcp7OUsNTlo0g3
+          revoke:
+            href: https://{yourOktaDomain}/api/v1/apps/0oabskvc6442nkvQO0h7/tokens/oar579Mcp7OUsNTlo0g3
+            hints:
+              allow:
+                - DELETE
+          client:
+            href: https://{yourOktaDomain}/oauth2/v1/clients/0oabskvc6442nkvQO0h7
+            title: Example Client App
+          user:
+            href: https://{yourOktaDomain}/api/v1/users/00upcgi9dyWEOeCwM0g3
+            title: Saml Jackson
+          authorizationServer:
+            href: https://{yourOktaDomain}/api/v1/authorizationServers/ausain6z9zIedDCxB0h7
+            title: Example Authorization Server
+    OAuth2RefreshTokenResponseListEx:
+      summary: App refresh token list example
+      value:
+        - id: oar579Mcp7OUsNTlo0g3
+          status: ACTIVE
+          created: '2023-03-09T03:18:06.000Z'
+          lastUpdated: '2023-03-09T03:18:06.000Z'
+          expiresAt: '2023-03-16T03:18:06.000Z'
+          issuer: https://{yourOktaDomain}/oauth2/ausain6z9zIedDCxB0h7
+          clientId: 0oabskvc6442nkvQO0h7
+          userId: 00u5t60iloOHN9pBi0h7
+          scopes:
+            - offline_access
+            - car:drive
+          _embedded:
+            scopes:
+              - id: scppb56cIl4GvGxy70g3
+                name: offline_access
+                description: Requests a refresh token by default and is used to obtain more access tokens without re-prompting the user for authentication
+                _links:
+                  scope:
+                    href: https://{yourOktaDomain}/api/v1/authorizationServers/ausain6z9zIedDCxB0h7/scopes/scppb56cIl4GvGxy70g3
+                    title: offline_access
+              - id: scp142iq2J8IGRUCS0g4
+                name: car:drive
+                displayName: Drive car
+                description: Allows the user to drive a car
+                _links:
+                  scope:
+                    href: https://{yourOktaDomain}/api/v1/authorizationServers/ausain6z9zIedDCxB0h7/scopes/scp142iq2J8IGRUCS0g4
+                    title: Drive car
+          _links:
+            app:
+              href: https://{yourOktaDomain}/api/v1/apps/0oabskvc6442nkvQO0h7
+              title: Native
+            self:
+              href: https://{yourOktaDomain}/api/v1/apps/0oabskvc6442nkvQO0h7/tokens/oar579Mcp7OUsNTlo0g3
+            revoke:
+              href: https://{yourOktaDomain}/api/v1/apps/0oabskvc6442nkvQO0h7/tokens/oar579Mcp7OUsNTlo0g3
+              hints:
+                allow:
+                  - DELETE
+            client:
+              href: https://{yourOktaDomain}/oauth2/v1/clients/0oabskvc6442nkvQO0h7
+              title: Example Client App
+            user:
+              href: https://{yourOktaDomain}/api/v1/users/00upcgi9dyWEOeCwM0g3
+              title: Saml Jackson
+            authorizationServer:
+              href: https://{yourOktaDomain}/api/v1/authorizationServers/ausain6z9zIedDCxB0h7
+              title: Example Authorization Server
+    OperationResponse:
+      value:
+        id: rre4mje4ez6B2a7B60g7
+        type: realm:assignment
+        status: COMPLETED
+        created: '2023-10-25T21:02:54.000Z'
+        started: '2023-10-25T21:02:54.000Z'
+        completed: '2023-10-25T21:02:54.000Z'
+        realmId: 00g1b7rvh0xPLKXFf0g5
+        realmName: Realm Name
+        assignmentOperation:
+          configuration:
+            id: 0pr1b7rxZj2ibQzfP0g5
+            name: Realm Assignment 1
+            conditions:
+              profileSourceId: 0oa4enoRyjwSCy5hx0g4
+              expression:
+                value: string
+            actions:
+              assignUserToRealm:
+                realmId: 00g1b7rvh0xPLKXFf0g5
+        numUserMoved: 50
+        _links:
+          self:
+            rel: self
+            href: http://your-subdomain.okta.com/api/v1/operations/rre4mje4ez6B2a7B60g7
+            method: GET
+    OptInStatusResponse:
+      summary: Opt in response
+      value:
+        optInStatus: OPTING_IN
+        _links:
+          optInStatus:
+            href: http://your-subdomain.okta.com/api/v1/iam/governance/optIn
+    OptOutStatusResponse:
+      summary: Opt out response
+      value:
+        optInStatus: OPTING_OUT
+        _links:
+          optInStatus:
+            href: http://your-subdomain.okta.com/api/v1/iam/governance/optIn
     OrgCAPTCHASettingsConfigured:
       summary: Org-wide Captcha Settings are configured
       value:
@@ -19785,6 +27470,43 @@ components:
                 - POST
                 - PUT
                 - DELETE
+    PasswordImportPayloadExample:
+      summary: An example password import inline hook request body
+      value:
+        eventId: 3o9jBzq1SmOGmmsDsqyyeQ
+        eventTime: '2020-01-17T21:23:56.000Z'
+        eventType: com.okta.user.credential.password.import
+        eventTypeVersion: '1.0'
+        contentType: application/json
+        cloudEventVersion: '0.1'
+        source: https://${yourOktaDomain}/api/v1/inlineHooks/cbl2ad6phv9fsPLcF0g7
+        data:
+          context:
+            request:
+              id: XiIl6wn7005Rr@fjYqeC7CCDBxw
+              method: POST
+              url:
+                value: /idp/idx/challenge/answer
+              ipAddress: 66.124.153.138
+            credential:
+              username: isaac.brock@example.com
+              password: Okta
+          action:
+            credential: UNVERIFIED
+    PasswordImportUnVerifiedResponse:
+      summary: A sample response for an unverified user password
+      value:
+        commands:
+          - type: com.okta.action.update
+            value:
+              credential: UNVERIFIED
+    PasswordImportVerifiedResponse:
+      summary: A sample response for a verified user password
+      value:
+        commands:
+          - type: com.okta.action.update
+            value:
+              credential: VERIFIED
     PerClientRateLimitSettingsEnforceDefault:
       value:
         defaultMode: ENFORCE
@@ -19922,17 +27644,73 @@ components:
         createdBy: user1234
         lastUpdate: '2022-05-20T21:13:07.410Z'
         lastUpdatedBy: user4321
+    PrivilegedResourceCreateAppAccountRequest:
+      value:
+        resourceType: APP_ACCOUNT
+        containerDetails:
+          containerId: 0oa103099SBEb3Z2b0g4
+        credentials:
+          userName: testuser@example.com
+    PrivilegedResourceCreateOktaAccountRequest:
+      value:
+        resourceType: OKTA_USER_ACCOUNT
+        resourceId: 00u100xTfFs4MasRf0g4
+    PrivilegedResourcesGetAppAccountResponse:
+      value:
+        id: opa100xTfFs4MasRf0g4
+        resourceType: APP_ACCOUNT
+        containerDetails:
+          appName: google,
+          containerId: 0oa103099SBEb3Z2b0g4,
+          displayName: Google App1,
+          globalAppId: 964b82aa-85b4-5645-b790-83312c473480,
+          passwordPushSupported: true,
+          provisioningEnabled: true,
+          _links:
+            login:
+              href: https://appinstance-admin.oktapreview.com/home/google/0oa103099SBEb3Z2b0g4,
+            logo:
+              href: https://appinstance-admin.oktapreview.com/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png,
+        credentials:
+          userName: testuser@example.com
+        created: '2024-06-10T11:11:01.000Z'
+        lastUpdated: '2024-06-10T11:11:01.000Z'
+        status: ACTIVE
+        credentialChanged: '2024-06-10T11:30:01.000Z'
+        credentialSyncState: SYNCED
+    PrivilegedResourcesGetOktaAccountResponse:
+      value:
+        id: opa100xTfFs4MasRf0g4
+        resourceType: OKTA_USER_ACCOUNT
+        resourceId: 00u100xTfFs4MasRf0g4,
+        credentials:
+          userName: testuser@example.com
+        profile:
+          email: testuser@example.com
+        created: '2024-06-10T11:11:01.000Z'
+        lastUpdated: '2024-06-10T11:11:01.000Z'
+        status: ACTIVE
+        credentialChanged: '2024-06-10T11:30:01.000Z'
+        credentialSyncState: SYNCED
+    ProvisioningConnectionOauthO365RequestEx:
+      summary: Provisioning Connection with OAuth 2.0 for Microsoft Office 365 app
+      value:
+        profile:
+          authScheme: OAUTH2
+          settings:
+            adminUsername: office_admin-username
+            adminPassword: office_admin-password
     ProvisioningConnectionOauthRequestEx:
       summary: Provisioning Connection with OAuth 2.0
       value:
         profile:
           authScheme: OAUTH2
-          clientId: 0oa2h6su6bVFyJzIf1d7
     ProvisioningConnectionOauthResponseEx:
-      summary: Provisioning Connection with OAuth 2.0
+      summary: Provisioning Connection with OAuth 2.0 for Microsoft Office 365 app
       value:
-        authScheme: OAUTH2
         status: ENABLED
+        profile:
+          authScheme: OAUTH2
         _links:
           self:
             href: https://{yourOktaDomain}/api/v1/apps/${appId}/connections/default
@@ -19945,17 +27723,54 @@ components:
             hints:
               allow:
                 - POST
+          authorize:
+            href: https://login.microsoftonline.com/myofficetenant.onmicrosoft.com/oauth2/authorize?response_type=code&state=<code>>&client_id=<client_id>&redirect_uri=<redirect_uri>&scope=<scope>
+            hints:
+              allow:
+                - GET
+            guidance:
+              - Specifies the URI to invoke in a browser for granting scope consent required to complete the OAuth 2.0 connection.
+    ProvisioningConnectionTokenOrg2OrgRequestEx:
+      summary: Provisioning Connection with token for Okta Org2Org app
+      value:
+        profile:
+          authScheme: TOKEN
+          clientId: 0oa2h6su6bVFyJzIf1d7
     ProvisioningConnectionTokenRequestEx:
-      summary: Provisioning Connection with token
+      summary: Provisioning Connection with token for Zscaler 2.0 (`zscalerbyz`) app
       value:
+        baseUrl: https://scim.zscalerbeta.net/1234567/890/scim
         profile:
           authScheme: TOKEN
           token: 00NgAPZqUVy8cX9ehNzzahEE5b-On9sImTcInvWp-x
-    ProvisioningConnectionTokenResponseEx:
-      summary: Provisioning Connection with token
+    ProvisioningConnectionTokenResponseWithProfileOrg2OrgEx:
+      summary: Provisioning Connection with token for Okta Org2Org (`okta_org2org`) app
       value:
         authScheme: TOKEN
         status: ENABLED
+        baseUrl: https://targetorg.okta.com
+        profile:
+          authScheme: TOKEN
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/apps/${appId}/connections/default
+            hints:
+              allow:
+                - GET
+                - POST
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/apps/${appId}/connections/default/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    ProvisioningConnectionTokenResponseWithProfileZscalerEx:
+      summary: Provisioning Connection with token for Zscaler 2.0 (`zscalerbyz`) app
+      value:
+        authScheme: TOKEN
+        status: ENABLED
+        baseUrl: https://scim.zscalerbeta.net/1234567/890/scim
+        profile:
+          authScheme: TOKEN
         _links:
           self:
             href: https://{yourOktaDomain}/api/v1/apps/${appId}/connections/default
@@ -19982,7 +27797,7 @@ components:
         id: ppctekcmngGaqeiBxB0g4
         name: APNs Example
         providerType: APNS
-        lastUpdatedDate: 2022-01-01T00:00:00.000Z
+        lastUpdatedDate: '2022-01-01T00:00:00.000Z'
         configuration:
           keyId: KEY_ID
           teamId: TEAM_ID
@@ -20017,7 +27832,7 @@ components:
         id: ppctekcmngGaqeiBxB0g4
         name: FCM Example
         providerType: FCM
-        lastUpdatedDate: 2022-01-01T00:00:00.000Z
+        lastUpdatedDate: '2022-01-01T00:00:00.000Z'
         configuration:
           projectId: PROJECT_ID
           fileName: fileName.p8
@@ -20041,8 +27856,8 @@ components:
     RealmResponse:
       value:
         id: guox9jQ16k9V8IFEL0g3
-        created: 2022-04-04T15:56:05.000Z
-        lastUpdated: 2022-05-05T18:15:44.000Z
+        created: '2022-04-04T15:56:05.000Z'
+        lastUpdated: '2022-05-05T18:15:44.000Z'
         isDefault: false
         profile:
           name: Car Co
@@ -20051,6 +27866,62 @@ components:
             rel: self
             href: http://your-subdomain.okta.com/api/v1/realms/guox9jQ16k9V8IFEL0g3
             method: GET
+    RefreshCurrentSessionResponse:
+      summary: Refresh current session
+      value:
+        amr:
+          - pwd
+        createdAt: '2019-08-24T14:15:22Z'
+        expiresAt: '2019-08-24T14:15:22Z'
+        id: l7FbDVqS8zHSy65uJD85
+        idp:
+          id: 01a2bcdef3GHIJKLMNOP
+          type: ACTIVE_DIRECTORY
+        lastFactorVerification: '2019-08-24T14:15:22Z'
+        lastPasswordVerification: '2019-08-24T14:15:22Z'
+        login: user@example.com
+        status: ACTIVE
+        userId: 00u0abcdefGHIJKLMNOP
+        _links:
+          self:
+            hints:
+              allow:
+                - GET
+                - DELETE
+            href: https://{yourOktaDomain}/api/v1/sessions/me
+          refresh:
+            hints:
+              allow:
+                - POST
+            href: https://{yourOktaDomain}/api/v1/sessions/me/lifecycle/refresh
+          user:
+            hints:
+              allow:
+                - GET
+            href: https://{yourOktaDomain}/api/v1/users/me
+            name: User Name
+    RefreshSessionResponse:
+      summary: Refresh an existing Session using the session ID
+      value:
+        amr:
+          - pwd
+        createdAt: '2019-08-25T14:17:22Z'
+        expiresAt: '2019-08-25T14:17:22Z'
+        id: l7FbDVqS8zHSy65uJD85
+        idp:
+          id: 01a2bcdef3GHIJKLMNOP
+          type: ACTIVE_DIRECTORY
+        lastFactorVerification: '2019-08-24T14:15:22Z'
+        lastPasswordVerification: '2019-08-24T14:15:22Z'
+        login: user@example.com
+        status: ACTIVE
+        userId: 00u0abcdefGHIJKLMNOP
+        _links:
+          self:
+            hints:
+              allow:
+                - DELETE
+          href: https://{yourOktaDomain}/api/v1/sessions/l7FbDVqS8zHSy65uJD85
     RemoveMappingBody:
       summary: Update an existing profile mapping by removing one or more properties
       value:
@@ -20087,6 +27958,145 @@ components:
         _links:
           self:
             href: https://{yourOktaDomain}/api/v1/mappings/prm1k48weFSOnEUnw0g4
+    ReplaceAnEventHookWithFilter:
+      summary: Replace an event hook
+      value:
+        name: Event Hook with Filter
+        description: An event hook using an Okta Expression Language filter
+        events:
+          type: EVENT_TYPE
+          items:
+            - group.user_membership.add
+          filter:
+            type: EXPRESSION_LANGUAGE
+            eventFilterMap:
+              - event: group.user_membership.add
+                condition:
+                  expression: event.target.?[type eq 'UserGroup'].size()>0 && event.target.?[displayName eq 'Sales'].size()>0
+        channel:
+          type: HTTP
+          version: 1.0.0
+          config:
+            uri: https://example_external_service/userAdded
+            authScheme:
+              type: HEADER
+              key: Authorization
+              value: my-shared-secret
+    ReplaceAuthServerBody:
+      summary: Replace a custom authorization server
+      value:
+        name: New Authorization Server
+        description: Authorization Server description
+        audiences:
+          - api://default
+        credentials:
+          signing:
+            rotationMode: AUTO
+            use: sig
+        issuer: https://{yourOktaDomain}/oauth2/{authorizationServerId}
+        issuerMode: ORG_URL
+        status: ACTIVE
+    ReplaceAuthServerResponse:
+      summary: Replace a custom authorization server
+      value:
+        id: '{authorizationServerId}'
+        name: Sample Authorization Server
+        description: Sample Authorization Server description
+        audiences:
+          - https://api.resource.com
+        issuer: https://{yourOktaDomain}/oauth2/{authorizationServerId}
+        issuerMode: ORG_URL
+        status: ACTIVE
+        created: '2023-05-17T22:25:57.000Z'
+        lastUpdated: '2023-05-17T22:25:57.000Z'
+        credentials:
+          signing:
+            rotationMode: AUTO
+            lastRotated: '2023-05-17T22:25:57.000Z'
+            nextRotation: '2023-08-15T22:25:57.000Z'
+            kid: WYQxoK4XAwGFn5Zw5AzLxFvqEKLP79BbsKmWeuc5TB4
+        _links:
+          scopes:
+            href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes
+            hints:
+              allow:
+                - GET
+          claims:
+            href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims
+            hints:
+              allow:
+                - GET
+          policies:
+            href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/policies
+            hints:
+              allow:
+                - GET
+          self:
+            href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}
+            hints:
+              allow:
+                - GET
+                - DELETE
+                - PUT
+          metadata:
+            - name: oauth-authorization-server
+              href: https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/oauth-authorization-server
+              hints:
+                allow:
+                  - GET
+            - name: openid-configuration
+              href: https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/openid-configuration
+              hints:
+                allow:
+                  - GET
+          rotateKey:
+            href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/credentials/lifecycle/keyRotate
+            hints:
+              allow:
+                - POST
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    ReplaceCustomTokenClaimBody:
+      summary: Replace a custom token Claim
+      value:
+        - alwaysIncludeInToken: true
+          claimType: IDENTITY
+          conditions:
+            scopes:
+              - profile
+          group_filter_type: CONTAINS
+          name: Knowledge_Base
+          status: ACTIVE
+          system: false
+          value: Knowledge Base
+          valueType: GROUPS
+    ReplaceCustomTokenClaimResponse:
+      summary: Replace a custom token Claim response
+      value:
+        - id: '{claimId}'
+          name: Knowledge_Base
+          status: ACTIVE
+          claimType: IDENTITY
+          valueType: GROUPS
+          value: Knowledge Base
+          conditions:
+            scopes:
+              - profile
+          system: false
+          alwaysIncludeInToken: true
+          apiResourceId: null
+          group_filter_type: CONTAINS
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims/{claimId}
+              hints:
+                allow:
+                  - GET
+                  - PUT
+                  - DELETE
     ReplaceKeyResponse:
       summary: Replace a key response example
       value:
@@ -20103,6 +28113,7 @@ components:
         id: nzovw2rFz2YoqmvwZ0g9
         name: UpdatedNetZone
         status: ACTIVE
+        system: false
         usage: POLICY
         gateways:
           - type: CIDR
@@ -20136,15 +28147,15 @@ components:
               allow:
                 - POST
     ReplaceNetworkZoneResponse:
-      summary: Replace Network Zone response
+      summary: Replace Network Zone
       value:
         type: IP
-        id: nzovw2rFz2YoqmvwZ0g3
+        id: nzovw2rFz2YoqmvwZ0g9
         name: UpdatedNetZone
         status: ACTIVE
         usage: POLICY
-        created: '2019-01-24T19:53:28.000Z'
-        lastUpdated: '2019-02-24T19:53:28.000Z'
+        created: '2022-05-08T18:25:05.000Z'
+        lastUpdated: '2022-05-10T13:15:22.000Z'
         system: false
         gateways:
           - type: CIDR
@@ -20164,6 +28175,19 @@ components:
             value: 14.4.5.6-14.4.5.8
           - type: RANGE
             value: 15.5.6.7/24-15.5.6.9
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/zones/nzovw2rFz2YoqmvwZ0g9
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/zones/nzovw2rFz2YoqmvwZ0g9/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
     ReplaceUserTypePutRequest:
       summary: Replace user type request
       value:
@@ -20187,6 +28211,70 @@ components:
             href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
           schema:
             href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+    ResourceSelectorCreateRequestExample:
+      value:
+        name: All applications except Workday applications
+        description: All applications except Workday applications
+        schema: /api/v1/apps
+        filter: name ne "workday"
+    ResourceSelectorCreateResponseExample:
+      value:
+        id: rsl1hx31gVEa6x10v0g5
+        name: All applications except Workday applications
+        description: All applications except Workday applications
+        orn: orn:okta:idp:00o5rb5mt2H3d1TJd0h7:resource_selectors:rsl1hx31gVEa6x10v0g5:apps
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/resource-selectors/rsl1hx31gVEa6x10v0g5
+          resources:
+            href: https://{yourOktaDomain}/api/v1/apps?filter="name ne "workday""
+    ResourceSelectorPatchRequestExample:
+      value:
+        name: All applications except Facebook applications
+        description: All applications except Facebook applications
+        filter: name ne "facebook"
+    ResourceSelectorPatchResponseExample:
+      value:
+        id: rsl1hx31gVEa6x10v0g5
+        name: All applications except Facebook applications
+        description: All applications except Facebook applications
+        orn: orn:okta:idp:00o5rb5mt2H3d1TJd0h7:resource_selectors:rsl1hx31gVEa6x10v0g5:apps
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/resource-selectors/rsl1hx31gVEa6x10v0g5
+          resources:
+            href: https://{yourOktaDomain}/api/v1/apps?filter="name ne "facebook""
+    ResourceSelectorResponseExample:
+      value:
+        id: rsl1hx31gVEa6x10v0g5
+        name: All applications except a specific application
+        description: All applications except a specific application
+        orn: orn:okta:idp:00o5rb5mt2H3d1TJd0h7:resource_selectors:rsl1hx31gVEa6x10v0g5:apps
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/resource-selectors/rsl1hx31gVEa6x10v0g5
+          resources:
+            href: https://{yourOktaDomain}/api/v1/apps?filter="id ne 0oafxqAAJWWGELFTYASH"
+    ResourceSelectorsResponseExample:
+      value:
+        resourceSelectors:
+          - id: rsl1hx31gVEa6x10v0g5
+            name: All applications except Workday applications
+            description: All applications except Workday applications
+            orn: orn:okta:idp:00o5rb5mt2H3d1TJd0h7:resource_selectors:rsl1hx31gVEa6x10v0g5:apps
+            _links:
+              resources:
+                href: http://${yourOktaDomain}/api/v1/apps?filter="id ne 0oafxqCAJWWGELFTYASJ"
+          - id: rsl1hx31gVEa6x10v0g6
+            name: All applications except Facebook applications
+            description: All applications except Facebook applications
+            orn: orn:okta:idp:00o5rb5mt2H3d1TJd0h7:resource_selectors:rsl1hx31gVEa6x10v0g6:apps
+            _links:
+              resources:
+                href: http://${yourOktaDomain}/api/v1/apps?filter="id ne 0oafxqAAJWWGELFTYASH
+        _links:
+          next:
+            href: https://{yourOktaDomain}/api/v1/resource-selectors?after=rsl1hx31gVEa6x10v0g6
     ResourceSetBindingAddMembersRequestExample:
       value:
         additions:
@@ -20345,17 +28433,198 @@ components:
         _links:
           next:
             href: https://{yourOktaDomain}/api/v1/iam/resource-sets?after=iamoJDFKaJxGIr0oamd0q
+    RetrieveADeactivatedEventHook:
+      summary: Deactivated event hook
+      value:
+        id: who8vt36qfNpCGz9H1e6
+        status: INACTIVE
+        verificationStatus: VERIFIED
+        name: Event Hook Test
+        description: null
+        created: '2023-07-07T13:41:56.000Z'
+        createdBy: 00u7xut94qEWYx5ss1e5
+        lastUpdated: '2023-07-07T13:43:03.000Z'
+        events:
+          type: EVENT_TYPE
+          items:
+            - group.user_membership.add
+          filter: null
+        channel:
+          type: HTTP
+          version: 1.0.0
+          config:
+            uri: https://example_external_service/userAdded
+            headers:
+              - key: X-Other-Header
+                value: my-header-value
+            method: POST
+            authScheme:
+              type: HEADER
+              key: authorization
+        _links:
+          self:
+            href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6
+          verify:
+            href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/verify
+            hints:
+              allow:
+                - POST
+          deactivate:
+            href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    RetrieveAllEventHooks:
+      summary: Retrieves all event hooks
+      value:
+        - id: who8tsqyrhCdmetzx135
+          status: ACTIVE
+          verificationStatus: VERIFIED
+          name: Event Hook Test
+          description: null
+          created: '2023-07-07T17:41:56.000Z'
+          createdBy: 00u7xut94qEWYx5ss1e5
+          lastUpdated: '2023-07-07T17:43:03.000Z'
+          events:
+            type: EVENT_TYPE
+            items:
+              - user.lifecycle.deactivate
+              - user.lifecycle.activate
+            filter: null
+          channel:
+            type: HTTP
+            version: 1.0.0
+            config:
+              uri: https://example_external_service/userDeactivate
+              headers: []
+              method: POST
+              authScheme:
+                type: HEADER
+                key: authorization
+          _links:
+            self:
+              href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135
+            verify:
+              href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/verify
+              hints:
+                allow:
+                  - POST
+            deactivate:
+              href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/deactivate
+              hints:
+                allow:
+                  - POST
+        - id: who8vt36qfNpCGz9H1e6
+          status: ACTIVE
+          verificationStatus: VERIFIED
+          name: Event Hook with Filter
+          description: An event hook using an Okta Expression Language filter
+          created: '2023-07-07T13:41:56.000Z'
+          createdBy: 00u7xut94qEWYx5ss1e5
+          lastUpdated: '2023-07-07T13:43:03.000Z'
+          events:
+            type: EVENT_TYPE
+            items:
+              - group.user_membership.add
+            filter:
+              type: EXPRESSION_LANGUAGE
+              eventFilterMap:
+                - event: group.user_membership.add
+                  condition:
+                    version: null
+                    expression: event.target.?[type eq 'UserGroup'].size()>0 && event.target.?[displayName eq 'Sales'].size()>0
+          channel:
+            type: HTTP
+            version: 1.0.0
+            config:
+              uri: https://example_external_service/userAdded
+              headers: []
+              method: POST
+              authScheme:
+                type: HEADER
+                key: authorization
+          _links:
+            self:
+              href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6
+            verify:
+              href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/verify
+              hints:
+                allow:
+                  - POST
+            deactivate:
+              href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/deactivate
+              hints:
+                allow:
+                  - POST
     RetrieveAllZones:
       summary: Retrieves all Network Zones
       value:
+        - type: DYNAMIC_V2
+          id: nzok0oz2xYHOZtIch0g4
+          name: testZone106
+          status: ACTIVE
+          usage: BLOCKLIST
+          create: '2024-05-13T16:33:44.000Z'
+          lastUpdated: '2024-05-13T16:33:44.000Z'
+          system: false
+          locations:
+            include: []
+            exclude: []
+          asns:
+            include: []
+            exclude: []
+          ipServiceCategories:
+            include:
+              - ALL_ANONYMIZERS
+            exclude: []
+          _links:
+            self:
+              href: http://{yourOktaDomain}/api/v1/zones/nzok0oz2xYHOZtIch0g4
+              hints:
+                allow:
+                  - GET
+                  - PUT
+                  - DELETE
+            deactivate:
+              href: http://{yourOktaDomain}/api/v1/zones/nzok0oz2xYHOZtIch0g4/lifecycle/deactivate
+              hints:
+                allow:
+                  - POST
+        - type: DYNAMIC
+          id: nzoy0ox5xADOZtKrh0g6
+          name: test
+          status: ACTIVE
+          usage: POLICY
+          created: '2022-05-19T15:33:32.000Z'
+          lastUpdated: '2022-05-19T15:33:32.000Z'
+          system: false
+          locations:
+            - country: AF
+              region: AF-BGL
+          proxyType: ANY
+          asns:
+            - '23457'
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/zones/nzoy0ox5xADOZtKrh0g6
+              hints:
+                allow:
+                  - GET
+                  - PUT
+                  - DELETE
+            deactivate:
+              href: https://{yourOktaDomain}/api/v1/zones/nzoy0ox5xADOZtKrh0g6/lifecycle/deactivate
+              hints:
+                allow:
+                  - POST
         - type: IP
           id: nzowc1U5Jh5xuAK0o0g3
-          name: LegacyIpZone
+          name: MyIpZone
           status: ACTIVE
           usage: POLICY
-          created: 2019-05-17T18:44:31.000Z
-          lastUpdated: 2019-05-21T13:50:49.000Z
-          system: true
+          created: '2021-06-24T20:37:32.000Z'
+          lastUpdated: '2021-06-24T20:37:32.000Z'
+          system: false
           gateways:
             - type: CIDR
               value: 1.2.3.4/24
@@ -20375,30 +28644,80 @@ components:
               hints:
                 allow:
                   - POST
-        - type: DYNAMIC
-          id: nzowc1U5Jh5xuAK0o0g3
-          name: test
+        - type: IP
+          id: nzou3u0stMCmgOzXK1d6
+          name: BlockedIpZone
           status: ACTIVE
-          usage: POLICY
-          created: 2019-05-17T18:44:31.000Z
-          lastUpdated: 2019-05-21T13:50:49.000Z
-          system: false
+          usage: BLOCKLIST
+          created: '2021-06-09T21:32:46.000Z'
+          lastUpdated: '2021-06-09T21:32:46.000Z'
+          system: true
+          gateways: null
+          proxies: null
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/zones/nzou3u0stMCmgOzXK1d6
+              hints:
+                allow:
+                  - GET
+                  - PUT
+                  - DELETE
+            deactivate:
+              href: https://{yourOktaDomain}/api/v1/zones/nzou3u0stMCmgOzXK1d6/lifecycle/deactivate
+              hints:
+                allow:
+                  - POST
+        - type: DYNAMIC_V2
+          id: nzohcnxFrSgsiwyHp0g4
+          name: DefaultEnhancedDynamicZone
+          status: ACTIVE
+          usage: BLOCKLIST
+          created: '2024-05-06T19:12:29.000Z'
+          lastUpdated: '2024-05-09T21:02:31.000Z'
+          system: true
           locations:
-            - country: AF
-              region: AF-BGL
-          proxyType: ANY
+            include: []
+            exclude: []
+          ipServiceCategories:
+            include:
+              - ALL_ANONYMIZERS
+            exclue: []
           asns:
-            - '23457'
+            include: []
+            exclude: []
           _links:
             self:
-              href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3
+              href: https://{yourOktaDomain}/api/v1/zones/nzou3u0stMCmgOzXK1d6
               hints:
                 allow:
                   - GET
                   - PUT
                   - DELETE
             deactivate:
-              href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate
+              href: https://{yourOktaDomain}/api/v1/zones/nzou3u0stMCmgOzXK1d6/lifecycle/deactivate
+              hints:
+                allow:
+                  - POST
+        - type: IP
+          id: nzou3u0ssJfZjYsWL1d6
+          name: LegacyIpZone
+          status: ACTIVE
+          usage: POLICY
+          created: '2021-06-09T21:32:46.000Z'
+          lastUpdated: '2021-06-09T21:32:46.000Z'
+          system: true
+          gateways: null
+          proxies: null
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/zones/nzou3u0ssJfZjYsWL1d6
+              hints:
+                allow:
+                  - GET
+                  - PUT
+                  - DELETE
+            deactivate:
+              href: https://{yourOktaDomain}/api/v1/zones/nzou3u0ssJfZjYsWL1d6/lifecycle/deactivate
               hints:
                 allow:
                   - POST
@@ -20407,12 +28726,12 @@ components:
       value:
         - type: IP
           id: nzowc1U5Jh5xuAK0o0g3
-          name: LegacyIpZone
+          name: MyIpZone
           status: ACTIVE
           usage: POLICY
-          created: 2019-05-17T18:44:31.000Z
-          lastUpdated: 2019-05-21T13:50:49.000Z
-          system: true
+          created: '2021-06-24T20:37:32.000Z'
+          lastUpdated: '2021-06-24T20:37:32.000Z'
+          system: false
           gateways:
             - type: CIDR
               value: 1.2.3.4/24
@@ -20432,6 +28751,233 @@ components:
               hints:
                 allow:
                   - POST
+    RetrieveAnEventHook:
+      summary: Retrieve an event hook
+      value:
+        id: who8vt36qfNpCGz9H1e6
+        status: ACTIVE
+        verificationStatus: VERIFIED
+        name: Event Hook Test
+        description: null
+        created: '2023-07-07T13:41:56.000Z'
+        createdBy: 00u7xut94qEWYx5ss1e5
+        lastUpdated: '2023-07-07T13:43:03.000Z'
+        events:
+          type: EVENT_TYPE
+          items:
+            - group.user_membership.add
+          filter: null
+        channel:
+          type: HTTP
+          version: 1.0.0
+          config:
+            uri: https://example_external_service/userAdded
+            headers:
+              - key: X-Other-Header
+                value: my-header-value
+            method: POST
+            authScheme:
+              type: HEADER
+              key: authorization
+        _links:
+          self:
+            href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6
+          verify:
+            href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/verify
+            hints:
+              allow:
+                - POST
+          deactivate:
+            href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    RetrieveAnEventHookWithFilter:
+      summary: Retrieve an event hook
+      value:
+        id: who8vt36qfNpCGz9H1e6
+        status: ACTIVE
+        verificationStatus: VERIFIED
+        name: Event Hook with Filter
+        description: An event hook using an Okta Expression Language filter
+        created: '2023-07-07T13:41:56.000Z'
+        createdBy: 00u7xut94qEWYx5ss1e5
+        lastUpdated: '2023-07-07T13:43:03.000Z'
+        events:
+          type: EVENT_TYPE
+          items:
+            - group.user_membership.add
+          filter:
+            type: EXPRESSION_LANGUAGE
+            eventFilterMap:
+              - event: group.user_membership.add
+                condition:
+                  version: null
+                  expression: event.target.?[type eq 'UserGroup'].size()>0 && event.target.?[displayName eq 'Sales'].size()>0
+        channel:
+          type: HTTP
+          version: 1.0.0
+          config:
+            uri: https://example_external_service/userAdded
+            method: POST
+            authScheme:
+              type: HEADER
+              key: authorization
+        _links:
+          self:
+            href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6
+          verify:
+            href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/verify
+          hints:
+            allow:
+              - POST
+          deactivate:
+            href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    RetrieveAuthServerResponse:
+      summary: Retrieve a custom authorization server
+      value:
+        id: '{authorizationServerId}'
+        name: Sample Authorization Server
+        description: Sample Authorization Server description
+        audiences:
+          - https://api.resource.com
+        issuer: https://{yourOktaDomain}/oauth2/{authorizationServerId}
+        issuerMode: ORG_URL
+        status: ACTIVE
+        created: '2023-05-17T22:25:57.000Z'
+        lastUpdated: '2023-05-17T22:25:57.000Z'
+        credentials:
+          signing:
+            rotationMode: AUTO
+            lastRotated: '2023-05-17T22:25:57.000Z'
+            nextRotation: '2023-08-15T22:25:57.000Z'
+            kid: WYQxoK4XAwGFn5Zw5AzLxFvqEKLP79BbsKmWeuc5TB4
+        _links:
+          scopes:
+            href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes
+            hints:
+              allow:
+                - GET
+          claims:
+            href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims
+            hints:
+              allow:
+                - GET
+          policies:
+            href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/policies
+            hints:
+              allow:
+                - GET
+          self:
+            href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}
+            hints:
+              allow:
+                - GET
+                - DELETE
+                - PUT
+          metadata:
+            - name: oauth-authorization-server
+              href: https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/oauth-authorization-server
+              hints:
+                allow:
+                  - GET
+            - name: openid-configuration
+              href: https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/openid-configuration
+              hints:
+                allow:
+                  - GET
+          rotateKey:
+            href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/credentials/lifecycle/keyRotate
+            hints:
+              allow:
+                - POST
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    RetrieveCurrentSessionResponse:
+      summary: Retrieve current session
+      value:
+        amr:
+          - pwd
+        createdAt: '2019-08-24T14:15:22Z'
+        expiresAt: '2019-08-24T14:15:22Z'
+        id: l7FbDVqS8zHSy65uJD85
+        idp:
+          id: 01a2bcdef3GHIJKLMNOP
+          type: ACTIVE_DIRECTORY
+        lastFactorVerification: '2019-08-24T14:15:22Z'
+        lastPasswordVerification: '2019-08-24T14:15:22Z'
+        login: user@example.com
+        status: ACTIVE
+        userId: 00u0abcdefGHIJKLMNOP
+        _links:
+          self:
+            hints:
+              allow:
+                - GET
+                - DELETE
+            href: https://{yourOktaDomain}/api/v1/sessions/me
+          refresh:
+            hints:
+              allow:
+                - POST
+            href: https://{yourOktaDomain}/api/v1/sessions/me/lifecycle/refresh
+          user:
+            hints:
+              allow:
+                - GET
+            href: https://{yourOktaDomain}/api/v1/users/me
+            name: User Name
+    RetrieveCustomTokenClaimResponse:
+      summary: Retrieve a custom token Claim response
+      value:
+        - id: '{claimId}'
+          name: Support
+          status: ACTIVE
+          claimType: IDENTITY
+          valueType: GROUPS
+          value: Support
+          conditions:
+            scopes:
+              - profile
+          system: false
+          alwaysIncludeInToken: true
+          apiResourceId: null
+          group_filter_type: CONTAINS
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims/{claimId}
+              hints:
+                allow:
+                  - GET
+                  - PUT
+                  - DELETE
+    RetrieveFeaturesResponse:
+      summary: Retrieve a feature by ID
+      value:
+        id: ftrZooGoT8b41iWRiQs7
+        description: Example feature description
+        name: Example feature name
+        stage:
+          state: CLOSED
+          value: BETA
+        status: DISABLED
+        type: self-service
+        _links:
+          self:
+            hints:
+              allow:
+                - POST
+            href: https://{yourOktaDomain}/api/v1/features/ftrZooGoT8b41iWRiQs7
+          dependents:
+            href: https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependents
+          dependencies:
+            href: https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependencies
     RetrieveKeyResponse:
       summary: Retrieve a key by hookKeyId response example
       value:
@@ -20474,15 +29020,15 @@ components:
           self:
             href: https://{yourOktaDomain}/api/v1/mappings/prm1k48weFSOnEUnw0g4
     RetrieveNetworkZoneDynamic:
-      summary: Dynamic Network Zone response
+      summary: Dynamic Network Zone
       value:
         type: DYNAMIC
-        id: nzowc1U5Jh5xuAK0o0g3
+        id: nzoy0ox5xADOZtKrh0g6
         name: test
         status: ACTIVE
         usage: POLICY
-        created: '2019-05-17T18:44:31.000Z'
-        lastUpdated: '2019-05-21T13:50:49.000Z'
+        created: '2022-05-19T15:33:32.000Z'
+        lastUpdated: '2022-05-19T15:33:32.000Z'
         system: false
         locations:
           - country: AF
@@ -20492,28 +29038,28 @@ components:
           - '23457'
         _links:
           self:
-            href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3
+            href: https://{yourOktaDomain}/api/v1/zones/nzoy0ox5xADOZtKrh0g6
             hints:
               allow:
                 - GET
                 - PUT
                 - DELETE
           deactivate:
-            href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate
+            href: https://{yourOktaDomain}/api/v1/zones/nzoy0ox5xADOZtKrh0g6/lifecycle/deactivate
             hints:
               allow:
                 - POST
     RetrieveNetworkZoneIP:
-      summary: IP Network Zone response
+      summary: IP Network Zone
       value:
         type: IP
         id: nzowc1U5Jh5xuAK0o0g3
-        name: LegacyIpZone
+        name: MyIpZone
         status: ACTIVE
         usage: POLICY
-        created: 2019-05-17T18:44:31.000Z
-        lastUpdated: 2019-05-21T13:50:49.000Z
-        system: true
+        created: '2021-06-24T20:37:32.000Z'
+        lastUpdated: '2021-06-24T20:37:32.000Z'
+        system: false
         gateways:
           - type: CIDR
             value: 1.2.3.4/24
@@ -20543,6 +29089,80 @@ components:
           use: null
           e: AQAB
           'n': 2naqCnv6r4xNQs7207lRtKQvdtnlVND-8k5iYBIiqoKGY3CqUmRm1jleoOniiQoMkFX8Wj2DmVqr002efF3vOQ7_gjtTatBTVUNbNIQLybun4dkVoUtfP7pRc5SLpcP3eGPRVar734ZrpQXzmCEdpqBt3jrVjwYjNE5DqOjbYXFJtMsy8CWE9LRJ3kyHEoHPzo22dG_vMrXH0_sAQoCk_4TgNCbvyzVmGVYXI_BkUnp0hv2pR4bQVRYzGB9dKJdctOh8zULqc_EJ8tiYsS05YnF7whrWEyARK0rH-e4d4W-OmBTga_zhY4kJ4NsoQ4PyvcatZkxjPO92QHQOFDnf3w`
+    RetrieveRefreshTokenClientResponse:
+      summary: Retrieve a refresh token for a Client
+      value:
+        - id: '{refreshTokenId}'
+          status: ACTIVE
+          created: '2023-09-21T19:59:56.000Z'
+          lastUpdated: '2023-09-21T20:00:38.000Z'
+          expiresAt: '2023-09-28T20:00:38.000Z'
+          issuer: https://{yourOktaDomain}/oauth2/{authorizationServerId}
+          client_id: '{clientId}'
+          userId: '{userId}'
+          scopes:
+            - offline_access
+            - openid
+          _embedded:
+            scopes:
+              - id: '{scopeID}'
+                name: offline_access
+                displayName: Keep you signed in to the app
+                description: This keeps you signed in to the app, even when you aren't using it.
+                _links:
+                  scope:
+                    href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes/{scopeId}
+                    title: Keep you signed in to the app
+              - id: '{scopeId}'
+                name: openid
+                displayName: openid
+                description: Signals that a request is an OpenID request
+                _links:
+                  scope:
+                    href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes/{scopeId}
+                    title: openid
+          _links:
+            app:
+              href: https://{yourOktaDomain}/api/v1/apps/{appId}
+              title: My Web App
+            authorizationServer:
+              href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}
+              title: Authorization Server name
+            self:
+              href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/clients/{clientId}/tokens/{tokenId}
+            revoke:
+              href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/clients/{clientId}/tokens/{tokenId}
+              hints:
+                allow:
+                  - DELETE
+            client:
+              href: https://{yourOktaDomain}/oauth2/v1/clients/{clientId}
+              title: My Web App
+            user:
+              href: https://{yourOktaDomain}/api/v1/users/{userId}
+              title: Joe User
+    RetrieveSessionResponse:
+      summary: Retrieve Session information for a single session ID
+      value:
+        amr:
+          - pwd
+        createdAt: '2019-08-24T14:15:22Z'
+        expiresAt: '2019-08-24T14:15:22Z'
+        id: l7FbDVqS8zHSy65uJD85
+        idp:
+          id: 01a2bcdef3GHIJKLMNOP
+          type: ACTIVE_DIRECTORY
+        lastFactorVerification: '2019-08-24T14:15:22Z'
+        lastPasswordVerification: '2019-08-24T14:15:22Z'
+        login: user@example.com
+        status: ACTIVE
+        userId: 00u0abcdefGHIJKLMNOP
+        _links:
+          self:
+            hints:
+              allow:
+                - DELETE
+          href: https://{yourOktaDomain}/api/v1/sessions/l7FbDVqS8zHSy65uJD85
     RetrieveUISchemaResponse:
       summary: Retrieves a UI Schema response
       value:
@@ -20715,6 +29335,101 @@ components:
         _links:
           next:
             href: https://{yourOktaDomain}/api/v1/iam/roles?after=cr0Fw7HKcWIroo88m3r1
+    SMSTemplateEditablePropertyValues:
+      value:
+        name: Custom
+        type: SMS_VERIFY_CODE
+        template: '${org.name}: your verification code is ${code}'
+        translations:
+          es: '${org.name}: el código de verificación es ${code}'
+          fr: '${org.name}: votre code de vérification est ${code}'
+          it: '${org.name}: il codice di verifica è ${code}'
+    SMSTemplateListResponse:
+      value:
+        - id: 6NQUJ5yR3bpgEiYmq8IC
+          name: Custom
+          type: SMS_VERIFY_CODE
+          template: '${org.name}: your verification code is ${code}'
+          translations:
+            es: '${org.name}: el código de verificación es ${code}'
+            fr: '${org.name}: votre code de vérification est ${code}'
+            it: '${org.name}: il codice di verifica è ${code}'
+          created: '2024-04-25T17:35:02.000Z'
+          lastUpdated: '2024-04-25T17:35:02.000Z'
+    SMSTemplateResponseValues:
+      value:
+        id: 6NQUJ5yR3bpgEiYmq8IC
+        name: Custom
+        type: SMS_VERIFY_CODE
+        template: '${org.name}: your verification code is ${code}'
+        translations:
+          es: '${org.name}: el código de verificación es ${code}'
+          fr: '${org.name}: votre code de vérification est ${code}'
+          it: '${org.name}: il codice di verifica è ${code}'
+        created: '2024-04-25T17:35:02.000Z'
+        lastUpdated: '2024-04-25T17:35:02.000Z'
+    SecurityEventsProviderRequestIssuerAndJwksUrl:
+      summary: Provider with issuer and JWKS
+      value:
+        name: Security Events Provider with an issuer and a JWKS URL
+        type: okta
+        settings:
+          issuer: Issuer
+          jwks_url: https://example.okta.com/jwks/path
+    SecurityEventsProviderRequestWellKnownUrl:
+      summary: Provider with well-known URL
+      value:
+        name: Security Events Provider with well-known URL
+        type: okta
+        settings:
+          well_known_url: https://example.okta.com/.well-known/ssf-configuration
+    SecurityEventsProviderResponseIssuerAndJwksUrl:
+      summary: Provider with issuer and JWKS
+      value:
+        id: sse1qu4fUtsoD12iF0g5
+        name: Security Events Provider with an issuer and a JWKS URL
+        type: okta
+        status: ACTIVE
+        settings:
+          issuer: Issuer
+          jwks_url: https://example.okta.com/jwks/path
+        _links:
+          self:
+            href: https://example.okta.com/api/v1/security-events-providers/sse1qu4fUtsoD12iF0g5
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://example.okta.com/api/v1/security-events-providers/sse1qu4fUtsoD12iF0g5/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    SecurityEventsProviderResponseWellKnownUrl:
+      summary: Provider with well-known URL
+      value:
+        id: sse1qg25RpusjUP6m0g5
+        name: Security Events Provider with well-known URL
+        type: okta
+        status: ACTIVE
+        settings:
+          well_known_url: https://example.okta.com/.well-known/ssf-configuration
+          issuer: Issuer
+          jwks_url: https://example.okta.com/jwks/path
+        _links:
+          self:
+            href: https://example.okta.com/api/v1/security-events-providers/sse1qg25RpusjUP6m0g5
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://example.okta.com/api/v1/security-events-providers/sse1qg25RpusjUP6m0g5/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
     SimulatePolicyBody:
       summary: Simulate policy request body
       description: Simulate policy request body
@@ -20743,58 +29458,289 @@ components:
       value:
         evaluation:
           - status: null
-            policyType: OkTA_SIGN_ON
+            policyType: OKTA_SIGN_ON
             result:
               policies:
                 - id: 00p4eromwukk6qUku0g7
-                - name: test policy
-                - status: MATCH
-                - conditions: []
-                - rules:
+                  name: test policy
+                  status: MATCH
+                  conditions: []
+                  rules:
                     - id: 0pr4erof85nGcyC7Y0g7
-                    - name: test rule
-                    - status: MATCH
-                    - conditions:
+                      name: test rule
+                      status: MATCH
+                      conditions:
                         - type: people.groups.include
-                        - status: MATCH
+                          status: MATCH
             undefined:
-              policies: null
+              policies: []
             evaluated:
-              policies: null
+              policies: []
+          - status: null
+            policyType: MFA_ENROLL
+            result:
+              policies:
+                - id: 00p4eram2kw1aLcrx0g7
+                  name: Default Policy
+                  status: MATCH
+                  conditions: []
+                  rules:
+                    - id: 0pr4eram2lMQT5FZF0g7
+                      name: null
+                      status: MATCH
+                      conditions: []
+            undefined:
+              policies: []
+            evaluated:
+              policies: []
           - status: null
             policyType: ACCESS_POLICY
             result:
               policies:
                 - id: rst4eram06ZKZewEe0g7
-                - name: Any two factors
-                - status: MATCH
-                - conditions: []
-                - rules:
+                  name: Any two factors
+                  status: MATCH
+                  conditions: []
+                  rules:
                     - id: rul4eram07VsWgybo0g7
-                    - name: Catch-all rule
-                    - status: MATCH
-                    - conditions: []
+                      name: Catch-all rule
+                      status: MATCH
+                      conditions: []
             undefined:
-              policies: null
+              policies: []
             evaluated:
-              policies: null
+              policies: []
           - status: null
             policyType: PROFILE_ENROLLMENT
             result:
               policies:
                 - id: rst4eram08ZSjPTOl0g7
-                - name: Default Policy
-                - status: MATCH
-                - conditions: []
-                - rules:
+                  name: Default Policy
+                  status: MATCH
+                  conditions: []
+                  rules:
                     - id: rul4eram094PrQ2BX0g7
-                    - name: Catch-all rule
-                    - status: MATCH
-                    - conditions: []
+                      name: Catch-all rule
+                      status: MATCH
+                      conditions: []
             undefined:
-              policies: null
+              policies: []
             evaluated:
-              policies: null
+              policies: []
+    StandardRoleAssignmentRequest:
+      value:
+        type: HELP_DESK_ADMIN,
+    StandardRoleAssignmentResponse:
+      value:
+        id: JBCUYUC7IRCVGS27IFCE2SKO
+        label: Help Desk Administrator
+        type: HELP_DESK_ADMIN
+        status: ACTIVE
+        created: '2023-05-01T14:24:54.000Z'
+        lastUpdated: '2023-05-01T14:24:54.000Z'
+        assignmentType: CLIENT
+        _links:
+          assignee:
+            href: https://{yourOktaDomain}/oauth2/v1/clients/0jrabyQWm4B9zVJPbotY/roles
+    SubmissionOidcRequest:
+      summary: Submission OIDC request example
+      value:
+        name: Strawberry Central
+        description: Your one source for in-season strawberry deals
+        logo: https://acme.okta.com/bc/image/fileStoreRecord?id=fs03xxd3KmkDBwJU80g4
+        sso:
+          oidc:
+            redirectUris:
+              - https://${org.subdomain}.example.com/strawberry/oidc/login
+            initiateLoginUri: https://${org.subdomain}.example.com/strawberry/oidc/sp-init
+            postLogoutUris:
+              - https://${org.subdomain}.example.com/strawberry/oidc/logged-out
+            doc: https://example.com/strawberry/help/oidcSetup
+        config:
+          - name: subdomain
+            label: Subdomain
+    SubmissionOidcResponse:
+      summary: Submission OIDC response example
+      value:
+        id: acme_strawberrycentral_1
+        name: Strawberry Central
+        description: Your one source for in-season strawberry deals
+        logo: https://acme.okta.com/bc/image/fileStoreRecord?id=fs03xxd3KmkDBwJU80g4
+        sso:
+          oidc:
+            redirectUris:
+              - https://${org.subdomain}.example.com/strawberry/oidc/login
+            initiateLoginUri: https://${org.subdomain}.example.com/strawberry/oidc/sp-init
+            postLogoutUris:
+              - https://${org.subdomain}.example.com/strawberry/oidc/logged-out
+            doc: https://example.com/strawberry/help/oidcSetup
+        config:
+          - name: subdomain
+            label: Subdomain
+        status: New
+        lastUpdated: '2023-08-24T14:15:22.000Z'
+        lastUpdatedBy: 00ub0oNGTSWTBKOLGLNR
+        lastPublished: '2023-09-01T13:23:45.000Z'
+    SubmissionSamlRequest:
+      summary: Submission SAML request example
+      value:
+        name: Strawberry Central
+        description: Your one source for in-season strawberry deals
+        logo: https://acme.okta.com/bc/image/fileStoreRecord?id=fs03xxd3KmkDBwJU80g4
+        sso:
+          saml:
+            acs:
+              - url: https://${org.subdomain}.example.com/saml/login
+            entityId: https://${org.subdomain}.example.com
+            doc: https://example.com/strawberry/help/samlSetup
+        config:
+          - name: subdomain
+            label: Subdomain
+    SubmissionSamlResponse:
+      summary: Submission SAML response example
+      value:
+        id: acme_strawberrycentral_1
+        name: Strawberry Central
+        description: Your one source for in-season strawberry deals
+        logo: https://acme.okta.com/bc/image/fileStoreRecord?id=fs03xxd3KmkDBwJU80g4
+        sso:
+          saml:
+            acs:
+              - url: https://${org.subdomain}.example.com/saml/login
+            entityId: https://${org.subdomain}.example.com
+            doc: https://example.com/strawberry/help/samlSetup
+        config:
+          - name: subdomain
+            label: Subdomain
+        status: To be reviewed by Okta
+        lastUpdated: '2023-08-24T14:15:22.000Z'
+        lastUpdatedBy: 00ub0oNGTSWTBKOLGLNR
+        lastPublished: null
+    SubmissionsResponse:
+      summary: Submission list example
+      value:
+        - id: acme_strawberrycentral_1
+          name: Strawberry Central
+          description: Your one source for in-season strawberry deals
+          logo: https://acme.okta.com/bc/image/fileStoreRecord?id=fs03xxd3KmkDBwJU80g4
+          sso:
+            saml:
+              acs:
+                - url: https://${org.subdomain}.example.com/saml/login
+              entityId: https://${org.subdomain}.example.com
+              doc: https://example.com/strawberry/help/samlSetup
+          config:
+            - name: subdomain
+              label: Subdomain
+          status: Complete
+          lastUpdated: '2023-08-24T14:15:22.000Z'
+          lastUpdatedBy: 00ub0oNGTSWTBKOLGLNR
+          lastPublished: '2023-09-01T13:23:45.000Z'
+    TelephonyFailureResponse:
+      summary: A sample response for external webservice returning failure
+      value:
+        error:
+          - errorSummary: Failed to deliver SMS OTP to test.user@okta.com
+          - errorCauses:
+              errorSummary: Provider could not deliver OTP
+              reason: The content of the message is not supported
+              location: South Africa
+    TelephonyPayloadExample:
+      summary: An example Telephony inline hook request body
+      value:
+        eventId: uS5871kJThSsU8qlA1LTcg
+        eventTime: '2020-01-17T21:23:56.000Z'
+        eventType: com.okta.telephony.provider
+        eventTypeVersion: '1.0'
+        contentType: application/json
+        cloudEventVersion: '0.1'
+        source: https://${yourOktaDomain}/api/v1/inlineHooks/cbl2ad6phv9fsPLcF0g7
+        data:
+          context:
+            request:
+              id: reqRgSk8IBBRhuo0YdlEDTmUw
+              method: POST
+              url:
+                value: /api/internal/v1/inlineHooks/com.okta.telephony.provider/generatePreview
+              ipAddress: 127.0.0.1
+          userProfile:
+            firstName: test
+            lastName: user
+            login: test.user@okta.com
+            userId: 00uyxxSknGtK8022w0g3
+          messageProfile:
+            msgTemplate: (HOOK)Your code is 11111
+            phoneNumber: 9876543210
+            otpExpires: '2022-01-28T21:48:34.321Z'
+            deliveryChannel: SMS
+            otpCode: 11111
+            locale: EN-US
+    TelephonySuccessResponse:
+      summary: A sample response for external webservice returning success
+      value:
+        commands:
+          - type: com.okta.telephony.action
+          - value:
+              status: FAILURE
+              provider: VONAGE
+              transactionId: SM49a8ece2822d44e4adaccd7ed268f954
+              transactionMetadata: Duration=300ms
+    TestInfoOidcRequest:
+      summary: OIDC SSO Submission Testing Information request
+      value:
+        testAccount:
+          url: https://example.com/strawberry/login
+          username: test@example.com
+          password: sUperP@ssw0rd
+          instructions: Go to your app URL from a browser and enter your credentials
+        escalationSupportContact: strawberry.support@example.com
+        oidcTestConfiguration:
+          jit: false
+          spInitiateUrl: https://test.example.com/strawberry/oidc/sp-init
+    TestInfoOidcResponse:
+      summary: OIDC SSO Submission Testing Information response
+      value:
+        testAccount:
+          url: https://example.com/strawberry/login
+          username: test@example.com
+          password: sUperP@ssw0rd
+          instructions: Go to your app URL from a browser and enter your credentials
+        escalationSupportContact: strawberry.support@example.com
+        oidcTestConfiguration:
+          idp: true
+          sp: true
+          jit: false
+          spInitiateUrl: https://test.example.com/strawberry/oidc/sp-init
+    TestInfoSamlRequest:
+      summary: SAML SSO Submission Testing Information request
+      value:
+        testAccount:
+          url: https://example.com/strawberry/login
+          username: test@example.com
+          password: sUperP@ssw0rd
+          instructions: Go to your app URL from a browser and enter your credentials
+        escalationSupportContact: strawberry.support@example.com
+        samlTestConfiguration:
+          idp: true
+          sp: true
+          jit: false
+          spInitiateUrl: https://test.example.com/strawberry/saml/sp-init
+          spInitiateDescription: Go to the app URL from a browser and enter your username
+    TestInfoSamlResponse:
+      summary: SAML SSO Submission Testing Information response
+      value:
+        testAccount:
+          url: https://example.com/strawberry/login
+          username: test@example.com
+          password: sUperP@ssw0rd
+          instructions: Go to your app URL from a browser and enter your credentials
+        escalationSupportContact: strawberry.support@example.com
+        samlTestConfiguration:
+          idp: true
+          sp: true
+          jit: false
+          spInitiateUrl: https://test.example.com/strawberry/saml/sp-init
+          spInitiateDescription: Go to the app URL from a browser and enter your username
     ThreatInsightResponseExample:
       summary: ThreatInsight response
       value:
@@ -20838,10 +29784,344 @@ components:
           identitySourceId: 0oa3l6l6WK6h0R0QW0g4
           status: TRIGGERED
           importType: INCREMENTAL
-          created: 2022-04-04T15:56:05.000Z
-          lastUpdated: 2022-05-05T18:15:44.000Z
+          created: '2022-04-04T15:56:05.000Z'
+          lastUpdated: '2022-05-05T18:15:44.000Z'
+    TrustedOriginBody:
+      summary: Trusted origin request body
+      value:
+        name: New Trusted Origin
+        origin: http://example.com
+        scopes:
+          - type: CORS
+          - type: REDIRECT
+    TrustedOriginBodyWithIframeEmbedding:
+      summary: Trusted origin request body with iFrame embedding (Okta End-User Dashboard and Okta sign-in page)
+      description: |
+        Creates a new Trusted Origin for iFrame embedding of an Okta resource within that origin. In this example, the type 
+        of Okta resource is both the Okta End-User Dashboard and the Okta sign-in page.
+      value:
+        name: New Trusted Origin
+        origin: http://example.com
+        scopes:
+          - type: IFRAME_EMBED
+            allowedOktaApps:
+              - OKTA_ENDUSER
+    TrustedOriginBodyWithIframeEmbeddingSignIn:
+      summary: Trusted origin request body with iFrame embedding (Okta sign-in page)
+      description: |
+        Creates a new Trusted Origin for iFrame embedding of an Okta resource within that origin. In this example, the Okta 
+        resource is the Okta sign-in page.
+      value:
+        name: New Trusted Origin
+        origin: http://example.com
+        scopes:
+          - type: IFRAME_EMBED
+            allowedOktaApps: []
+    TrustedOriginInactiveResponse:
+      summary: Trusted origin response
+      value:
+        id: tos10hu7rkbtrFt1M0g4
+        name: New Trusted Origin
+        origin: http://example.com
+        status: INACTIVE
+        scopes:
+          - type: CORS
+          - type: REDIRECT
+        created: '2018-01-13T01:11:44.000Z'
+        createdBy: 00ut5t92p6IEOi4bu0g3
+        lastedUpdated: '2018-01-13T01:11:44.000Z'
+        lastedUpdatedBy: 00ut5t92p6IEOi4bu0g3
+        _links:
+          activate:
+            href: https://{yourOktaDomain}/api/v1/trustedOrigins/tos10hu7rkbtrFt1M0g4/lifecycle/activate
+            hints:
+              allow:
+                - POST
+          self:
+            href: https://{yourOktaDomain}/api/v1/trustedOrigins/tos10hu7rkbtrFt1M0g4
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+    TrustedOriginPut:
+      value:
+        id: tosue7JvguwJ7U6kz0g3
+        name: Updated Example Trusted Origin
+        origin: http://updated.example.com
+        scopes:
+          - type: CORS
+          - type: REDIRECT
+        status: ACTIVE
+        created: '2017-12-16T05:01:12.000Z'
+        createdBy: 00ut5t92p6IEOi4bu0g3
+        lastUpdated: '2017-12-16T05:01:12.000Z'
+        lastUpdatedBy: 00ut5t92p6IEOi4bu0g3
+        _links:
+          self:
+            href: https://${yourOktaDomain}/api/v1/trustedOrigins/tosue7JvguwJ7U6kz0g3
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://${yourOktaDomain}/api/v1/trustedOrigins/tosue7JvguwJ7U6kz0g3/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    TrustedOriginPutBody:
+      summary: Trusted origin request body
+      value:
+        value:
+          id: tosue7JvguwJ7U6kz0g3
+          name: Updated Example Trusted Origin
+          origin: http://updated.example.com
+          scopes:
+            - type: CORS
+            - type: REDIRECT
+          status: ACTIVE
+          created: '2017-12-16T05:01:12.000Z'
+          createdBy: 00ut5t92p6IEOi4bu0g3
+          lastUpdated: '2017-12-16T05:01:12.000Z'
+          lastUpdatedBy: 00ut5t92p6IEOi4bu0g3
+          _links:
+            self:
+              href: https://${yourOktaDomain}/api/v1/trustedOrigins/tosue7JvguwJ7U6kz0g3
+              hints:
+                allow:
+                  - GET
+                  - PUT
+                  - DELETE
+            deactivate:
+              href: https://${yourOktaDomain}/api/v1/trustedOrigins/tosue7JvguwJ7U6kz0g3/lifecycle/deactivate
+              hints:
+                allow:
+                  - POST
+    TrustedOriginPutBodyWithIframeEmbedding:
+      summary: Trusted origin request body with iFrame embedding
+      value:
+        value:
+          id: tosue7JvguwJ7U6kz0g3
+          name: Updated Example Trusted Origin
+          origin: http://updated.example.com
+          scopes:
+            - type: IFRAME_EMBED
+              allowedOktaApps:
+                - OKTA_ENDUSER
+          status: ACTIVE
+          created: '2017-12-16T05:01:12.000Z'
+          createdBy: 00ut5t92p6IEOi4bu0g3
+          lastUpdated: '2017-12-16T05:01:12.000Z'
+          lastUpdatedBy: 00ut5t92p6IEOi4bu0g3
+          _links:
+            self:
+              href: https://${yourOktaDomain}/api/v1/trustedOrigins/tosue7JvguwJ7U6kz0g3
+              hints:
+                allow:
+                  - GET
+                  - PUT
+                  - DELETE
+            deactivate:
+              href: https://${yourOktaDomain}/api/v1/trustedOrigins/tosue7JvguwJ7U6kz0g3/lifecycle/deactivate
+              hints:
+                allow:
+                  - POST
+    TrustedOriginPutResponse:
+      summary: Trusted origin response body
+      value:
+        value:
+          id: tosue7JvguwJ7U6kz0g3
+          name: Updated Example Trusted Origin
+          origin: http://updated.example.com
+          scopes:
+            - type: CORS
+            - type: REDIRECT
+          status: ACTIVE
+          created: '2017-12-16T05:01:12.000Z'
+          createdBy: 00ut5t92p6IEOi4bu0g3
+          lastUpdated: '2017-12-16T05:01:12.000Z'
+          lastUpdatedBy: 00ut5t92p6IEOi4bu0g3
+          _links:
+            self:
+              href: https://${yourOktaDomain}/api/v1/trustedOrigins/tosue7JvguwJ7U6kz0g3
+              hints:
+                allow:
+                  - GET
+                  - PUT
+                  - DELETE
+            deactivate:
+              href: https://${yourOktaDomain}/api/v1/trustedOrigins/tosue7JvguwJ7U6kz0g3/lifecycle/deactivate
+              hints:
+                allow:
+                  - POST
+    TrustedOriginPutResponseWithIframeEmbedding:
+      summary: Trusted origin response body with iFrame embedding
+      value:
+        value:
+          id: tosue7JvguwJ7U6kz0g3
+          name: Updated Example Trusted Origin
+          origin: http://updated.example.com
+          scopes:
+            - type: IFRAME_EMBED
+              allowedOktaApps:
+                - OKTA_ENDUSER
+          status: ACTIVE
+          created: '2017-12-16T05:01:12.000Z'
+          createdBy: 00ut5t92p6IEOi4bu0g3
+          lastUpdated: '2017-12-16T05:01:12.000Z'
+          lastUpdatedBy: 00ut5t92p6IEOi4bu0g3
+          _links:
+            self:
+              href: https://${yourOktaDomain}/api/v1/trustedOrigins/tosue7JvguwJ7U6kz0g3
+              hints:
+                allow:
+                  - GET
+                  - PUT
+                  - DELETE
+            deactivate:
+              href: https://${yourOktaDomain}/api/v1/trustedOrigins/tosue7JvguwJ7U6kz0g3/lifecycle/deactivate
+              hints:
+                allow:
+                  - POST
+    TrustedOriginPutWithIframeEmbedding:
+      value:
+        id: tosue7JvguwJ7U6kz0g3
+        name: Updated Example Trusted Origin
+        origin: http://updated.example.com
+        scopes:
+          - type: IFRAME_EMBED
+            allowedOktaApps:
+              - OKTA_ENDUSER
+        status: ACTIVE
+        created: '2017-12-16T05:01:12.000Z'
+        createdBy: 00ut5t92p6IEOi4bu0g3
+        lastUpdated: '2017-12-16T05:01:12.000Z'
+        lastUpdatedBy: 00ut5t92p6IEOi4bu0g3
+        _links:
+          self:
+            href: https://${yourOktaDomain}/api/v1/trustedOrigins/tosue7JvguwJ7U6kz0g3
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://${yourOktaDomain}/api/v1/trustedOrigins/tosue7JvguwJ7U6kz0g3/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    TrustedOriginResponse:
+      summary: Trusted origin response
+      value:
+        id: tos10hu7rkbtrFt1M0g4
+        name: New Trusted Origin
+        origin: http://example.com
+        status: ACTIVE
+        scopes:
+          - type: CORS
+          - type: REDIRECT
+        created: '2018-01-13T01:11:44.000Z'
+        createdBy: 00ut5t92p6IEOi4bu0g3
+        lastedUpdated: '2018-01-13T01:11:44.000Z'
+        lastedUpdatedBy: 00ut5t92p6IEOi4bu0g3
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/trustedOrigins/tos10hu7rkbtrFt1M0g4
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/trustedOrigins/tos10hu7rkbtrFt1M0g4/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    TrustedOriginResponseWithIframeEmbedding:
+      summary: Trusted origin response with iFrame embedding (End-User Dashboard and Okta sign-in page)
+      value:
+        id: tos10hu7rkbtrFt1M0g4
+        name: New Trusted Origin
+        origin: http://example.com
+        status: ACTIVE
+        scopes:
+          - type: IFRAME_EMBED
+            allowedOktaApps:
+              - OKTA_ENDUSER
+        created: '2018-01-13T01:11:44.000Z'
+        createdBy: 00ut5t92p6IEOi4bu0g3
+        lastedUpdated: '2018-01-13T01:11:44.000Z'
+        lastedUpdatedBy: 00ut5t92p6IEOi4bu0g3
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/trustedOrigins/tos10hu7rkbtrFt1M0g4
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/trustedOrigins/tos10hu7rkbtrFt1M0g4/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    TrustedOriginResponseWithIframeEmbeddingSignIn:
+      summary: Trusted origin response with iFrame embedding (Okta sign-in page)
+      value:
+        id: tos10hu7rkbtrFt1M0g4
+        name: New Trusted Origin
+        origin: http://example.com
+        status: ACTIVE
+        scopes:
+          - type: IFRAME_EMBED
+            allowedOktaApps: []
+        created: '2018-01-13T01:11:44.000Z'
+        createdBy: 00ut5t92p6IEOi4bu0g3
+        lastedUpdated: '2018-01-13T01:11:44.000Z'
+        lastedUpdatedBy: 00ut5t92p6IEOi4bu0g3
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/trustedOrigins/tos10hu7rkbtrFt1M0g4
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://{yourOktaDomain}/api/v1/trustedOrigins/tos10hu7rkbtrFt1M0g4/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+    TrustedOriginsResponse:
+      summary: Trusted origins response
+      value:
+        - id: tos10hu7rkbtrFt1M0g4
+          name: New Trusted Origin
+          origin: http://example.com
+          status: ACTIVE
+          scopes:
+            - type: CORS
+            - type: REDIRECT
+          created: '2018-01-13T01:11:44.000Z'
+          createdBy: 00ut5t92p6IEOi4bu0g3
+          lastedUpdated: '2018-01-13T01:11:44.000Z'
+          lastedUpdatedBy: 00ut5t92p6IEOi4bu0g3
+          _links:
+            self:
+              href: https://{yourOktaDomain}/api/v1/trustedOrigins/tos10hu7rkbtrFt1M0g4
+              hints:
+                allow:
+                  - GET
+                  - PUT
+                  - DELETE
+            deactivate:
+              href: https://{yourOktaDomain}/api/v1/trustedOrigins/tos10hu7rkbtrFt1M0g4/lifecycle/deactivate
+              hints:
+                allow:
+                  - POST
     UpdateAppFeatureRequestEx:
-      summary: Update app Feature request
+      summary: Update USER_PROVISIONING request
       value:
         create:
           lifecycleCreate:
@@ -20856,7 +30136,7 @@ components:
             seed: RANDOM
             change: CHANGE
     UpdateAppFeatureResponseEx:
-      summary: Update app Feature response
+      summary: Update USER_PROVISIONING response
       value:
         name: USER_PROVISIONING
         status: ENABLED
@@ -20920,10 +30200,99 @@ components:
             hints:
               allow:
                 - GET
+          emailDomain:
+            href: https://{yourOktaDomain}/api/v1/email-domains/OeD114iNkrcN6aR680g4
+            hints:
+              allow:
+                - GET
+                - PUT
     UpdateEmailDomainRequest:
       value:
         displayName: IT Admin
         userName: noreply
+    UpdateFeatureLifecycleResponse:
+      summary: Update the feature lifecycle status
+      value:
+        description: Example feature description
+        id: ftrZooGoT8b41iWRiQs7
+        name: Example feature name
+        stage:
+          state: OPEN
+          value: BETA
+        status: DISABLED
+        type: self-service
+        _links:
+          self:
+            hints:
+              allow:
+                - POST
+            href: https://{yourOktaDomain}/api/v1/features/ftrZooGoT8b41iWRiQs7
+          dependents:
+            href: https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependents
+          dependencies:
+            href: https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependencies
+    UpdateInboundProvisioningFeatureRequestEx:
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+      summary: Update INBOUND_PROVISIONING request
+      value:
+        capabilities:
+          importSettings:
+            username:
+              userNameFormat: EMAIL
+            schedule:
+              status: ENABLED
+              fullImport:
+                expression: 0 0 * * 0
+                timezone: America/New_York
+              incrementalImport:
+                expression: 0 */3 * * *
+                timezone: America/New_York
+          importRules:
+            userCreateAndMatch:
+              exactMatchCriteria: EMAIL
+              allowPartialMatch: false
+              autoConfirmPartialMatch: false
+              autoConfirmExactMatch: false
+              autoConfirmNewUsers: false
+              autoActivateNewUsers: false
+    UpdateInboundProvisioningFeatureResponseEx:
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+      summary: Update INBOUND_PROVISIONING response
+      value:
+        name: INBOUND_PROVISIONING
+        status: ENABLED
+        description: In-bound provisioning settings from an application to Okta
+        capabilities:
+          importSettings:
+            username:
+              userNameFormat: EMAIL
+            schedule:
+              status: ENABLED
+              fullImport:
+                expression: 0 0 * * 0
+                timezone: America/New_York
+              incrementalImport:
+                expression: 0 */3 * * *
+                timezone: America/New_York
+          importRules:
+            userCreateAndMatch:
+              exactMatchCriteria: EMAIL
+              allowPartialMatch: false
+              autoConfirmPartialMatch: false
+              autoConfirmExactMatch: false
+              autoConfirmNewUsers: false
+              autoActivateNewUsers: false
+        _links:
+          self:
+            href: https://{yourOktaDomain}/api/v1/apps/${appId}/features/INBOUND_PROVISIONING
+            hints:
+              allow:
+                - GET
+                - PUT
     UpdateMappingBody:
       summary: Update an existing profile mapping by updating one or more properties
       value:
@@ -20963,6 +30332,49 @@ components:
         _links:
           self:
             href: https://{yourOktaDomain}/api/v1/mappings/prm1k48weFSOnEUnw0g4
+    UpdateSMSTemplateRequest:
+      value:
+        translations:
+          de: '${org.name}: ihre bestätigungscode ist ${code}.'
+    UpdateSMSTemplateResponse:
+      value:
+        id: 6NQUJ5yR3bpgEiYmq8IC
+        name: Custom
+        type: SMS_VERIFY_CODE
+        template: '${org.name}: your verification code is ${code}'
+        translations:
+          es: '${org.name}: el código de verificación es ${code}'
+          fr: '${org.name}: votre code de vérification est ${code}'
+          it: '${org.name}: il codice di verifica è ${code}'
+          de: '${org.name}: ihre bestätigungscode ist ${code}.'
+        created: '2024-04-25T17:35:02.000Z'
+        lastUpdated: '2024-04-25T17:35:02.000Z'
+    UpdateThemeRequest:
+      value:
+        primaryColorHex: '#1662dd'
+        primaryColorContrastHex: '#000000'
+        secondaryColorHex: '#ebebed'
+        secondaryColorContrastHex: '#000000'
+        signInPageTouchPointVariant: OKTA_DEFAULT
+        endUserDashboardTouchPointVariant: OKTA_DEFAULT
+        errorPageTouchPointVariant: OKTA_DEFAULT
+        emailTemplateTouchPointVariant: OKTA_DEFAULT
+        loadingPageTouchPointVariant: OKTA_DEFAULT
+    UpdateThemeResponse:
+      value:
+        id: thdul904tTZ6kWVhP0g3
+        logo: https://{yourOktaDomain}/assets/img/logos/okta-logo.47066819ac7db5c13f4c431b2687cef6.png
+        favicon: https://{yourOktaDomain}/favicon.ico
+        backgroundImage: null
+        primaryColorHex: '#1662dd'
+        primaryColorContrastHex: '#000000'
+        secondaryColorHex: '#ebebed'
+        secondaryColorContrastHex: '#000000'
+        signInPageTouchPointVariant: OKTA_DEFAULT
+        endUserDashboardTouchPointVariant: OKTA_DEFAULT
+        errorPageTouchPointVariant: OKTA_DEFAULT
+        emailTemplateTouchPointVariant: OKTA_DEFAULT
+        loadingPageTouchPointVariant: OKTA_DEFAULT
     UpdateUserTypePostRequest:
       summary: Update user type request
       value:
@@ -20991,6 +30403,7 @@ components:
         displayName: IT Admin
         userName: noreply
         domain: example.com
+        validationSubdomain: mail
         dnsValidationRecords:
           - recordType: TXT
             fqdn: _oktaverification.example.com
@@ -21103,6 +30516,7 @@ components:
         displayName: IT Admin
         userName: noreply
         domain: example.com
+        validationSubdomain: mail
         dnsValidationRecords:
           - recordType: TXT
             fqdn: _oktaverification.example.com
@@ -21116,6 +30530,26 @@ components:
           - recordType: CNAME
             fqdn: t022._domainkey.example.com
             verificationValue: t02.domainkey.u22224444.wl024.sendgrid.net
+    WellKnownAppAuthenticatorConfigurationCustomApp:
+      value:
+        - authenticatorId: aut22f6xzargnJZYE3l7
+          orgId: 00o1vhf34q20MfCFC3l7
+          type: app
+          key: custom_app
+          name: EnergyAus Authenticator
+          createdDate: '2022-10-11T08:56:45.000Z'
+          lastUpdated: '2023-09-07T11:31:35.000Z'
+          settings:
+            userVerification: PREFERRED
+          supportedMethods:
+            - type: push
+              status: ACTIVE
+              settings:
+                algorithms:
+                  - RS256
+                  - ES256
+                keyProtection: ANY
+          appAuthenticatorEnrollEndpoint: https://{yourOktaDomain}/idp/myaccount/app-authenticators
     WellKnownOrgMetadataResponseClassic:
       value:
         id: 00o5rb5mt2H3d1TJd0h7
@@ -21155,6 +30589,228 @@ components:
             hints:
               allow:
                 - POST
+    create-auth-policy-rule-condition:
+      summary: Authentication policy - Create rule with conditions
+      description: Creates an authentication policy rule with a conditions object.
+      value:
+        system: false
+        type: ACCESS_POLICY
+        name: Rule with conditions
+        conditions:
+          userType:
+            include: []
+            exclude:
+              - otyezu4m0xN6w5JEa1d7
+          network:
+            connection: ZONE
+            exclude:
+              - 00u7yq5goxNFTiMjW1d7
+          riskScore:
+            level: ANY
+          people:
+            users:
+              exclude:
+                - 00u7yq5goxNFTiMjW1d7
+              include: []
+            groups:
+              include:
+                - 00g9i12jictsYdZdi1d7
+              exclude: []
+          platform:
+            include:
+              - type: MOBILE
+                os:
+                  type: IOS
+              - type: MOBILE
+                os:
+                  type: ANDROID
+              - type: DESKTOP
+                os:
+                  type: MACOS
+          elCondition: null
+        actions:
+          appSignOn:
+            access: ALLOW
+            verificationMethod:
+              factorMode: 2FA
+              reauthenticateIn: PT2H
+              constraints:
+                - knowledge:
+                    reauthenticateIn: PT2H
+                    types:
+                      - password
+              type: ASSURANCE
+    create-auth-policy-rule-condition-response:
+      summary: Authentication policy - Policy rule with conditions
+      description: The response body from the creation of an authentication policy rule with conditions.
+      value:
+        id: rule8jjozjGMGbHyC1d6
+        status: ACTIVE
+        name: Rule with conditions
+        priority: 0
+        created: '2024-04-25T17:35:02.000Z'
+        lastUpdated: '2024-04-25T17:35:02.000Z'
+        system: false
+        conditions:
+          people:
+            users:
+              exclude:
+                - 00u7yq5goxNFTiMjW1d7
+            groups:
+              include:
+                - 00g9i12jictsYdZdi1d7
+            network:
+              connection: ZONE
+              exclude:
+                - nzo9o4rctwQCJNE6y1d7
+            platform:
+              platform:
+                include:
+                  - type: MOBILE
+                    os:
+                      type: IOS
+                  - type: MOBILE
+                    os:
+                      type: ANDROID
+                  - type: DESKTOP
+                    os:
+                      type: MACOS
+                exclude: []
+              riskScore:
+                level: ANY
+              userType:
+                include: []
+                exclude:
+                  - otyezu4m0xN6w5JEa1d7
+        actions:
+          appSignOn:
+            access: ALLOW
+            verificationMethod:
+              factorMode: 2FA
+              type: ASSURANCE
+              reauthenticateIn: PT2H
+              constraints:
+                knowledge:
+                  required: true
+                  types:
+                    - password
+                  reauthenticateIn: PT2H
+        type: ACCESS_POLICY
+        _links:
+          self:
+            href: https://sampleorg.okta.com/api/v1/policies/rst7xus97faIAgmti1d7/rules/rul7yut96gmsOzKAA1d6
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://sampleorg.okta.com/api/v1/policies/rst7xus97faIAgmti1d7/rules/rul7yut96gmsOzKAA1d6
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+    idp-discovery-dynamic-routing-rule:
+      summary: IdP discovery policy - Dynamic routing rule
+      description: This routing rule uses a dynamic Identity Provider.
+      value:
+        name: Dynamic routing rule
+        priority: 1
+        status: ACTIVE
+        conditions:
+          network:
+            connection: ANYWHERE
+        actions:
+          idp:
+            providers: []
+            idpSelectionType: DYNAMIC
+            matchCriteria:
+              - providerExpression: login.identifier.substringAfter('@')
+                propertyName: name
+        system: false
+        type: IDP_DISCOVERY
+    idp-discovery-dynamic-routing-rule-response:
+      summary: IdP discovery policy - Dynamic routing rule
+      value:
+        id: ruleId
+        _links:
+          self:
+            href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+        name: Dynamic routing rule
+        priority: 1
+        status: ACTIVE
+        conditions:
+          network:
+            connection: ANYWHERE
+        actions:
+          idp:
+            providers: []
+            idpSelectionType: DYNAMIC
+            matchCriteria:
+              - providerExpression: login.identifier.substringAfter('@')
+                propertyName: name
+        system: false
+        type: IDP_DISCOVERY
+    idp-discovery-specific-routing-rule:
+      summary: IdP discovery policy - Specific routing rule
+      description: This routing rule uses a specific Identity Provider.
+      value:
+        name: Specific routing rule
+        priority: 1
+        status: ACTIVE
+        conditions:
+          network:
+            connection: ANYWHERE
+        actions:
+          idp:
+            providers:
+              - type: GOOGLE
+                id: 0oa5ks3WmHLRh8Ivr0g4
+            idpSelectionType: SPECIFIC
+        system: false
+        type: IDP_DISCOVERY
+    idp-discovery-specific-routing-rule-response:
+      summary: IdP discovery policy - Specific routing rule
+      value:
+        id: ruleId
+        _links:
+          self:
+            href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+        name: Specific routing rule
+        priority: 1
+        status: ACTIVE
+        conditions:
+          network:
+            connection: ANYWHERE
+        actions:
+          idp:
+            providers:
+              - type: GOOGLE
+                id: 0oa5ks3WmHLRh8Ivr0g4
+            idpSelectionType: SPECIFIC
+        system: false
+        type: IDP_DISCOVERY
     inactiveAPIServiceIntegrationInstanceSecretResponse:
       summary: Deactivate Secret response example
       value:
@@ -21175,6 +30831,26 @@ components:
             hints:
               allow:
                 - DELETE
+    listStreamConfigurationExample:
+      summary: List of SSF Stream configurations example
+      value:
+        - aud: https://example.com
+          delivery:
+            method: urn:ietf:rfc:8935
+            endpoint_url: https://example.com
+          events_delivered:
+            - https://schemas.openid.net/secevent/caep/event-type/session-revoked
+            - https://schemas.openid.net/secevent/caep/event-type/credential-change
+          events_requested:
+            - https://schemas.openid.net/secevent/caep/event-type/session-revoked
+            - https://schemas.openid.net/secevent/caep/event-type/credential-change
+          events_supported:
+            - https://schemas.openid.net/secevent/caep/event-type/session-revoked
+            - https://schemas.openid.net/secevent/caep/event-type/credential-change
+          format: iss_sub
+          iss: https://{yourOktaDomain}
+          min_verification_interval: 0
+          stream_id: esc1k235GIIztAuGK0g5
     newAPIServiceIntegrationInstanceSecretResponse:
       summary: New secret response example
       value:
@@ -21259,7 +30935,6 @@ components:
       summary: Password policy - SSPR with no step up
       value:
         id: ruleId
-        $ref: '#/components/examples/sspr-enabled-no-step-up/value'
         _links:
           self:
             href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
@@ -21273,16 +30948,214 @@ components:
             hints:
               allow:
                 - POST
+        name: SSPR Rule
+        priority: 1
+        status: ACTIVE
+        conditions:
+          people:
+            users:
+              exclude: []
+          network:
+            connection: ANYWHERE
+        actions:
+          passwordChange:
+            access: ALLOW
+          selfServicePasswordReset:
+            access: ALLOW
+            requirement:
+              primary:
+                methods:
+                  - sms
+                  - email
+              stepUp:
+                required: false
+          selfServiceUnlock:
+            access: ALLOW
+        system: false
+        type: PASSWORD
     sspr-enabled-no-step-up-update:
       summary: Password policy - SSPR with no step up
       description: This password policy permits self-service password change, reset, and unlock. Phone SMS or email are initial authenticators with no secondary authentication required.
       value:
         id: ruleId
-        $ref: '#/components/examples/sspr-enabled-no-step-up/value'
+        name: SSPR Rule
+        priority: 1
+        status: ACTIVE
+        conditions:
+          people:
+            users:
+              exclude: []
+          network:
+            connection: ANYWHERE
+        actions:
+          passwordChange:
+            access: ALLOW
+          selfServicePasswordReset:
+            access: ALLOW
+            requirement:
+              primary:
+                methods:
+                  - sms
+                  - email
+              stepUp:
+                required: false
+          selfServiceUnlock:
+            access: ALLOW
+        system: false
+        type: PASSWORD
     sspr-enabled-sq-step-up:
+      summary: Password policy - SSPR with security question as step-up auth
+      description: This password policy permits self-service password change, reset, and unlock. Phone SMS and Okta Verify push are the initial authenticators, and the secondary authentication is a security question.
+      value:
+        name: SSPR Rule
+        priority: 1
+        status: ACTIVE
+        conditions:
+          people:
+            users:
+              exclude: []
+          network:
+            connection: ANYWHERE
+        actions:
+          passwordChange:
+            access: ALLOW
+          selfServicePasswordReset:
+            access: ALLOW
+            requirement:
+              primary:
+                methods:
+                  - push
+                  - sms
+              stepUp:
+                required: true
+                methods:
+                  - security_question
+          selfServiceUnlock:
+            access: ALLOW
+        system: false
+        type: PASSWORD
+    sspr-enabled-sq-step-up-response:
+      summary: Password policy - SSPR with security question as step up
+      value:
+        id: ruleId
+        _links:
+          self:
+            href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
+        name: SSPR Rule
+        priority: 1
+        status: ACTIVE
+        conditions:
+          people:
+            users:
+              exclude: []
+          network:
+            connection: ANYWHERE
+        actions:
+          passwordChange:
+            access: ALLOW
+          selfServicePasswordReset:
+            access: ALLOW
+            requirement:
+              primary:
+                methods:
+                  - push
+                  - sms
+              stepUp:
+                required: true
+                methods:
+                  - security_question
+          selfServiceUnlock:
+            access: ALLOW
+        system: false
+        type: PASSWORD
+    sspr-enabled-sq-step-up-update:
       summary: Password policy - SSPR with security question as step up
       description: This password policy permits self-service password change, reset, and unlock. Phone SMS and Okta Verify push are initial authenticators, and the secondary authentication is a security question.
       value:
+        id: ruleId
+        name: SSPR Rule
+        priority: 1
+        status: ACTIVE
+        conditions:
+          people:
+            users:
+              exclude: []
+          network:
+            connection: ANYWHERE
+        actions:
+          passwordChange:
+            access: ALLOW
+          selfServicePasswordReset:
+            access: ALLOW
+            requirement:
+              primary:
+                methods:
+                  - push
+                  - sms
+              stepUp:
+                required: true
+                methods:
+                  - security_question
+          selfServiceUnlock:
+            access: ALLOW
+        system: false
+        type: PASSWORD
+    sspr-enabled-sso-step-up:
+      summary: Password policy - SSPR with any SSO authenticator as step up
+      description: This password policy permits self-service password change, reset, and unlock. Phone SMS or email are initial authenticators. The step-up authentication required is any active SSO authenticator.
+      value:
+        name: SSPR Rule
+        priority: 1
+        status: ACTIVE
+        conditions:
+          people:
+            users:
+              exclude: []
+          network:
+            connection: ANYWHERE
+        actions:
+          passwordChange:
+            access: ALLOW
+          selfServicePasswordReset:
+            access: ALLOW
+            requirement:
+              primary:
+                methods:
+                  - push
+                  - sms
+              stepUp:
+                required: true
+          selfServiceUnlock:
+            access: ALLOW
+        system: false
+        type: PASSWORD
+    sspr-enabled-sso-step-up-response:
+      summary: Password policy - SSPR with any SSO authenticator as step up
+      value:
+        id: ruleId
+        _links:
+          self:
+            href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
+            hints:
+              allow:
+                - GET
+                - PUT
+                - DELETE
+          deactivate:
+            href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate
+            hints:
+              allow:
+                - POST
         name: SSPR Rule
         priority: 1
         status: ACTIVE
@@ -21304,40 +31177,45 @@ components:
                   - sms
               stepUp:
                 required: true
-                methods:
-                  - security_question
           selfServiceUnlock:
             access: ALLOW
         system: false
         type: PASSWORD
-    sspr-enabled-sq-step-up-response:
-      summary: Password policy - SSPR with security question as step up
+    sspr-enabled-sso-step-up-update:
+      summary: Password policy - SSPR with any SSO authenticator as step up
+      description: This password policy permits self-service password change, reset, and unlock. Phone SMS or email are initial authenticators. The step-up authentication required is any active SSO authenticator.
       value:
         id: ruleId
-        $ref: '#/components/examples/sspr-enabled-sq-step-up/value'
-        _links:
-          self:
-            href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
-            hints:
-              allow:
-                - GET
-                - PUT
-                - DELETE
-          deactivate:
-            href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate
-            hints:
-              allow:
-                - POST
-    sspr-enabled-sq-step-up-update:
-      summary: Password policy - SSPR with security question as step up
-      description: This password policy permits self-service password change, reset, and unlock. Phone SMS and Okta Verify push are initial authenticators, and the secondary authentication is a security question.
+        name: SSPR Rule
+        priority: 1
+        status: ACTIVE
+        conditions:
+          people:
+            users:
+              exclude: []
+          network:
+            connection: ANYWHERE
+        actions:
+          passwordChange:
+            access: ALLOW
+          selfServicePasswordReset:
+            access: ALLOW
+            requirement:
+              primary:
+                methods:
+                  - push
+                  - sms
+              stepUp:
+                required: true
+          selfServiceUnlock:
+            access: ALLOW
+        system: false
+        type: PASSWORD
+    sspr-enabled-sso-step-up-with-constraints:
+      summary: Password policy - Enable SSPR with OTP enabled and Google authenticator constraint
+      description: This password policy permits self-service password change, reset, and unlock. Okta Verify push, Phone SMS, or Google OTP are initial authenticators. The secondary authentication required is any SSO authenticator. The `methodConstraints` property limits OTP authenticators to Google.
       value:
         id: ruleId
-        $ref: '#/components/examples/sspr-enabled-sq-step-up/value'
-    sspr-enabled-sso-step-up:
-      summary: Password policy - SSPR with any SSO authenticator as step up
-      description: This password policy permits self-service password change, reset, and unlock. Phone SMS or email are initial authenticators. The step-up authentication required is any active SSO authenticator.
-      value:
         name: SSPR Rule
         priority: 1
         status: ACTIVE
@@ -21357,17 +31235,21 @@ components:
                 methods:
                   - push
                   - sms
+                  - otp
+                methodConstraints:
+                  - method: otp
+                    allowedAuthenticators:
+                      - key: google_otp
               stepUp:
                 required: true
           selfServiceUnlock:
             access: ALLOW
         system: false
         type: PASSWORD
-    sspr-enabled-sso-step-up-response:
-      summary: Password policy - SSPR with any SSO authenticator as step up
+    sspr-enabled-sso-step-up-with-constraints-response:
+      summary: Password policy - Enable SSPR with OTP enabled and Google authenticator constraint
       value:
         id: ruleId
-        $ref: '#/components/examples/sspr-enabled-sso-step-up/value'
         _links:
           self:
             href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
@@ -21381,13 +31263,37 @@ components:
             hints:
               allow:
                 - POST
-    sspr-enabled-sso-step-up-update:
-      summary: Password policy - SSPR with any SSO authenticator as step up
-      description: This password policy permits self-service password change, reset, and unlock. Phone SMS or email are initial authenticators. The step-up authentication required is any active SSO authenticator.
-      value:
-        id: ruleId
-        $ref: '#/components/examples/sspr-enabled-sso-step-up/value'
-    sspr-enabled-sso-step-up-with-constraints:
+        name: SSPR Rule
+        priority: 1
+        status: ACTIVE
+        conditions:
+          people:
+            users:
+              exclude: []
+          network:
+            connection: ANYWHERE
+        actions:
+          passwordChange:
+            access: ALLOW
+          selfServicePasswordReset:
+            access: ALLOW
+            requirement:
+              primary:
+                methods:
+                  - push
+                  - sms
+                  - otp
+                methodConstraints:
+                  - method: otp
+                    allowedAuthenticators:
+                      - key: google_otp
+              stepUp:
+                required: true
+          selfServiceUnlock:
+            access: ALLOW
+        system: false
+        type: PASSWORD
+    sspr-enabled-sso-step-up-with-constraints-update:
       summary: Password policy - Enable SSPR with OTP enabled and Google authenticator constraint
       description: This password policy permits self-service password change, reset, and unlock. Okta Verify push, Phone SMS, or Google OTP are initial authenticators. The secondary authentication required is any SSO authenticator. The `methodConstraints` property limits OTP authenticators to Google.
       value:
@@ -21422,30 +31328,200 @@ components:
             access: ALLOW
         system: false
         type: PASSWORD
-    sspr-enabled-sso-step-up-with-constraints-response:
-      summary: Password policy - Enable SSPR with OTP enabled and Google authenticator constraint
+    streamConfigurationExample:
+      summary: SSF Stream configuration example
       value:
-        id: ruleId
-        $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints/value'
+        aud: https://example.com
+        delivery:
+          method: urn:ietf:rfc:8935
+          endpoint_url: https://example.com
+        events_delivered:
+          - https://schemas.openid.net/secevent/caep/event-type/session-revoked
+          - https://schemas.openid.net/secevent/caep/event-type/credential-change
+        events_requested:
+          - https://schemas.openid.net/secevent/caep/event-type/session-revoked
+          - https://schemas.openid.net/secevent/caep/event-type/credential-change
+        events_supported:
+          - https://schemas.openid.net/secevent/caep/event-type/session-revoked
+          - https://schemas.openid.net/secevent/caep/event-type/credential-change
+        format: iss_sub
+        iss: https://{yourOktaDomain}
+        min_verification_interval: 0
+        stream_id: esc1k235GIIztAuGK0g5
+    twofa-enabled-disallow-password-allow-phishing:
+      summary: Authentication policy - 2FA with granular authentication
+      description: This two-factor authentication policy uses a rule to disallow passwords and require phishing resistance for possession authenticators for authentication.
+      value:
+        name: Passwordless 2FA
+        actions:
+          appSignOn:
+            access: ALLOW
+            verificationMethod:
+              factorMode: 2FA
+              type: ASSURANCE
+              reauthenticateIn: PT0S
+              constraints:
+                knowledge:
+                  excludedAuthenticationMethods:
+                    key: okta_password
+                possession:
+                  deviceBound: REQUIRED
+                  phishingREsistant: REQUIRED
+        type: ACCESS_POLICY
+    twofa-enabled-disallow-password-allow-phishing-response:
+      summary: Authentication policy - 2FA with granular authentication
+      description: The rule from a two-factor authentication policy that disallows passwords and requires phishing resistance
+      value:
+        id: rul7yut96gmsOzKAA1d6
+        status: ACTIVE
+        name: Passwordless 2FA
+        priority: 0
+        created: '2023-05-01T21:13:15.000Z'
+        lastUpdated: '2023-05-01T21:13:15.000Z'
+        system: false
+        conditions: null
+        actions:
+          appSignOn:
+            access: ALLOW
+            verificationMethod:
+              factorMode: 2FA
+              type: ASSURANCE
+              reauthenticateIn: PT0S
+              constraints:
+                knowledge:
+                  excludedAuthenticationMethods:
+                    key: okta_password
+                  required: false
+                possession:
+                  deviceBound: REQUIRED
+                  phishingREsistant: REQUIRED
+                  required: true
+        type: ACCESS_POLICY
         _links:
           self:
-            href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
+            href: https://sampleorg.okta.com/api/v1/policies/rst7xus97faIAgmti1d7/rules/rul7yut96gmsOzKAA1d6
             hints:
               allow:
                 - GET
                 - PUT
-                - DELETE
-          deactivate:
-            href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate
-            hints:
-              allow:
-                - POST
-    sspr-enabled-sso-step-up-with-constraints-update:
-      summary: Password policy - Enable SSPR with OTP enabled and Google authenticator constraint
-      description: This password policy permits self-service password change, reset, and unlock. Okta Verify push, Phone SMS, or Google OTP are initial authenticators. The secondary authentication required is any SSO authenticator. The `methodConstraints` property limits OTP authenticators to Google.
+    update-auth-policy-rule-condition:
+      summary: Authentication policy - Update rule with conditions
+      description: Updates the conditions object on the request body of an authentication policy rule.
       value:
-        id: ruleId
-        $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints/value'
+        type: ACCESS_POLICY
+        name: Rule with conditions - exclude a group
+        description: Updated policy rule
+        conditions:
+          userType:
+            include: []
+            exclude:
+              - otyezu4m0xN6w5JEa1d7
+          network:
+            connection: ZONE
+            exclude:
+              - nzo9o4rctwQCJNE6y1d7
+          riskScore:
+            level: ANY
+          people:
+            users:
+              exclude:
+                - 00u7yq5goxNFTiMjW1d7
+              include: []
+            groups:
+              include: []
+              exclude:
+                - 00g8vta8qzkxPEfKC1d7
+          platform:
+            include:
+              - type: MOBILE
+                os:
+                  type: IOS
+              - type: MOBILE
+                os:
+                  type: ANDROID
+              - type: DESKTOP
+                os:
+                  type: MACOS
+          elCondition: null
+    update-auth-policy-rule-condition-response:
+      summary: Authentication policy - Update rule with conditions
+      description: The response body from an updated conditions object of an authentication policy rule.
+      value:
+        id: rulezuo73ySrHndLb1d7
+        status: ACTIVE
+        name: Rule with conditions - exclude a group
+        priority: 0
+        created: '2024-04-25T17:35:02.000Z'
+        lastUpdated: '2024-04-25T17:35:02.000Z'
+        system: false
+        conditions:
+          people:
+            users:
+              exclude: []
+            groups:
+              exclude:
+                - 00u7yq5goxNFTiMjW1d7
+            network:
+              connection: ZONE
+              exclude:
+                - nzo9o4rctwQCJNE6y1d7
+              platform:
+                platform:
+                  include:
+                    - type: MOBILE
+                      os:
+                        type: IOS
+                    - type: MOBILE
+                      os:
+                        type: ANDROID
+                    - type: DESKTOP
+                      os:
+                        type: MACOS
+                  exclude: []
+                riskScore:
+                  level: ANY
+                userType:
+                  include: []
+                  exclude:
+                    - otyezu4m0xN6w5JEa1d7
+          actions:
+            appSignOn:
+              access: ALLOW
+              verificationMethod:
+                factorMode: 2FA
+                type: ASSURANCE
+                reauthenticateIn: PT2H
+                constraints:
+                  knowledge:
+                    required: true
+                    types:
+                      - password
+                    reauthenticateIn: PT2H
+          type: ACCESS_POLICY
+          _links:
+            self:
+              href: https://sampleorg.okta.com/api/v1/policies/rst7xus97faIAgmti1d7/rules/rul7yut96gmsOzKAA1d6
+              hints:
+                allow:
+                  - GET
+                  - PUT
+                  - DELETE
+            deactivate:
+              href: https://sampleorg.okta.com/api/v1/policies/rst7xus97faIAgmti1d7/rules/rul7yut96gmsOzKAA1d6
+              hints:
+                allow:
+                  - GET
+                  - PUT
+                  - DELETE
+    wellKnownSSFMetadataExample:
+      summary: Well-Known SSF Metadata example
+      value:
+        configuration_endpoint: https://{yourOktaDomain}/api/v1/ssf/stream
+        delivery_methods_supported:
+          - https://schemas.openid.net/secevent/risc/delivery-method/push
+          - urn:ietf:rfc:8935
+        issuer: https://{yourOktaDomain}
+        jwks_uri: https://{yourOktaDomain}/oauth2/v1/keys
   parameters:
     UISchemaId:
       name: id
@@ -21455,6 +31531,28 @@ components:
       schema:
         type: string
         example: uis4a7liocgcRgcxZ0g7
+    appInstanceId:
+      name: appInstanceId
+      in: path
+      description: ID of the AD AppInstance in Okta
+      schema:
+        type: string
+      required: true
+    assignmentId:
+      name: assignmentId
+      description: '`id` of the Realm Assignment'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: rul2jy7jLUlnO3ng00g4
+    authenticatorEnrollmentId:
+      name: authenticatorEnrollmentId
+      in: path
+      required: true
+      description: ID for a WebAuthn Preregistration Factor in Okta
+      schema:
+        type: string
     pathApiServiceId:
       name: apiServiceId
       in: path
@@ -21473,19 +31571,35 @@ components:
       description: id of the API Token
     pathAppId:
       name: appId
-      description: ID of the Application
+      description: Application ID
       in: path
       required: true
       schema:
         type: string
         example: 0oafxqCAJWWGELFTYASJ
+    pathAppInstanceId:
+      name: appInstanceId
+      in: path
+      schema:
+        type: string
+      description: '`id` of the application instance'
+      required: true
     pathAppName:
       name: appName
+      description: Application name for the app type
       in: path
       required: true
       schema:
         type: string
         example: oidc_client
+    pathAppUserId:
+      name: userId
+      description: ID of an existing Okta user
+      in: path
+      required: true
+      schema:
+        type: string
+        example: 00u13okQOVWZJGDOAUVR
     pathAssociatedServerId:
       name: associatedServerId
       description: '`id` of the associated Authorization Server'
@@ -21525,6 +31639,14 @@ components:
       schema:
         type: string
       description: The ID of the brand
+    pathBundleId:
+      name: bundleId
+      in: path
+      schema:
+        type: string
+        example: 08ab2db568c7c300079fefd0
+      required: true
+      description: The `id` of a bundle
     pathCaptchaId:
       name: captchaId
       in: path
@@ -21554,6 +31676,14 @@ components:
       required: true
       schema:
         type: string
+    pathCredentialKeyId:
+      name: keyId
+      description: '`id` of the certificate key'
+      in: path
+      required: true
+      schema:
+        type: string
+        example: P7jXpG-LG2ObNgY9C0Mn2uf4InCQTmRZMDCZoVNxdrk
     pathCsrId:
       name: csrId
       description: '`id` of the CSR'
@@ -21605,7 +31735,15 @@ components:
       required: true
       schema:
         type: string
-        description: The ID of the email SMTP Server
+        description: ID of your SMTP Server configuration
+    pathEntitlementId:
+      name: entitlementId
+      in: path
+      schema:
+        type: string
+        example: 0obfxqCAJWWGELFTYASJ
+      required: true
+      description: The `id` of a bundle entitlement
     pathEventHookId:
       name: eventHookId
       description: '`id` of the Event Hook'
@@ -21613,10 +31751,10 @@ components:
       required: true
       schema:
         type: string
-        example: YTDQbItFfFuy9RdHrvly
+        example: who8vt36qfNpCGz9H1e6
     pathFactorId:
       name: factorId
-      description: '`id` of the Factor'
+      description: ID of an existing user Factor
       in: path
       required: true
       schema:
@@ -21624,7 +31762,7 @@ components:
         example: zAgrsaBe0wVGRugDYtdv
     pathFeatureId:
       name: featureId
-      description: '`id` of the Feature'
+      description: '`id` of the feature'
       in: path
       required: true
       schema:
@@ -21635,12 +31773,22 @@ components:
       description: Name of the Feature
       in: path
       required: true
+      schema:
+        $ref: '#/components/schemas/ApplicationFeatureType'
+    pathFirstPartyAppName:
+      name: appName
+      description: |
+        The key name for the Okta app.<br>
+        Supported apps:
+          * Okta Admin Console (`admin-console`)
+      in: path
+      required: true
       schema:
         type: string
-        example: USER_PROVISIONING
+        example: admin-console
     pathGrantId:
       name: grantId
-      description: ID of the Grant
+      description: Grant ID
       in: path
       required: true
       schema:
@@ -21724,13 +31872,14 @@ components:
         example: sjP9eiETijYz110VkhHN
     pathLifecycle:
       name: lifecycle
-      description: Whether to `enable` or `disable` the feature
+      description: Whether to `ENABLE` or `DISABLE` the feature
       in: path
       required: true
       schema:
         $ref: '#/components/schemas/FeatureLifecycle'
     pathLinkedObjectName:
       name: linkedObjectName
+      description: Primary or Associated name
       in: path
       required: true
       schema:
@@ -21767,7 +31916,7 @@ components:
       description: '`id` of a member'
     pathMethodType:
       name: methodType
-      description: Type of the authenticator method
+      description: Type of authenticator method
       in: path
       required: true
       schema:
@@ -21778,6 +31927,12 @@ components:
       required: true
       schema:
         $ref: '#/components/schemas/NotificationType'
+    pathOAuthProvisioningAppName:
+      name: appName
+      in: path
+      required: true
+      schema:
+        $ref: '#/components/schemas/OAuthProvisioningEnabledApp'
     pathOperation:
       name: operation
       in: path
@@ -21825,13 +31980,14 @@ components:
       required: true
     pathPrimaryRelationshipName:
       name: primaryRelationshipName
+      description: Name of the `primary` relationship being assigned
       in: path
       required: true
       schema:
         type: string
     pathPrimaryUserId:
       name: primaryUserId
-      description: '`id` of primary User'
+      description: User ID to be assigned to the `primary` relationship for the `associated` user
       in: path
       required: true
       schema:
@@ -21870,6 +32026,7 @@ components:
         example: vvrcFogtKCrK9aYq3fgV
     pathRelationshipName:
       name: relationshipName
+      description: Name of the `primary` or `associated` relationship being queried
       in: path
       required: true
       schema:
@@ -21882,6 +32039,14 @@ components:
         example: ire106sQKoHoXXsAe0g4
       required: true
       description: '`id` of a resource'
+    pathResourceSelectorId:
+      name: resourceSelectorId
+      in: path
+      schema:
+        type: string
+        example: rsl1hx31gVEa6x10v0g5
+      required: true
+      description: '`id` of a Resource Selector'
     pathResourceSetId:
       name: resourceSetId
       in: path
@@ -21917,7 +32082,7 @@ components:
     pathRoleRef:
       name: roleRef
       in: path
-      description: A reference to an existing role. Standard roles require a `roleType`, while Custom Roles require a `roleId`. See [Standard Role Types](https://developer.okta.com/docs/concepts/role-assignment/#standard-role-types).
+      description: A reference to an existing role. Standard roles require a `roleType`, while Custom Roles require a `roleId`. See [Standard Roles](/openapi/okta-management/guides/roles/#standard-roles).
       required: true
       schema:
         oneOf:
@@ -21962,6 +32127,14 @@ components:
       required: true
       schema:
         type: string
+    pathSecurityEventProviderId:
+      name: securityEventProviderId
+      in: path
+      schema:
+        type: string
+        example: sse1qg25RpusjUP6m0g5
+      required: true
+      description: '`id` of the Security Events Provider instance'
     pathSessionId:
       name: sessionId
       description: '`id` of the Session'
@@ -21970,6 +32143,14 @@ components:
       schema:
         type: string
         example: l7FbDVqS8zHSy65uJD85
+    pathSubmissionId:
+      name: submissionId
+      description: OIN Integration ID
+      in: path
+      required: true
+      schema:
+        type: string
+        example: acme_submissionapp_1
     pathTargetGroupId:
       name: targetGroupId
       in: path
@@ -22009,7 +32190,7 @@ components:
         example: sHHSth53yJAyNSTQKDJZ
     pathTransactionId:
       name: transactionId
-      description: '`id` of the Transaction'
+      description: ID of an existing Factor verification transaction
       in: path
       required: true
       schema:
@@ -22039,6 +32220,14 @@ components:
       required: true
     pathUserId:
       name: userId
+      description: ID of an existing Okta user
+      in: path
+      required: true
+      schema:
+        type: string
+    pathUserIdOrLogin:
+      name: userIdOrLogin
+      description: User ID or login value of the user assigned the `associated` relationship
       in: path
       required: true
       schema:
@@ -22051,19 +32240,76 @@ components:
       required: true
       description: '`id` of the Network Zone'
       example: nzowc1U5Jh5xuAK0o0g3
+    privilegedResourceId:
+      name: id
+      in: path
+      description: ID of an existing privileged resource
+      required: true
+      schema:
+        type: string
     queryAfter:
       name: after
       in: query
       schema:
         type: string
-      description: The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](/#pagination) for more information.
-    queryExpand:
+      description: The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](/#pagination).
+    queryAppAfter:
+      name: after
+      in: query
+      description: Specifies the pagination cursor for the next page of results. Treat this as an opaque value obtained through the next link relationship. See [Pagination](/#pagination).
+      schema:
+        type: string
+        example: 16275000448691
+    queryAppGrantsExpand:
       name: expand
       in: query
-      description: 'An optional parameter to include scope details in the `_embedded` attribute. Valid value: `scope`'
+      description: 'An optional parameter to return scope details in the `_embedded` property. Valid value: `scope`'
       schema:
         type: string
         example: scope
+    queryAppLimit:
+      name: limit
+      in: query
+      schema:
+        type: integer
+        format: int32
+        minimum: 1
+        maximum: 500
+        default: 50
+      description: |
+        Specifies the number of objects to return per page.
+        If there are multiple pages of results, the Link header contains a `next` link that you need to use as an opaque value (follow it, don't parse it).
+        See [Pagination](/#pagination).
+    queryAppUserExpand:
+      name: expand
+      in: query
+      description: |-
+        An optional query parameter to return the corresponding [User](/openapi/okta-management/management/tag/User/) object in the `_embedded` property.
+        Valid value: `user`
+      schema:
+        type: string
+        example: user
+    queryAppUserQ:
+      name: q
+      in: query
+      schema:
+        type: string
+        example: sam
+      description: |
+        Specifies a filter for the list of Application Users returned based on their profile attributes.
+        The value of `q` is matched against the beginning of the following profile attributes: `userName`, `firstName`, `lastName`, and `email`.
+        This filter only supports the `startsWith` operation that matches the `q` string against the beginning of the attribute values.
+        > **Note:** For OIDC apps, user profiles don't contain the `firstName` or `lastName` attributes. Therefore, the query only matches against the `userName` or `email` attributes.
+    queryAppsExpand:
+      name: expand
+      in: query
+      description: |-
+        An optional parameter used for link expansion to embed more resources in the response.
+        Only supports `expand=user/{userId}` and must be used with the `user.id eq "{userId}"` filter query for the same user.
+        Returns the assigned [Application User](/openapi/okta-management/management/tag/ApplicationUsers/) in the `_embedded` property.
+      schema:
+        type: string
+        example: user/{userId}
     queryExpandBrand:
       name: expand
       in: query
@@ -22129,6 +32375,61 @@ components:
       description: Searches the records for matching value
       schema:
         type: string
+    queryGroupAssignmentLimit:
+      name: limit
+      in: query
+      description: |-
+        Specifies the number of objects to return per page.
+        If there are multiple pages of results, the Link header contains a `next` link that you need to use as an opaque value (follow it, don't parse it).
+        See [Pagination](/#pagination).
+      examples:
+        min:
+          value: 20
+          summary: Minimum limit value
+        hundred:
+          value: 100
+          summary: Sample limit value
+        max:
+          value: 200
+          summary: Maximum limit value
+      schema:
+        type: integer
+        format: int32
+        default: 20
+        minimum: 20
+        maximum: 200
+    queryGroupAssignmentWithGroupExpand:
+      name: expand
+      in: query
+      description: |-
+        An optional query parameter to return the corresponding assigned [Group](/openapi/okta-management/management/tag/Group/) or 
+        the group assignment metadata details in the `_embedded` property. 
+      schema:
+        type: string
+        example: group
+      examples:
+        group:
+          value: group
+          summary: Embedded assigned Group
+        metadata:
+          value: metadata
+          summary: Embedded group assignment metadata
+    queryGroupAssignmentWithMetadataExpand:
+      name: expand
+      in: query
+      description: |-
+        An optional query parameter to return the corresponding assigned [Group](/openapi/okta-management/management/tag/Group/) or 
+        the group assignment metadata details in the `_embedded` property. 
+      schema:
+        type: string
+        example: metadata
+      examples:
+        group:
+          value: group
+          summary: Embedded assigned Group
+        metadata:
+          value: metadata
+          summary: Embedded group assignment metadata
     queryLanguage:
       name: language
       schema:
@@ -22166,6 +32467,14 @@ components:
       schema:
         type: boolean
       required: false
+    queryUserExpand:
+      name: expand
+      in: query
+      description: 'An optional parameter to include metadata in the `_embedded` attribute. Valid value: `blocks`'
+      required: false
+      schema:
+        type: string
+        example: blocks
     simulateParameter:
       name: expand
       description: Use `expand=EVALUATED` to include a list of evaluated but not matched policies and policy rules. Use `expand=RULE` to include details about why a rule condition was (not) matched.
@@ -22178,12 +32487,62 @@ components:
       content:
         application/json:
           schema:
-            $ref: '#/components/schemas/Authenticator'
+            $ref: '#/components/schemas/AuthenticatorBase'
           examples:
             Duo:
               $ref: '#/components/examples/AuthenticatorRequestDuo'
       required: true
   responses:
+    ErrorAppUserForbidden403:
+      description: Forbidden
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/Error'
+          examples:
+            AppUserProvEx:
+              $ref: '#/components/examples/ErrorAppUserForbiddenAction'
+            AccessDenied:
+              $ref: '#/components/examples/ErrorAccessDenied'
+    ErrorAppUserUpdateBadRequest400:
+      description: Bad Request
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/Error'
+          examples:
+            AppUserUpdateCredEx:
+              $ref: '#/components/examples/ErrorAppUserUpdateBadRequest'
+            APIValidationFailed:
+              $ref: '#/components/examples/ErrorApiValidationFailed'
+    AuthenticatorResponse:
+      description: OK
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/AuthenticatorBase'
+          examples:
+            Duo:
+              $ref: '#/components/examples/AuthenticatorResponseDuo'
+            Email:
+              $ref: '#/components/examples/AuthenticatorResponseEmail'
+            Password:
+              $ref: '#/components/examples/AuthenticatorResponsePassword'
+            Phone:
+              $ref: '#/components/examples/AuthenticatorResponsePhone'
+            WebAuthn:
+              $ref: '#/components/examples/AuthenticatorResponseWebAuthn'
+            SecurityQuestion:
+              $ref: '#/components/examples/AuthenticatorResponseSecurityQuestion'
+    AuthenticatorResponseInactiveWebAuthn:
+      description: OK
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/AuthenticatorBase'
+          examples:
+            WebAuthn:
+              $ref: '#/components/examples/AuthenticatorResponseInactiveWebAuthn'
     ErrorApiValidationFailed400:
       description: Bad Request
       content:
@@ -22238,26 +32597,63 @@ components:
           examples:
             TooManyRequests:
               $ref: '#/components/examples/ErrorTooManyRequests'
-    AuthenticatorResponse:
-      description: OK
+    Error502NoConnectedAgents:
+      description: There are no connected agents.
       content:
         application/json:
           schema:
-            $ref: '#/components/schemas/Authenticator'
+            $ref: '#/components/schemas/Error'
           examples:
-            Duo:
-              $ref: '#/components/examples/AuthenticatorResponseDuo'
-            Email:
-              $ref: '#/components/examples/AuthenticatorResponseEmail'
-            Password:
-              $ref: '#/components/examples/AuthenticatorResponsePassword'
-            Phone:
-              $ref: '#/components/examples/AuthenticatorResponsePhone'
-            WebAuthn:
-              $ref: '#/components/examples/AuthenticatorResponseWebAuthn'
-            SecurityQuestion:
-              $ref: '#/components/examples/AuthenticatorResponseSecurityQuestion'
+            AgentTimeOut:
+              $ref: '#/components/examples/ErrorAgentTimeOut'
+    Error504AgentTimeOut:
+      description: Timed out waiting for agent.
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/Error'
+          examples:
+            AgentTimeOut:
+              $ref: '#/components/examples/ErrorNoConnectedAgents'
+    NzErrorApiValidationFailed400:
+      description: Bad Request
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/Error'
+          examples:
+            APIValidationFailed:
+              $ref: '#/components/examples/NzErrorApiValidationFailed'
+    NzErrorResourceNotFound404:
+      description: Not Found
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/Error'
+          examples:
+            ResourceNotFound:
+              $ref: '#/components/examples/NzErrorResourceNotFound'
   schemas:
+    AAGUIDGroupObject:
+      description: |
+        <x-lifecycle class="ea"></x-lifecycle>
+        The AAGUID Group object supports the Early Access (Self-Service) Allow List for FIDO2 (WebAuthn) Authenticators feature. Enable the feature for your org from the **Settings** > **Features** page in the Admin Console.
+
+        This feature has several limitations when enrolling a security key:
+          - Enrollment is currently unsupported on Firefox.
+          - Enrollment is currently unsupported on Chrome if User Verification is set to DISCOURAGED and a PIN is set on the security key.
+          - If prompted during enrollment, users must allow Okta to see the make and model of the security key.
+      type: object
+      properties:
+        aaguids:
+          description: A list of YubiKey hardware FIDO2 Authenticator Attestation Global Unique Identifiers (AAGUIDs). The available [AAGUIDs](https://support.yubico.com/hc/en-us/articles/360016648959-YubiKey-Hardware-FIDO2-AAGUIDs) (opens new window) are provided by the FIDO Alliance Metadata Service.
+          type: array
+          items:
+            type: string
+            description: AAGUID
+        name:
+          type: string
+          description: A name to identify the group of YubiKey hardware FIDO2 AAGUIDs
     APIServiceIntegrationInstance:
       type: object
       properties:
@@ -22398,6 +32794,15 @@ components:
     AccessPolicyConstraint:
       type: object
       properties:
+        authenticationMethods:
+          description: This property specifies the precise authenticator and method for authentication. <x-lifecycle class="oie"></x-lifecycle>
+          type: array
+          items:
+            $ref: '#/components/schemas/AuthenticationMethodObject'
+        excludedAuthenticationMethods:
+          description: This property specifies the precise authenticator and method to exclude from authentication. <x-lifecycle class="oie"></x-lifecycle>
+          items:
+            $ref: '#/components/schemas/AuthenticationMethodObject'
         methods:
           description: The Authenticator methods that are permitted
           items:
@@ -22420,6 +32825,9 @@ components:
         reauthenticateIn:
           description: The duration after which the user must re-authenticate regardless of user activity. This re-authentication interval overrides the Verification Method object's `reauthenticateIn` interval. The supported values use ISO 8601 period format for recurring time intervals (for example, `PT1H`).
           type: string
+        required:
+          description: This property indicates whether the knowledge or possession factor is required by the assurance. It's optional in the request, but is always returned in the response. By default, this field is `true`. If the knowledge or possession constraint has values for `excludedAuthenticationMethods` the `required` value is false. <x-lifecycle class="oie"></x-lifecycle>
+          type: boolean
         types:
           description: The Authenticator types that are permitted
           items:
@@ -22433,36 +32841,6 @@ components:
               - APP
               - FEDERATED
           type: array
-        authenticationMethods:
-          x-okta-lifecycle:
-            features:
-              - ASSURANCE_GRANULAR_AUTHENTICATOR_CONSTRAINTS
-          description: This property specifies the precise authenticator and method for authentication.
-          type: array
-          items:
-            $ref: '#/components/schemas/AuthenticationMethodObject'
-        excludedAuthenticationMethods:
-          x-okta-lifecycle:
-            features:
-              - ASSURANCE_GRANULAR_AUTHENTICATOR_CONSTRAINTS
-          description: This property specifies the precise authenticator and method to exclude from authentication.
-          items:
-            $ref: '#/components/schemas/AuthenticationMethodObject'
-        required:
-          x-okta-lifecycle:
-            features:
-              - ASSURANCE_GRANULAR_AUTHENTICATOR_CONSTRAINTS
-          description: This property indicates whether the knowledge or possession factor is required by the assurance. It's optional in the request, but is always returned in the response. By default, this field is `true`. If the knowledge or possession constraint has values for`excludedAuthenticationMethods` the `required` value is false.
-          type: boolean
-    AuthenticationMethodObject:
-      type: object
-      properties:
-        key:
-          type: string
-          description: A label that identifies the authenticator
-        method:
-          type: string
-          description: Specifies the method used for the authenticator
     AccessPolicyConstraints:
       type: object
       properties:
@@ -22524,19 +32902,28 @@ components:
       required:
         - url
         - index
-    ActivateFactorRequest:
+    Actions:
       type: object
       properties:
-        attestation:
-          type: string
-        clientData:
-          type: string
-        passCode:
-          type: string
-        registrationData:
-          type: string
-        stateToken:
-          type: string
+        assignUserToRealm:
+          $ref: '#/components/schemas/AssignUserToRealm'
+    AdminConsoleSettings:
+      title: Okta Admin Console Settings
+      description: Settings specific to the Okta Admin Console
+      type: object
+      properties:
+        sessionIdleTimeoutMinutes:
+          description: The maximum idle time before the Okta Admin Console session expires. Must be no more than 12 hours.
+          type: integer
+          minimum: 5
+          maximum: 720
+          default: 15
+        sessionMaxLifetimeMinutes:
+          description: The absolute maximum session lifetime of the Okta Admin Console. Must be no more than 7 days.
+          type: integer
+          minimum: 5
+          maximum: 10080
+          default: 720
     Agent:
       description: Agent details
       type: object
@@ -22567,6 +32954,16 @@ components:
           type: string
         _links:
           $ref: '#/components/schemas/LinksSelf'
+    AgentAction:
+      description: Details about the AD Group membership update
+      type: object
+      properties:
+        id:
+          type: string
+          description: ID of the AD group to update
+        parameters:
+          type: object
+          $ref: '#/components/schemas/Parameters'
     AgentPool:
       description: An AgentPool is a collection of agents that serve a common purpose. An AgentPool has a unique ID within an org, and contains a collection of agents disjoint to every other AgentPool (i.e. no two AgentPools share an Agent).
       type: object
@@ -22666,6 +33063,7 @@ components:
         - Scheduled
         - Success
     AllowedForEnum:
+      description: The allowed types of uses for the Authenticator
       type: string
       enum:
         - any
@@ -22697,6 +33095,23 @@ components:
           readOnly: true
         name:
           type: string
+        network:
+          type: object
+          description: The Network Condition of the API Token
+          properties:
+            connection:
+              type: string
+              description: The connection type of the Network Condition
+            include:
+              type: array
+              description: List of included IP network zones
+              items:
+                type: string
+            exclude:
+              type: array
+              description: List of excluded IP network zones
+              items:
+                type: string
         tokenWindow:
           $ref: '#/components/schemas/TimeDuration'
         userId:
@@ -22705,6 +33120,74 @@ components:
           $ref: '#/components/schemas/LinksSelf'
       required:
         - name
+    ApiTokenUpdate:
+      title: API Token Update
+      description: An API Token Update Object for an Okta user. This token is NOT scoped any further and can be used for any API that the user has permissions to call.
+      type: object
+      properties:
+        clientName:
+          type: string
+          description: The client name associated with the API Token
+          readOnly: true
+        created:
+          type: string
+          description: The creation date of the API Token
+          format: date-time
+          readOnly: true
+        name:
+          type: string
+          description: The name associated with the API Token
+        network:
+          type: object
+          description: The Network Condition of the API Token
+          properties:
+            connection:
+              type: string
+              description: The connection type of the Network Condition
+            include:
+              type: array
+              description: List of included IP network zones
+              items:
+                type: string
+            exclude:
+              type: array
+              description: List of excluded IP network zones
+              items:
+                type: string
+        userId:
+          type: string
+          description: The userId of the user who created the API Token
+    AppAccountContainerDetails:
+      description: Container details for resource type APP_ACCOUNT
+      type: object
+      properties:
+        appName:
+          type: string
+          description: The application name
+          readOnly: true
+        containerId:
+          type: string
+          description: The application ID associated with the privileged account
+        displayName:
+          type: string
+          description: Human-readable name of the container that owns the privileged resource
+          readOnly: true
+        globalAppId:
+          type: string
+          description: The application global ID
+          readOnly: true
+        passwordPushSupported:
+          type: boolean
+          description: Indicates if the application supports password push
+          readOnly: true
+        provisioningEnabled:
+          type: boolean
+          description: Indicates if provisioning is enabled for this application
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/appLink'
+      required:
+        - containerId
     AppAndInstanceConditionEvaluatorAppOrInstance:
       type: object
       properties:
@@ -22729,10 +33212,34 @@ components:
           items:
             $ref: '#/components/schemas/AppAndInstanceConditionEvaluatorAppOrInstance'
     AppAndInstanceType:
+      description: Type of app
       type: string
       enum:
         - APP
         - APP_TYPE
+    AppCustomHrefObject:
+      type: object
+      properties:
+        hints:
+          type: object
+          description: Describes allowed HTTP verbs for the `href`
+          properties:
+            allow:
+              type: array
+              items:
+                type: string
+        href:
+          type: string
+          description: Link URI
+        title:
+          type: string
+          description: Link name
+        type:
+          type: string
+          description: The media type of the link. If omitted, it is implicitly `application/json`.
+      required:
+        - href
+      readOnly: true
     AppInstancePolicyRuleCondition:
       type: object
       properties:
@@ -22779,30 +33286,28 @@ components:
           readOnly: true
     AppUser:
       title: Application User
-      description: The App User object defines a user's app-specific profile and credentials for an app.
+      description: The Application User object defines a user's app-specific profile and credentials for an app
       type: object
       properties:
         created:
-          type: string
-          description: Timestamp when the App User object was created
-          format: date-time
-          readOnly: true
-          example: '2014-06-24T15:27:59.000Z'
+          allOf:
+            - $ref: '#/components/schemas/createdProperty'
+            - example: '2014-06-24T15:27:59.000Z'
         credentials:
           $ref: '#/components/schemas/AppUserCredentials'
         externalId:
           type: string
           description: |-
-            The ID of the user in the target app that's linked to the Okta App User object.
+            The ID of the user in the target app that's linked to the Okta Application User object.
             This value is the native app-specific identifier or primary key for the user in the target app.
 
-            The `externalId` is set during import when the user is confirmed (reconciled) or during provisioning when the user has been successfully created in the target app.
+            The `externalId` is set during import when the user is confirmed (reconciled) or during provisioning when the user is created in the target app.
             This value isn't populated for SSO app assignments (for example, SAML or SWA) because it isn't synchronized with a target app.
           readOnly: true
           example: 70c14cc17d3745e8a9f98d599a68329c
         id:
           type: string
-          description: Unique identifier of the App User object (only required for apps with `signOnMode` or authentication schemes that don't require credentials)
+          description: Unique identifier for the Okta User
           example: 00u11z6WHMYCGPCHCRFK
         lastSync:
           type: string
@@ -22811,14 +33316,12 @@ components:
           readOnly: true
           example: '2014-06-24T15:27:59.000Z'
         lastUpdated:
-          type: string
-          description: Timestamp when App User was last updated
-          format: date-time
-          readOnly: true
-          example: '2014-06-24T15:28:14.000Z'
+          allOf:
+            - $ref: '#/components/schemas/lastUpdatedProperty'
+            - example: '2014-06-24T15:28:14.000Z'
         passwordChanged:
           type: string
-          description: Timestamp when the App User password was last changed
+          description: Timestamp when the Application User password was last changed
           format: date-time
           readOnly: true
           nullable: true
@@ -22827,7 +33330,7 @@ components:
           $ref: '#/components/schemas/AppUserProfile'
         scope:
           type: string
-          description: Toggles the assignment between user or group scope
+          description: Indicates if the assignment is direct (`USER`) or by group membership (`GROUP`).
           enum:
             - USER
             - GROUP
@@ -22836,7 +33339,7 @@ components:
           $ref: '#/components/schemas/AppUserStatus'
         statusChanged:
           type: string
-          description: Timestamp when the App User status was last changed
+          description: Timestamp when the Application User status was last changed
           format: date-time
           readOnly: true
           example: '2014-06-24T15:28:14.000Z'
@@ -22844,34 +33347,41 @@ components:
           $ref: '#/components/schemas/AppUserSyncState'
         _embedded:
           type: object
-          description: Embedded resources related to the App User using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification
+          description: Embedded resources related to the Application User using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification
           additionalProperties:
             type: object
             properties: {}
           readOnly: true
         _links:
           $ref: '#/components/schemas/LinksAppAndUser'
-      required:
-        - created
-        - lastUpdated
-        - scope
-        - status
-        - statusChanged
-        - _links
+    AppUserAssignRequest:
+      allOf:
+        - $ref: '#/components/schemas/AppUser'
+        - required:
+            - id
     AppUserCredentials:
-      description: Specifies a user's credentials for the app. The authentication scheme of the app determines whether a username or password can be assigned to a user.
+      description: |
+        Specifies a user's credentials for the app.
+        This parameter can be omitted for apps with [sign-on mode](/openapi/okta-management/management/tag/Application/#tag/Application/operation/getApplication!c=200&path=0/signOnMode&t=response) (`signOnMode`) or [authentication schemes](/openapi/okta-management/management/tag/Application/#tag/Application/operation/getApplication!c=200&path=0/credentials/scheme&t=response) (`credentials.scheme`) that don't require credentials.
       type: object
       properties:
         password:
           $ref: '#/components/schemas/AppUserPasswordCredential'
         userName:
           type: string
-          description: Username for the app
+          description: The user's username in the app
           minLength: 1
           maxLength: 100
-          example: testuser
+          example: testuser@example.com
+    AppUserCredentialsRequestPayload:
+      title: Credentials
+      description: Updates the assigned user credentials
+      type: object
+      properties:
+        credentials:
+          $ref: '#/components/schemas/AppUserCredentials'
     AppUserPasswordCredential:
-      description: Specifies a password for a user. This is a write-only property. An empty `password` object is returned to indicate that a password value exists.
+      description: The user's password. This is a write-only property. An empty `password` object is returned to indicate that a password value exists.
       type: object
       properties:
         value:
@@ -22880,17 +33390,24 @@ components:
           format: password
           writeOnly: true
     AppUserProfile:
-      description: |-
-        App user profiles are app-specific and can be customized by the Profile Editor in the Admin Console.
-        SSO apps typically don't support app user profiles, while apps with user provisioning features have app-specific profiles.
+      description: |
+        Specifies the default and custom profile properties for a user.
         Properties that are visible in the Admin Console for an app assignment can also be assigned through the API.
         Some properties are reference properties that are imported from the target app and can't be configured.
-      additionalProperties:
-        type: object
-        properties: {}
+        See [profile](/openapi/okta-management/management/tag/User/#tag/User/operation/getUser!c=200&path=profile&t=response).
+      additionalProperties: true
       type: object
+    AppUserProfileRequestPayload:
+      title: Profile
+      description: |-
+        Updates the assigned user profile
+        > **Note:** The Okta API currently doesn't support entity tags for conditional updates. As long as you're the only user updating the the user profile, Okta recommends you fetch the most recent profile with [Retrieve an Application User](/openapi/okta-management/management/tag/ApplicationUsers/#tag/ApplicationUsers/operation/getApplicationUser), apply your profile update, and then `POST` back the updated profile.
+      type: object
+      properties:
+        profile:
+          $ref: '#/components/schemas/AppUserProfile'
     AppUserStatus:
-      description: Status of an App User
+      description: Status of an Application User
       example: ACTIVE
       type: string
       enum:
@@ -22908,24 +33425,24 @@ components:
         - SUSPENDED
         - UNASSIGNED
       x-enumDescriptions:
-        ACTIVE: The App User is provisioned and is enabled to use the app. This status also occurs if the app has the `IMPORT_PROFILE_UPDATES` feature enabled and user import is confirmed, or if the app doesn't have provisioning enabled.
-        INACTIVE: The App User is provisioned, but isn't enabled to use the app. App Users in this status can be reactivated with a password reset or permanently deleted.
-        IMPORTED: The App User is created based on imported data.
-        MATCHED: The imported user is matched with an existing App User.
-        UNASSIGNED: The App User was imported, but the user-matching operation was skipped.
-        SUSPENDED: The App User is provisioned, but isn't enabled to use the app. App Users in this status can be reactivated without a password reset.
-        PENDING: The App User is provisioned, but in a pending state and can't use the app. The status moves to `ACTIVE` when the App User is activated.
-        APPROVED: The App User was created but not provisioned. This status can occur when manual provisioning acknowledgment is required.
-        REVOKED: The App User is disabled and waiting for deprovisioning acknowledgment. The App User can be deleted after deprovisioning acknowledgment.
-        IMPLICIT: The App User is now migrated to use implicit app assignment.
-        STAGED: The App User doesn't have `externalId` set and the background provisioning operation is queued. This applies to apps with the `PUSH_NEW_USERS` feature enabled.
-        PROVISIONED: The background provisioning operation completed and the App User was assigned an `externalId` successfully.
+        ACTIVE: The Application User is provisioned and is enabled to use the app. This status also occurs if the app has the `IMPORT_PROFILE_UPDATES` feature enabled and user import is confirmed, or if the app doesn't have provisioning enabled.
+        INACTIVE: The Application User is provisioned, but isn't enabled to use the app. Application Users in this status can be reactivated with a password reset or permanently deleted.
+        IMPORTED: The Application User is created based on imported data.
+        MATCHED: The imported user is matched with an existing Application User.
+        UNASSIGNED: The Application User was imported, but the user-matching operation was skipped.
+        SUSPENDED: The Application User is provisioned, but isn't enabled to use the app. Application Users in this status can be reactivated without a password reset.
+        PENDING: The Application User is provisioned, but in a pending state and can't use the app. The status moves to `ACTIVE` when the Application User is activated.
+        APPROVED: The Application User was created but not provisioned. This status can occur when manual provisioning acknowledgment is required.
+        REVOKED: The Application User is disabled and waiting for deprovisioning acknowledgment. The Application User can be deleted after deprovisioning acknowledgment.
+        IMPLICIT: The Application User is now migrated to use implicit app assignment.
+        STAGED: The Application User doesn't have `externalId` set and the background provisioning operation is queued. This applies to apps with the `PUSH_NEW_USERS` feature enabled.
+        PROVISIONED: The background provisioning operation completed and the Application User was assigned an `externalId` successfully.
         DEPROVISIONED: The user was removed by the provisioning operation and the `externalId` property is unassigned.
       readOnly: true
     AppUserSyncState:
       description: |-
-        The synchronization state for the App User.
-        The App User's `syncState` depends on whether the `PROFILE_MASTERING` feature is enabled for the app.
+        The synchronization state for the Application User.
+        The Application User's `syncState` depends on whether the `PROFILE_MASTERING` feature is enabled for the app.
 
         > **Note:** User provisioning currently must be configured through the Admin Console.
       example: SYNCHRONIZED
@@ -22938,11 +33455,15 @@ components:
         - SYNCING
       x-enumDescriptions:
         DISABLED: The provisioning feature is disabled for the app (`PROFILE_MASTERING` feature is disabled).
-        OUT_OF_SYNC: The App User has changes that haven't been pushed to the target app.
+        OUT_OF_SYNC: The Application User has changes that haven't been pushed to the target app.
         SYNCING: A background provisioning operation is running to update the user's profile in the target app.
-        SYNCHRONIZED: All changes to the App User profile have successfully been synchronized with the target app.
+        SYNCHRONIZED: All changes to the Application User profile have successfully been synchronized with the target app.
         ERROR: A background provisioning operation failed to update the user's profile in the target app. You must resolve the provisioning task in the Admin Console before you retry the operation.
       readOnly: true
+    AppUserUpdateRequest:
+      oneOf:
+        - $ref: '#/components/schemas/AppUserCredentialsRequestPayload'
+        - $ref: '#/components/schemas/AppUserProfileRequestPayload'
     Application:
       type: object
       properties:
@@ -22952,26 +33473,29 @@ components:
           type: string
           format: date-time
           readOnly: true
+          description: Timestamp when the Application object was created
         features:
           type: array
+          description: Enabled app features
           items:
             type: string
         id:
           type: string
           readOnly: true
+          description: Unique ID for the app instance
         label:
           $ref: '#/components/schemas/ApplicationLabel'
         lastUpdated:
           type: string
           format: date-time
           readOnly: true
+          description: Timestamp when the Application object was last updated
         licensing:
           $ref: '#/components/schemas/ApplicationLicensing'
         profile:
           type: object
-          additionalProperties:
-            type: object
-            properties: {}
+          description: Contains any valid JSON schema for specifying properties that can be referenced from a request (only available to OAuth 2.0 client apps)
+          additionalProperties: true
         signOnMode:
           $ref: '#/components/schemas/ApplicationSignOnMode'
         status:
@@ -22986,6 +33510,9 @@ components:
           readOnly: true
         _links:
           $ref: '#/components/schemas/ApplicationLinks'
+      required:
+        - signOnMode
+        - label
       discriminator:
         propertyName: signOnMode
         mapping:
@@ -22994,20 +33521,25 @@ components:
           BOOKMARK: '#/components/schemas/BookmarkApplication'
           BROWSER_PLUGIN: '#/components/schemas/BrowserPluginApplication'
           OPENID_CONNECT: '#/components/schemas/OpenIdConnectApplication'
-          SAML_1_1: '#/components/schemas/SamlApplication'
+          SAML_1_1: '#/components/schemas/Saml11Application'
           SAML_2_0: '#/components/schemas/SamlApplication'
           SECURE_PASSWORD_STORE: '#/components/schemas/SecurePasswordStoreApplication'
           WS_FEDERATION: '#/components/schemas/WsFederationApplication'
     ApplicationAccessibility:
+      description: Specifies access settings for the app
       type: object
       properties:
         errorRedirectUrl:
           type: string
+          description: Custom error page URL for the app
         loginRedirectUrl:
           type: string
+          description: Custom login page URL for the app
         selfService:
           type: boolean
+          description: Represents whether the app can be self-assignable by users
     ApplicationCredentials:
+      description: Credentials for the specified `signOnMode`
       type: object
       properties:
         signing:
@@ -23023,6 +33555,9 @@ components:
           type: string
         client_secret:
           type: string
+        pkce_required:
+          type: boolean
+          description: Require Proof Key for Code Exchange (PKCE) for additional verification
         token_endpoint_auth_method:
           $ref: '#/components/schemas/OAuthEndpointAuthenticationMethod'
     ApplicationCredentialsScheme:
@@ -23068,27 +33603,16 @@ components:
     ApplicationFeature:
       description: |
         The Feature object is used to configure application feature settings.
-
-        The only feature currently supported is `USER_PROVISIONING` for the Org2Org application type.
       type: object
       properties:
-        capabilities:
-          allOf:
-            - $ref: '#/components/schemas/CapabilitiesObject'
         description:
           type: string
           description: Description of the feature
           example: Settings for provisioning users from Okta to a downstream application
           readOnly: true
         name:
-          type: string
-          description: Identifying name of the feature
+          $ref: '#/components/schemas/ApplicationFeatureType'
           readOnly: true
-          example: USER_PROVISIONING
-          enum:
-            - USER_PROVISIONING
-          x-enumDescriptions:
-            USER_PROVISIONING: Represents the **To App** provisioning feature setting in the Admin Console
         status:
           allOf:
             - $ref: '#/components/schemas/EnabledStatus'
@@ -23099,32 +33623,72 @@ components:
           allOf:
             - $ref: '#/components/schemas/LinksSelf'
             - readOnly: true
+      discriminator:
+        propertyName: name
+        mapping:
+          USER_PROVISIONING: '#/components/schemas/UserProvisioningApplicationFeature'
+          INBOUND_PROVISIONING: '#/components/schemas/InboundProvisioningApplicationFeature'
+    ApplicationFeatureType:
+      description: |
+        Identifying name of the feature
+
+        | Value | Description   |
+        | --------- | ------------- |
+        | USER_PROVISIONING  | Represents the **To App** provisioning feature setting in the Admin Console |
+        | INBOUND_PROVISIONING | Represents the **To Okta** provisioning feature setting in the Admin Console |
+      example: USER_PROVISIONING
+      type: string
+      enum:
+        - USER_PROVISIONING
+        - USER_PROVISIONING
+        - INBOUND_PROVISIONING
+      x-enumDescriptions:
+        USER_PROVISIONING: Represents the **To App** provisioning feature setting in the Admin Console
+        INBOUND_PROVISIONING: Represents the **To Okta** provisioning feature setting in the Admin Console
     ApplicationGroupAssignment:
+      title: Application Group Assignment
+      description: The Application Group object that defines a group of users' app-specific profile and credentials for an app
       type: object
       properties:
         id:
           type: string
+          description: ID of the [Group](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Group/)
           readOnly: true
+          example: 00g4hb1HChfUriNgW0g4
         lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
+          allOf:
+            - $ref: '#/components/schemas/lastUpdatedProperty'
+            - example: '2014-06-24T15:28:14.000Z'
         priority:
           type: integer
+          description: |-
+            Priority assigned to the group. If an app has more than one group assigned to the same user, then the group with the higher priority has its profile applied to the [Application User](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/ApplicationUsers/).
+            If a priority value isn't specified, then the next highest priority is assigned by default.
+            See [Assign attribute group priority](https://help.okta.com/okta_help.htm?type=oie&id=ext-usgp-app-group-priority) and the [sample priority use case](https://help.okta.com/okta_help.htm?type=oie&id=ext-usgp-combine-values-use).
+          example: 99
         profile:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
+          $ref: '#/components/schemas/GroupAssignmentProfile'
         _embedded:
           type: object
+          description: |-
+            Embedded resource related to the Application Group using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.
+            If the `expand=group` query parameter is specified, then the [Group](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Group/) object is embedded. 
+            If the `expand=metadata` query parameter is specified, then the group assignment metadata is embedded.
           additionalProperties:
             type: object
             properties: {}
           readOnly: true
         _links:
-          $ref: '#/components/schemas/LinksSelf'
+          allOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - type: object
+              properties:
+                app:
+                  $ref: '#/components/schemas/HrefObjectAppLink'
+                group:
+                  $ref: '#/components/schemas/HrefObjectGroupLink'
     ApplicationLabel:
+      description: User-defined display name for app
       type: string
     ApplicationLayout:
       type: object
@@ -23180,7 +33744,9 @@ components:
       properties:
         seatCount:
           type: integer
+          description: Number of licenses purchased for the app
     ApplicationLifecycleStatus:
+      description: App instance status
       type: string
       enum:
         - ACTIVE
@@ -23188,6 +33754,7 @@ components:
         - INACTIVE
       readOnly: true
     ApplicationLinks:
+      description: Discoverable resources related to the app
       properties:
         accessPolicy:
           $ref: '#/components/schemas/HrefObject'
@@ -23208,6 +33775,7 @@ components:
         users:
           $ref: '#/components/schemas/HrefObject'
     ApplicationSettings:
+      description: App settings
       type: object
       properties:
         identityStoreId:
@@ -23255,6 +33823,7 @@ components:
           items:
             type: string
     ApplicationSignOnMode:
+      description: Authentication mode for the app
       type: string
       enum:
         - AUTO_LOGIN
@@ -23266,20 +33835,32 @@ components:
         - SAML_2_0
         - SECURE_PASSWORD_STORE
         - WS_FEDERATION
+    ApplicationType:
+      description: 'The type of client application. Default value: `web`.'
+      type: string
+      enum:
+        - browser
+        - native
+        - service
+        - web
     ApplicationVisibility:
       type: object
       properties:
         appLinks:
           type: object
+          description: Links or icons that appear on the End-User Dashboard when they're assigned to the app
           additionalProperties:
             type: boolean
         autoLaunch:
           type: boolean
+          description: Automatically signs in to the app when user signs into Okta
         autoSubmitToolbar:
           type: boolean
+          description: Automatically sign in when user lands on the sign-in page
         hide:
           $ref: '#/components/schemas/ApplicationVisibilityHide'
     ApplicationVisibilityHide:
+      description: Hides the app for specific end-user apps
       type: object
       properties:
         iOS:
@@ -23299,6 +33880,11 @@ components:
       properties:
         type:
           $ref: '#/components/schemas/RoleType'
+    AssignUserToRealm:
+      type: object
+      properties:
+        realmId:
+          type: string
     AssociatedServerMediated:
       type: object
       properties:
@@ -23307,14 +33893,65 @@ components:
           description: A list of the authorization server IDs
           items:
             type: string
+    AttackProtectionAuthenticatorSettings:
+      type: object
+      properties:
+        verifyKnowledgeSecondWhen2faRequired:
+          type: boolean
+          description: If true, requires users to verify a possession factor before verifying a knowledge factor when the assurance requires two-factor authentication (2FA).
+          default: false
+    AuthServerLinks:
+      allOf:
+        - $ref: '#/components/schemas/LinksSelf'
+        - type: object
+          properties:
+            claims:
+              allOf:
+                - description: Link to the authorization server claims
+                - $ref: '#/components/schemas/HrefObject'
+            deactivate:
+              allOf:
+                - $ref: '#/components/schemas/HrefObjectDeactivateLink'
+            metadata:
+              description: Link to the authorization server metadata
+              type: array
+              items:
+                $ref: '#/components/schemas/HrefObject'
+            policies:
+              allOf:
+                - description: Link to the authorization server policies
+                - $ref: '#/components/schemas/HrefObject'
+            rotateKey:
+              allOf:
+                - description: Link to the authorization server key rotation
+                - $ref: '#/components/schemas/HrefObject'
+            scopes:
+              allOf:
+                - description: Link to the authorization server scopes
+                - $ref: '#/components/schemas/HrefObject'
+    AuthenticationMethodObject:
+      type: object
+      properties:
+        key:
+          type: string
+          description: A label that identifies the authenticator
+        method:
+          type: string
+          description: Specifies the method used for the authenticator
     AuthenticationProvider:
+      description: |-
+        Specifies the authentication provider that validates the user's password credential. The user's current provider
+         is managed by the Delegated Authentication settings for your organization. The provider object is read-only.
       type: object
       properties:
         name:
           type: string
+          description: The name of the authentication provider
+          readOnly: true
         type:
           $ref: '#/components/schemas/AuthenticationProviderType'
     AuthenticationProviderType:
+      description: The type of authentication provider
       type: string
       enum:
         - ACTIVE_DIRECTORY
@@ -23323,40 +33960,242 @@ components:
         - LDAP
         - OKTA
         - SOCIAL
-    Authenticator:
+      x-enumDescriptions:
+        ACTIVE_DIRECTORY: Specifies the directory instance name as the `name` property
+        FEDERATION: Doesn't support a `password` or `recovery question` credential and must authenticate through a trusted Identity Provider
+        IMPORT: Specifies a hashed password that was imported from an external source
+        LDAP: Specifies the directory instance name as the `name` property
+        OKTA: Specifies the Okta Identity Provider
+        SOCIAL: Doesn't support a `password` or `recovery question` credential and must authenticate through a trusted Identity Provider
+      readOnly: true
+    AuthenticatorBase:
       type: object
       properties:
         created:
+          description: Timestamp when the Authenticator was created
           format: date-time
           readOnly: true
           type: string
         id:
+          description: A unique identifier for the Authenticator
           readOnly: true
           type: string
         key:
-          type: string
+          $ref: '#/components/schemas/AuthenticatorKeyEnum'
         lastUpdated:
+          description: Timestamp when the Authenticator was last modified
           format: date-time
           readOnly: true
           type: string
         name:
+          description: Display name of the Authenticator
           type: string
-        provider:
-          $ref: '#/components/schemas/AuthenticatorProvider'
-        settings:
-          $ref: '#/components/schemas/AuthenticatorSettings'
         status:
+          description: Status of the Authenticator
           $ref: '#/components/schemas/LifecycleStatus'
         type:
           $ref: '#/components/schemas/AuthenticatorType'
         _links:
+          description: Link relations for this object
           $ref: '#/components/schemas/AuthenticatorLinks'
+      discriminator:
+        propertyName: key
+        mapping:
+          custom_app: '#/components/schemas/AuthenticatorKeyCustomApp'
+          duo: '#/components/schemas/AuthenticatorKeyDuo'
+          okta_email: '#/components/schemas/AuthenticatorKeyEmail'
+          google_otp: '#/components/schemas/AuthenticatorKeyGoogleOtp'
+          external_idp: '#/components/schemas/AuthenticatorKeyExternalIdp'
+          okta_password: '#/components/schemas/AuthenticatorKeyPassword'
+          okta_verify: '#/components/schemas/AuthenticatorKeyOktaVerify'
+          onprem_mfa: '#/components/schemas/AuthenticatorKeyOnprem'
+          phone_number: '#/components/schemas/AuthenticatorKeyPhone'
+          security_key: '#/components/schemas/AuthenticatorKeySecurityKey'
+          security_question: '#/components/schemas/AuthenticatorKeySecurityQuestion'
+          symantec_vip: '#/components/schemas/AuthenticatorKeySymantecVip'
+          smart_card_idp: '#/components/schemas/AuthenticatorKeySmartCard'
+          webauthn: '#/components/schemas/AuthenticatorKeyWebauthn'
+          yubikey_token: '#/components/schemas/AuthenticatorKeyYubikey'
     AuthenticatorIdentity:
       description: Represents a particular authenticator serving as a constraint on a method
       type: object
       properties:
         key:
           type: string
+    AuthenticatorKeyCustomApp:
+      allOf:
+        - $ref: '#/components/schemas/AuthenticatorSimple'
+        - type: object
+          properties:
+            agreeToTerms:
+              type: boolean
+              description: A value of `true` indicates that the administrator accepts the [terms](https://www.okta.com/privacy-policy/)for creating a new authenticator. Okta requires that you accept the terms when creating a new `custom_app` authenticator. Other authenticators don't require this field.
+            provider:
+              type: object
+              properties:
+                type:
+                  type: string
+                  description: Provider type
+                  enum:
+                    - PUSH
+                configuration:
+                  type: object
+                  description: The configuration of the provider
+                  properties:
+                    apns:
+                      type: object
+                      properties:
+                        id:
+                          type: string
+                          description: ID of the APNs (Apple Push Notification Service) [configurations](https://developer.okta.com/docs/reference/api/push-providers/)
+                        appBundleId:
+                          type: string
+                          description: AppBundleId of the APNs (Apple Push Notification Service) [configurations](https://developer.okta.com/docs/reference/api/push-providers/)
+                        debugAppBundleId:
+                          type: string
+                          description: DebugAppBundleId of the APNs (Apple Push Notification Service) [configurations](https://developer.okta.com/docs/reference/api/push-providers/)
+                    fcm:
+                      type: object
+                      properties:
+                        id:
+                          type: string
+                          description: ID of the FCM (Firebase Cloud Messaging Service) [configurations](https://developer.okta.com/docs/reference/api/push-providers/)
+            settings:
+              type: object
+              properties:
+                userVerification:
+                  $ref: '#/components/schemas/CustomAppUserVerificationEnum'
+                appInstanceId:
+                  type: string
+                  description: The application instance ID. For custom_app, you need to create an OIDC native app using the [Apps API](https://developer.okta.com/docs/reference/api/apps/) with `Authorization Code` and `Refresh Token` grant types. You can leave both `Sign-in redirect URIs` and `Sign-out redirect URIs` as the default values.
+    AuthenticatorKeyDuo:
+      allOf:
+        - $ref: '#/components/schemas/AuthenticatorSimple'
+        - type: object
+          properties:
+            provider:
+              type: object
+              properties:
+                type:
+                  type: string
+                  description: Provider type
+                  enum:
+                    - DUO
+                configuration:
+                  type: object
+                  properties:
+                    host:
+                      type: string
+                      description: The Duo Security API hostname
+                    integrationKey:
+                      type: string
+                      description: The Duo Security integration key
+                    secretKey:
+                      type: string
+                      description: The Duo Security secret key
+                    userNameTemplate:
+                      type: object
+                      properties:
+                        template:
+                          type: string
+                          description: The Duo Security user template name
+    AuthenticatorKeyEmail:
+      allOf:
+        - $ref: '#/components/schemas/AuthenticatorSimple'
+        - type: object
+          properties:
+            settings:
+              type: object
+              properties:
+                allowedFor:
+                  $ref: '#/components/schemas/AllowedForEnum'
+                tokenLifetimeInMinutes:
+                  description: Specifies the lifetime of an email token. Default value is 5 minutes.
+                  type: number
+                  default: 5
+    AuthenticatorKeyEnum:
+      description: A human-readable string that identifies the Authenticator
+      type: string
+      enum:
+        - custom_app
+        - duo
+        - external_idp
+        - google_otp
+        - okta_email
+        - okta_password
+        - okta_verify
+        - onprem_mfa
+        - phone_number
+        - security_key
+        - security_question
+        - smart_card_idp
+        - symantec_vip
+        - webauthn
+        - yubikey_token
+    AuthenticatorKeyExternalIdp:
+      allOf:
+        - $ref: '#/components/schemas/AuthenticatorSimple'
+    AuthenticatorKeyGoogleOtp:
+      allOf:
+        - $ref: '#/components/schemas/AuthenticatorSimple'
+    AuthenticatorKeyOktaVerify:
+      allOf:
+        - $ref: '#/components/schemas/AuthenticatorSimple'
+        - type: object
+          properties:
+            settings:
+              type: object
+              properties:
+                channelBinding:
+                  $ref: '#/components/schemas/ChannelBinding'
+                compliance:
+                  $ref: '#/components/schemas/Compliance'
+                userVerification:
+                  $ref: '#/components/schemas/UserVerificationEnum'
+                appInstanceId:
+                  type: string
+                  description: The application instance ID
+    AuthenticatorKeyOnprem:
+      allOf:
+        - $ref: '#/components/schemas/AuthenticatorSimple'
+    AuthenticatorKeyPassword:
+      allOf:
+        - $ref: '#/components/schemas/AuthenticatorSimple'
+    AuthenticatorKeyPhone:
+      allOf:
+        - $ref: '#/components/schemas/AuthenticatorSimple'
+        - type: object
+          properties:
+            settings:
+              type: object
+              properties:
+                allowedFor:
+                  $ref: '#/components/schemas/AllowedForEnum'
+    AuthenticatorKeySecurityKey:
+      allOf:
+        - $ref: '#/components/schemas/AuthenticatorSimple'
+    AuthenticatorKeySecurityQuestion:
+      allOf:
+        - $ref: '#/components/schemas/AuthenticatorSimple'
+        - type: object
+          properties:
+            settings:
+              type: object
+              properties:
+                allowedFor:
+                  $ref: '#/components/schemas/AllowedForEnum'
+    AuthenticatorKeySmartCard:
+      allOf:
+        - $ref: '#/components/schemas/AuthenticatorSimple'
+    AuthenticatorKeySymantecVip:
+      allOf:
+        - $ref: '#/components/schemas/AuthenticatorSimple'
+    AuthenticatorKeyWebauthn:
+      allOf:
+        - $ref: '#/components/schemas/AuthenticatorSimple'
+    AuthenticatorKeyYubikey:
+      allOf:
+        - $ref: '#/components/schemas/AuthenticatorSimple'
     AuthenticatorLinks:
       allOf:
         - $ref: '#/components/schemas/LinksSelfAndLifecycle'
@@ -23367,7 +34206,6 @@ components:
               allOf:
                 - $ref: '#/components/schemas/HrefObject'
     AuthenticatorMethodAlgorithm:
-      description: The encryption algorithm for this authenticator method
       type: string
       enum:
         - ES256
@@ -23376,6 +34214,7 @@ components:
       type: object
       properties:
         status:
+          description: The status of the authenticator method
           $ref: '#/components/schemas/LifecycleStatus'
         type:
           $ref: '#/components/schemas/AuthenticatorMethodType'
@@ -23398,17 +34237,16 @@ components:
           duo: '#/components/schemas/AuthenticatorMethodWithVerifiableProperties'
           cert: '#/components/schemas/AuthenticatorMethodWithVerifiableProperties'
     AuthenticatorMethodConstraint:
-      description: |-
-        Limits the authenticators that can be used for a given method. Currently, only the `otp` method supports constraints, and Google authenticator (key : 'google_otp') is the only allowed authenticator.
+      description: 'Limits the authenticators that can be used for a given method. Currently, only the `otp` method supports constraints, and Google authenticator (key : ''google_otp'') is the only allowed authenticator.'
       type: object
       properties:
-        method:
-          enum:
-            - otp
         allowedAuthenticators:
           type: array
           items:
             $ref: '#/components/schemas/AuthenticatorIdentity'
+        method:
+          enum:
+            - otp
     AuthenticatorMethodOtp:
       allOf:
         - $ref: '#/components/schemas/AuthenticatorMethodWithVerifiableProperties'
@@ -23416,6 +34254,7 @@ components:
           properties:
             acceptableAdjacentIntervals:
               type: integer
+              description: The number of acceptable adjacent intervals, also known as the clock drift interval. This setting allows you to build in tolerance for any time difference between the token and the server. For example, with a `timeIntervalInSeconds` of 60 seconds and an `acceptableAdjacentIntervals` value of 5, Okta accepts passcodes within 300 seconds (60 * 5) before or after the end user enters their code.
               minimum: 0
               maximum: 10
             algorithm:
@@ -23424,15 +34263,14 @@ components:
               $ref: '#/components/schemas/OtpTotpEncoding'
             factorProfileId:
               type: string
+              description: The `id` value of the factor profile
+              example: aut1nd8PQhGcQtSxB0g4
             passCodeLength:
-              type: integer
-              minimum: 6
-              maximum: 10
-              multipleOf: 2
+              $ref: '#/components/schemas/OtpTotpPassCodeLength'
             protocol:
               $ref: '#/components/schemas/OtpProtocol'
             timeIntervalInSeconds:
-              type: integer
+              $ref: '#/components/schemas/OtpTotpTimeIntervalInSeconds'
     AuthenticatorMethodProperty:
       type: string
       enum:
@@ -23487,19 +34325,20 @@ components:
               type: object
               properties:
                 timeIntervalInSeconds:
-                  type: integer
+                  $ref: '#/components/schemas/OtpTotpTimeIntervalInSeconds'
                 encoding:
-                  type: string
+                  $ref: '#/components/schemas/OtpTotpEncoding'
                 algorithm:
-                  type: string
+                  $ref: '#/components/schemas/OtpTotpAlgorithm'
                 passCodeLength:
-                  type: integer
+                  $ref: '#/components/schemas/OtpTotpPassCodeLength'
     AuthenticatorMethodTransactionType:
       type: string
       enum:
         - CIBA
         - LOGIN
     AuthenticatorMethodType:
+      description: The type of authenticator method
       type: string
       enum:
         - cert
@@ -23523,6 +34362,11 @@ components:
             settings:
               type: object
               properties:
+                aaguidGroups:
+                  description: <x-lifecycle class="ea"></x-lifecycle> The FIDO2 AAGUID groups available to the WebAuthn authenticator
+                  type: array
+                  items:
+                    $ref: '#/components/schemas/AAGUIDGroupObject'
                 userVerification:
                   $ref: '#/components/schemas/UserVerificationEnum'
                 attachment:
@@ -23536,44 +34380,11 @@ components:
               type: array
               items:
                 $ref: '#/components/schemas/AuthenticatorMethodProperty'
-    AuthenticatorProvider:
-      properties:
-        configuration:
-          $ref: '#/components/schemas/AuthenticatorProviderConfiguration'
-        type:
-          type: string
-    AuthenticatorProviderConfiguration:
-      properties:
-        authPort:
-          type: integer
-        hostName:
-          type: string
-        instanceId:
-          type: string
-        sharedSecret:
-          type: string
-        userNameTemplate:
-          $ref: '#/components/schemas/AuthenticatorProviderConfigurationUserNameTemplate'
-    AuthenticatorProviderConfigurationUserNameTemplate:
-      properties:
-        template:
-          type: string
-    AuthenticatorSettings:
-      type: object
-      properties:
-        allowedFor:
-          $ref: '#/components/schemas/AllowedForEnum'
-        appInstanceId:
-          type: string
-        channelBinding:
-          $ref: '#/components/schemas/ChannelBinding'
-        compliance:
-          $ref: '#/components/schemas/Compliance'
-        tokenLifetimeInMinutes:
-          type: integer
-        userVerification:
-          $ref: '#/components/schemas/UserVerificationEnum'
+    AuthenticatorSimple:
+      allOf:
+        - $ref: '#/components/schemas/AuthenticatorBase'
     AuthenticatorType:
+      description: The type of Authenticator
       type: string
       enum:
         - app
@@ -23588,6 +34399,7 @@ components:
       properties:
         audiences:
           type: array
+          description: The recipients that the tokens are intended for. This becomes the `aud` claim in an access token. Okta currently supports only one audience.
           items:
             type: string
         created:
@@ -23598,29 +34410,46 @@ components:
           $ref: '#/components/schemas/AuthorizationServerCredentials'
         description:
           type: string
+          description: The description of the custom authorization server
         id:
           type: string
+          description: The ID of the custom authorization server
           readOnly: true
         issuer:
           type: string
+          description: The complete URL for the custom authorization server. This becomes the `iss` claim in an access token.
         issuerMode:
-          $ref: '#/components/schemas/IssuerMode'
+          type: string
+          description: |-
+            Indicates which value is specified in the issuer of the tokens that a custom authorization server returns: the Okta org domain URL or a custom domain URL.
+
+            `issuerMode` is visible if you have a custom URL domain configured or the Dynamic Issuer Mode feature enabled. If you have a custom URL domain configured, you can set a custom domain URL in a custom authorization server, and this property is returned in the appropriate responses.
+
+            When set to `ORG_URL`, then in responses, `issuer` is the Okta org domain URL: `https://${yourOktaDomain}`.
+
+            When set to `CUSTOM_URL`, then in responses, `issuer` is the custom domain URL configured in the administration user interface.
+
+            When set to `DYNAMIC`, then in responses, `issuer` is the custom domain URL if the OAuth 2.0 request was sent to the custom domain, or is the Okta org's domain URL if the OAuth 2.0 request was sent to the original Okta org domain.
+
+            After you configure a custom URL domain, all new custom authorization servers use `CUSTOM_URL` by default. If the Dynamic Issuer Mode feature is enabled, then all new custom authorization servers use `DYNAMIC` by default. All existing custom authorization servers continue to use the original value until they're changed using the Admin Console or the API. This way, existing integrations with the client and resource server continue to work after the feature is enabled.
         lastUpdated:
           type: string
           format: date-time
           readOnly: true
         name:
           type: string
+          description: The name of the custom authorization server
         status:
           $ref: '#/components/schemas/LifecycleStatus'
         _links:
-          $ref: '#/components/schemas/LinksSelf'
+          $ref: '#/components/schemas/AuthServerLinks'
     AuthorizationServerCredentials:
       type: object
       properties:
         signing:
           $ref: '#/components/schemas/AuthorizationServerCredentialsSigningConfig'
     AuthorizationServerCredentialsRotationMode:
+      description: The Key rotation mode for the authorization server
       type: string
       enum:
         - AUTO
@@ -23630,12 +34459,16 @@ components:
       properties:
         kid:
           type: string
+          description: The ID of the JSON Web Key used for signing tokens issued by the authorization server
+          readOnly: true
         lastRotated:
           type: string
+          description: The timestamp when the authorization server started using the `kid` for signing tokens
           format: date-time
           readOnly: true
         nextRotation:
           type: string
+          description: The timestamp when the authorization server changes the Key for signing tokens. This is only returned when `rotationMode` is set to `AUTO`.
           format: date-time
           readOnly: true
         rotationMode:
@@ -23643,16 +34476,62 @@ components:
         use:
           $ref: '#/components/schemas/AuthorizationServerCredentialsUse'
     AuthorizationServerCredentialsUse:
+      description: How the key is used
       type: string
       enum:
         - sig
+    AuthorizationServerJsonWebKey:
+      type: object
+      properties:
+        alg:
+          description: 'The algorithm used with the Key. Valid value: `RS256`'
+          type: string
+        e:
+          description: RSA key value (public exponent) for Key binding
+          type: string
+          readOnly: true
+        kid:
+          description: Unique identifier for the key
+          type: string
+          readOnly: true
+        kty:
+          description: 'Cryptographic algorithm family for the certificate''s keypair. Valid value: `RSA`'
+          type: string
+          readOnly: true
+        'n':
+          description: RSA modulus value that is used by both the public and private keys and provides a link between them
+          type: string
+        status:
+          description: |-
+            An `ACTIVE` Key is used to sign tokens issued by the authorization server. Supported values: `ACTIVE`, `NEXT`, or `EXPIRED`<br>
+            A `NEXT` Key is the next Key that the authorization server uses to sign tokens when Keys are rotated. The `NEXT` Key might not be listed if it hasn't been generated.
+            An `EXPIRED` Key is the previous Key that the authorization server used to sign tokens. The `EXPIRED` Key might not be listed if no Key has expired or the expired Key was deleted.
+          type: string
+        use:
+          description: 'Acceptable use of the key. Valid value: `sig`'
+          type: string
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
     AuthorizationServerPolicy:
       allOf:
-        - $ref: '#/components/schemas/Policy'
         - type: object
           properties:
             conditions:
-              $ref: '#/components/schemas/PolicyRuleConditions'
+              $ref: '#/components/schemas/AuthorizationServerPolicyConditions'
+    AuthorizationServerPolicyConditions:
+      type: object
+      properties:
+        clients:
+          $ref: '#/components/schemas/ClientPolicyCondition'
+    AuthorizationServerPolicyPeopleCondition:
+      description: Identifies Users and Groups that are used together
+      type: object
+      properties:
+        groups:
+          $ref: '#/components/schemas/AuthorizationServerPolicyRuleGroupCondition'
+        users:
+          $ref: '#/components/schemas/AuthorizationServerPolicyRuleUserCondition'
     AuthorizationServerPolicyRule:
       allOf:
         - $ref: '#/components/schemas/PolicyRule'
@@ -23670,18 +34549,38 @@ components:
             token:
               $ref: '#/components/schemas/TokenAuthorizationServerPolicyRuleAction'
     AuthorizationServerPolicyRuleConditions:
-      allOf:
-        - $ref: '#/components/schemas/PolicyRuleConditions'
-        - type: object
-          properties:
-            clients:
-              $ref: '#/components/schemas/ClientPolicyCondition'
-            grantTypes:
-              $ref: '#/components/schemas/GrantTypePolicyRuleCondition'
-            people:
-              $ref: '#/components/schemas/PolicyPeopleCondition'
-            scopes:
-              $ref: '#/components/schemas/OAuth2ScopesMediationPolicyRuleCondition'
+      type: object
+      properties:
+        grantTypes:
+          $ref: '#/components/schemas/GrantTypePolicyRuleCondition'
+        people:
+          $ref: '#/components/schemas/AuthorizationServerPolicyPeopleCondition'
+        scopes:
+          $ref: '#/components/schemas/OAuth2ScopesMediationPolicyRuleCondition'
+    AuthorizationServerPolicyRuleGroupCondition:
+      description: Specifies a set of Groups whose Users are to be included
+      type: object
+      properties:
+        include:
+          type: array
+          description: Groups to be included
+          items:
+            type: string
+    AuthorizationServerPolicyRuleUserCondition:
+      description: Specifies a set of Users to be included
+      type: object
+      properties:
+        include:
+          description: Users to be included
+          type: array
+          items:
+            type: string
+    AutoAssignAdminAppSetting:
+      description: The org setting that automatically assigns the Okta Admin Console when an admin role is assigned
+      type: object
+      properties:
+        autoAssignAdminAppSetting:
+          type: boolean
     AutoLoginApplication:
       allOf:
         - $ref: '#/components/schemas/Application'
@@ -23691,6 +34590,8 @@ components:
               $ref: '#/components/schemas/SchemeApplicationCredentials'
             name:
               type: string
+              description: A unique key is generated for the custom SWA app instance when you use AUTO_LOGIN `signOnMode`.
+              readOnly: true
             settings:
               $ref: '#/components/schemas/AutoLoginApplicationSettings'
     AutoLoginApplicationSettings:
@@ -23705,8 +34606,10 @@ components:
       properties:
         loginUrl:
           type: string
+          description: Primary URL of the sign-in page for this app
         redirectUrl:
           type: string
+          description: Secondary URL of the sign-in page for this app
     AutoUpdateSchedule:
       description: The schedule of auto-update configured by admin.
       type: object
@@ -23774,19 +34677,23 @@ components:
       properties:
         alias:
           type: string
-          description: A name to identify this configuration
+          description: Human-readable name for your SMTP server
+          example: CustomServer1
         enabled:
           type: boolean
-          description: True if and only if all email traffic should be routed through this SMTP Server
+          description: If `true`, routes all email traffic through your SMTP server
         host:
           type: string
-          description: The address of the SMTP Server
+          description: Hostname or IP address of your SMTP server
+          example: 192.168.160.1
         port:
           type: integer
-          description: The port number of the SMTP Server
+          description: Port number of your SMTP server
+          example: 587
         username:
           type: string
-          description: The username to use with your SMTP Server
+          description: Username used to access your SMTP server
+          example: aUser
     BasicApplicationSettings:
       allOf:
         - $ref: '#/components/schemas/ApplicationSettings'
@@ -23812,9 +34719,14 @@ components:
               $ref: '#/components/schemas/SchemeApplicationCredentials'
             name:
               type: string
-              default: template_basic_auth
+              description: '`template_basic_auth` is the key name for a basic authentication scheme app instance'
+              enum:
+                - template_basic_auth
             settings:
               $ref: '#/components/schemas/BasicApplicationSettings'
+          required:
+            - name
+            - settings
     BeforeScheduledActionPolicyRuleCondition:
       type: object
       properties:
@@ -23947,6 +34859,13 @@ components:
           properties:
             settings:
               $ref: '#/components/schemas/BehaviorRuleSettingsVelocity'
+    BindingMethod:
+      description: The method used to bind the out-of-band channel with the primary channel.
+      type: string
+      enum:
+        - none
+        - prompt
+        - transfer
     BookmarkApplication:
       x-okta-defined-as:
         name: bookmark
@@ -23958,9 +34877,14 @@ components:
               $ref: '#/components/schemas/ApplicationCredentials'
             name:
               type: string
-              default: bookmark
+              description: '`bookmark` is the key name for a Bookmark app'
+              enum:
+                - bookmark
             settings:
               $ref: '#/components/schemas/BookmarkApplicationSettings'
+          required:
+            - name
+            - settings
     BookmarkApplicationSettings:
       allOf:
         - $ref: '#/components/schemas/ApplicationSettings'
@@ -24001,24 +34925,33 @@ components:
       properties:
         agreeToCustomPrivacyPolicy:
           type: boolean
+          description: Consent for updating the custom privacy URL. Not required when resetting the URL.
         customPrivacyPolicyUrl:
           type: string
+          description: Custom privacy policy URL
+          default: null
         defaultApp:
           $ref: '#/components/schemas/DefaultApp'
         emailDomainId:
           type: string
+          description: The ID of the email domain
         id:
           readOnly: true
           type: string
+          description: The Brand ID
         isDefault:
           readOnly: true
           type: boolean
+          description: If `true`, the Brand is used for the Okta subdomain
         locale:
           $ref: '#/components/schemas/Language'
         name:
           type: string
+          description: The name of the Brand
         removePoweredByOkta:
           type: boolean
+          default: false
+          description: Removes "Powered by Okta" from the sign-in page in redirect authentication deployments, and "© [current year] Okta, Inc." from the Okta End-User Dashboard
     BrandDomains:
       title: BrandDomains
       items:
@@ -24029,18 +34962,26 @@ components:
       properties:
         agreeToCustomPrivacyPolicy:
           type: boolean
+          description: Consent for updating the custom privacy URL. Not required when resetting the URL.
         customPrivacyPolicyUrl:
           type: string
+          description: Custom privacy policy URL
         defaultApp:
           $ref: '#/components/schemas/DefaultApp'
         emailDomainId:
           type: string
+          description: The ID of the email domain
         locale:
           $ref: '#/components/schemas/Language'
         name:
           type: string
+          description: The name of the Brand
         removePoweredByOkta:
           type: boolean
+          default: false
+          description: Removes "Powered by Okta" from the sign-in page in redirect authentication deployments, and "© [current year] Okta, Inc." from the Okta End-User Dashboard
+      required:
+        - name
     BrandWithEmbedded:
       allOf:
         - $ref: '#/components/schemas/Brand'
@@ -24075,8 +35016,18 @@ components:
               $ref: '#/components/schemas/SchemeApplicationCredentials'
             name:
               type: string
+              description: The key name for the app definition
+              enum:
+                - template_swa
+                - template_swa3field
+              x-enumDescriptions:
+                template_swa: The key name for a SWA app instance that requires a browser plugin
+                template_swa3field: The key name for a SWA app instance that requires a browser plugin and supports three CSS selectors
             settings:
               $ref: '#/components/schemas/SwaApplicationSettings'
+          required:
+            - name
+            - settings
     BulkDeleteRequestBody:
       type: object
       properties:
@@ -24099,6 +35050,36 @@ components:
           type: array
           items:
             $ref: '#/components/schemas/IdentitySourceUserProfileForUpsert'
+    BundleEntitlement:
+      type: object
+      properties:
+        description:
+          type: string
+        id:
+          type: string
+        name:
+          type: string
+        role:
+          type: string
+        _links:
+          allOf:
+            - properties:
+                values:
+                  $ref: '#/components/schemas/HrefObject'
+    BundleEntitlementsResponse:
+      type: object
+      properties:
+        entitlements:
+          type: array
+          items:
+            $ref: '#/components/schemas/BundleEntitlement'
+        _links:
+          anyOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - $ref: '#/components/schemas/LinksNext'
+            - properties:
+                bundle:
+                  $ref: '#/components/schemas/HrefObject'
     CAPTCHAInstance:
       title: CAPTCHAInstance
       description: ''
@@ -24128,20 +35109,135 @@ components:
       enum:
         - HCAPTCHA
         - RECAPTCHA_V2
-    CallUserFactor:
-      allOf:
-        - $ref: '#/components/schemas/UserFactor'
-        - type: object
-          properties:
-            profile:
-              $ref: '#/components/schemas/CallUserFactorProfile'
-    CallUserFactorProfile:
+    CaepDeviceComplianceChangeEvent:
+      description: The subject's device compliance was revoked
       type: object
       properties:
-        phoneExtension:
+        current_status:
           type: string
-        phoneNumber:
+          description: Current device compliance status
+          enum:
+            - compliant
+            - not-compliant
+          example: non-compliant
+        event_timestamp:
+          type: integer
+          format: int64
+          description: The time of the event (UNIX timestamp)
+          example: 1702448550
+        initiating_entity:
+          type: string
+          description: The entity that initiated the event
+          enum:
+            - admin
+            - user
+            - policy
+            - system
+        previous_status:
+          type: string
+          description: Previous device compliance status
+          enum:
+            - compliant
+            - not-compliant
+        reason_admin:
+          allOf:
+            - $ref: '#/components/schemas/SecurityEventReason'
+            - type: object
+              description: A localized administrative message intended for logging and auditing.<br>Either `reason_admin` or `reason_user` is required.
+        reason_user:
+          allOf:
+            - $ref: '#/components/schemas/SecurityEventReason'
+            - type: object
+              description: A localized message intended for the end user.<br>Either `reason_admin` or `reason_user` is required.
+        subjects:
+          type: object
+          $ref: '#/components/schemas/SecurityEventSubject'
+      required:
+        - event_timestamp
+        - subjects
+        - current_status
+        - previous_status
+    CaepSecurityEvent:
+      type: object
+      properties:
+        event_timestamp:
+          type: integer
+          format: int64
+          description: The time of the event (UNIX timestamp)
+          example: 1702448550
+        initiating_entity:
+          type: string
+          description: The entity that initiated the event
+          enum:
+            - admin
+            - user
+            - policy
+            - system
+        reason_admin:
+          allOf:
+            - $ref: '#/components/schemas/SecurityEventReason'
+            - type: object
+              description: A localized administrative message intended for logging and auditing.<br>Either `reason_admin` or `reason_user` is required.
+        reason_user:
+          allOf:
+            - $ref: '#/components/schemas/SecurityEventReason'
+            - type: object
+              description: A localized message intended for the end user.<br>Either `reason_admin` or `reason_user` is required.
+        subjects:
+          type: object
+          $ref: '#/components/schemas/SecurityEventSubject'
+      required:
+        - event_timestamp
+        - subjects
+    CaepSessionRevokedEvent:
+      description: The session of the subject was revoked
+      type: object
+      properties:
+        current_ip:
+          type: string
+          description: Current IP of the session
+          example: 123.4.5.6
+        current_user_agent:
           type: string
+          description: Current User Agent of the session
+          example: CurrentUserAgent
+        event_timestamp:
+          type: integer
+          format: int64
+          description: The time of the event (UNIX timestamp)
+          example: 1702448550
+        initiating_entity:
+          type: string
+          description: The entity that initiated the event
+          enum:
+            - admin
+            - user
+            - policy
+            - system
+        last_known_ip:
+          type: string
+          description: Last known IP of the session
+          example: 123.4.5.6
+        last_known_user_agent:
+          type: string
+          description: Last known User Agent of the session
+          example: LastUserAgent
+        reason_admin:
+          allOf:
+            - $ref: '#/components/schemas/SecurityEventReason'
+            - type: object
+              description: A localized administrative message intended for logging and auditing.<br>Either `reason_admin` or `reason_user` is required.
+        reason_user:
+          allOf:
+            - $ref: '#/components/schemas/SecurityEventReason'
+            - type: object
+              description: A localized message intended for the end user.<br>Either `reason_admin` or `reason_user` is required.
+        subjects:
+          type: object
+          $ref: '#/components/schemas/SecurityEventSubject'
+      required:
+        - event_timestamp
+        - subjects
     CapabilitiesCreateObject:
       description: |
         Determines whether Okta assigns a new application account to each user managed by Okta.
@@ -24152,8 +35248,63 @@ components:
       properties:
         lifecycleCreate:
           $ref: '#/components/schemas/LifecycleCreateSettingObject'
+    CapabilitiesImportRulesObject:
+      description: Defines user import rules
+      type: object
+      properties:
+        userCreateAndMatch:
+          $ref: '#/components/schemas/CapabilitiesImportRulesUserCreateAndMatchObject'
+    CapabilitiesImportRulesUserCreateAndMatchObject:
+      description: Rules for matching and creating users
+      type: object
+      properties:
+        allowPartialMatch:
+          type: boolean
+          description: Allows user import upon partial matching. Partial matching occurs when the first and last names of an imported user match those of an existing Okta user, even if the username or email attributes don't match.
+        autoActivateNewUsers:
+          type: boolean
+          description: If set to `true`, imported new users are automatically activated.
+        autoConfirmExactMatch:
+          type: boolean
+          description: If set to `true`, exact-matched users are automatically confirmed on activation. If set to `false`, exact-matched users need to be confirmed manually.
+        autoConfirmNewUsers:
+          type: boolean
+          description: If set to `true`, imported new users are automatically confirmed on activation. This doesn't apply to imported users that already exist in Okta.
+        autoConfirmPartialMatch:
+          type: boolean
+          description: If set to `true`, partially matched users are automatically confirmed on activation. If set to `false`, partially matched users need to be confirmed manually.
+        exactMatchCriteria:
+          type: string
+          description: Determines the attribute to match users
+          enum:
+            - EMAIL
+            - USERNAME
+    CapabilitiesImportSettingsObject:
+      description: Defines import settings
+      type: object
+      properties:
+        schedule:
+          $ref: '#/components/schemas/ImportScheduleObject'
+        username:
+          $ref: '#/components/schemas/ImportUsernameObject'
+    CapabilitiesInboundProvisioningObject:
+      title: INBOUND_PROVISIONING
+      description: Defines the configuration for the INBOUND_PROVISIONING feature
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+      type: object
+      properties:
+        importRules:
+          $ref: '#/components/schemas/CapabilitiesImportRulesObject'
+        importSettings:
+          $ref: '#/components/schemas/CapabilitiesImportSettingsObject'
+      required:
+        - importSettings
+        - importRules
     CapabilitiesObject:
-      description: Defines the configurations related to an application feature
+      title: USER_PROVISIONING
+      description: Defines the configurations for the USER_PROVISIONING feature
       type: object
       properties:
         create:
@@ -24209,6 +35360,11 @@ components:
       enum:
         - ACTIVE
         - INACTIVE
+    ChallengeType:
+      type: string
+      enum:
+        - http://auth0.com/oauth/grant-type/mfa-oob
+        - http://auth0.com/oauth/grant-type/mfa-otp
     ChangeEnum:
       description: Determines whether a change in a user's password also updates the user's password in the application
       default: KEEP_EXISTING
@@ -24226,6 +35382,13 @@ components:
           $ref: '#/components/schemas/PasswordCredential'
         revokeSessions:
           type: boolean
+    Channel:
+      description: The out-of-band channel for use with authentication. Required for all `/oob-authenticate` requests and any `/challenge` request with an out-of-band authenticator.
+      type: string
+      enum:
+        - push
+        - sms
+        - voice
     ChannelBinding:
       type: object
       properties:
@@ -24233,26 +35396,126 @@ components:
           $ref: '#/components/schemas/RequiredEnum'
         style:
           type: string
+          enum:
+            - NUMBER_CHALLENGE
     ChromeBrowserVersion:
       description: Current version of the Chrome Browser
       type: object
       properties:
         minimum:
           type: string
-    ClientPolicyCondition:
+    Claim:
+      type: string
+    Client:
       type: object
+      properties:
+        application_type:
+          $ref: '#/components/schemas/ApplicationType'
+        client_id:
+          type: string
+          description: Unique key for the client application. The `client_id` is immutable. When you create a client Application, you can't specify the `client_id` because Okta uses the application ID for the `client_id`.
+          readOnly: true
+        client_id_issued_at:
+          type: integer
+          readOnly: true
+          description: Time at which the `client_id` was issued (measured in unix seconds)
+        client_name:
+          type: string
+          description: Human-readable string name of the client application
+        client_secret:
+          type: string
+          readOnly: true
+          description: OAuth 2.0 client secret string (used for confidential clients). The `client_secret` is shown only on the response of the creation or update of a client Application (and only if the `token_endpoint_auth_method` is one that requires a client secret). You can't specify the `client_secret`. If the `token_endpoint_auth_method` requires one, Okta generates a random `client_secret` for the client Application.
+          nullable: true
+        client_secret_expires_at:
+          type: integer
+          readOnly: true
+          description: Time at which the `client_secret` expires or 0 if it doesn't expire (measured in unix seconds)
+          minimum: 0
+          nullable: true
+        frontchannel_logout_session_required:
+          type: boolean
+          description: Include user session details
+        frontchannel_logout_uri:
+          type: string
+          description: URL where Okta sends the logout request
+          nullable: true
+        grant_types:
+          type: array
+          description: 'Array of OAuth 2.0 grant type strings. Default value: `[authorization_code]`'
+          items:
+            $ref: '#/components/schemas/GrantType'
+        initiate_login_uri:
+          type: string
+          description: URL that a third party can use to initiate a login by the client
+        jwks_uri:
+          type: string
+          description: URL string that references a [JSON Web Key Set](https://tools.ietf.org/html/rfc7517#section-5) for validating JWTs presented to Okta
+        logo_uri:
+          type: string
+          description: URL string that references a logo for the client consent dialog (not the sign-in dialog)
+          nullable: true
+        policy_uri:
+          type: string
+          description: URL string of a web page providing the client's policy document
+          nullable: true
+        post_logout_redirect_uris:
+          type: string
+          description: Array of redirection URI strings for use for relying party initiated logouts
+          items:
+            type: string
+        redirect_uris:
+          type: array
+          description: 'Array of redirection URI strings for use in redirect-based flows. All redirect URIs must be absolute URIs and must not include a fragment component. At least one redirect URI and response type is required for all client types, with the following exceptions: If the client uses the Resource Owner Password flow (if `grant_type` contains the value password) or the Client Credentials flow (if `grant_type` contains the value `client_credentials`), then no redirect URI or response type is necessary. In these cases, you can pass either null or an empty array for these attributes.'
+          items:
+            type: string
+        request_object_signing_alg:
+          type: array
+          description: The type of [JSON Web Key Set](https://tools.ietf.org/html/rfc7517#section-5) algorithm that must be used for signing request objects
+          items:
+            $ref: '#/components/schemas/SigningAlgorithm'
+        response_types:
+          type: array
+          description: 'Array of OAuth 2.0 response type strings. Default value: `[code]`'
+          items:
+            $ref: '#/components/schemas/ResponseType'
+        token_endpoint_auth_method:
+          $ref: '#/components/schemas/EndpointAuthMethod'
+        tos_uri:
+          type: string
+          description: URL string of a web page providing the client's terms of service document
+          nullable: true
+    ClientPolicyCondition:
       description: Specifies which clients are included in the Policy
+      type: object
       properties:
         include:
           type: array
           description: Which clients are included in the Policy
           items:
             type: string
+    ClientPrivilegesSetting:
+      description: The org setting that assigns the super admin role by default to a public client app
+      type: object
+      properties:
+        clientPrivilegesSetting:
+          type: boolean
+    CodeChallengeMethod:
+      type: string
+      enum:
+        - S256
     Compliance:
       type: object
       properties:
         fips:
           $ref: '#/components/schemas/FipsEnum'
+    Conditions:
+      type: object
+      properties:
+        expression:
+          $ref: '#/components/schemas/Expression'
+        profileSourceId:
+          type: string
     ContentSecurityPolicySetting:
       type: object
       properties:
@@ -24274,12 +35537,96 @@ components:
           properties:
             expression:
               type: string
+    ContinuousAccessFailureActionsObject:
+      type: object
+      properties:
+        action:
+          type: string
+          enum:
+            - RUN_WORKFLOW
+            - TERMINATE_SESSION
+      discriminator:
+        propertyName: action
+        mapping:
+          RUN_WORKFLOW: '#/components/schemas/ContinuousAccessPolicyRuleRunWorkflow'
+          TERMINATE_SESSION: '#/components/schemas/ContinuousAccessPolicyRuleTerminateSession'
+    ContinuousAccessPolicy:
+      allOf:
+        - $ref: '#/components/schemas/Policy'
+        - type: object
+          properties:
+            conditions:
+              type: string
+              description: Policy conditions aren't supported for this policy type.
+              default: null
+              nullable: true
+    ContinuousAccessPolicyRule:
+      allOf:
+        - $ref: '#/components/schemas/PolicyRule'
+        - type: object
+          properties:
+            actions:
+              type: object
+              description: The action to take in response to a failure of the reevaluated global session policy or authentication polices.
+              properties:
+                continuousAccess:
+                  type: object
+                  description: This object contains a `failureActions` array that defines the specific action to take when Continuous Access evaluation detects a failure.
+                  properties:
+                    failureActions:
+                      type: array
+                      description: An array of objects that define the action. It can be empty or contain two `action` value pairs.
+                      items:
+                        $ref: '#/components/schemas/ContinuousAccessFailureActionsObject'
+            conditions:
+              type: object
+              properties:
+                people:
+                  $ref: '#/components/schemas/PolicyPeopleCondition'
+    ContinuousAccessPolicyRuleRunWorkflow:
+      type: object
+      properties:
+        action:
+          type: string
+          enum:
+            - RUN_WORKFLOW
+        workflow:
+          type: object
+          description: This action runs a workflow
+          properties:
+            id:
+              type: integer
+              description: The `id` of the workflow that runs.
+    ContinuousAccessPolicyRuleTerminateSession:
+      type: object
+      properties:
+        action:
+          type: string
+          description: The action to take when Continuous Access evaluation detects a failure.
+          enum:
+            - TERMINATE_SESSION
+        slo:
+          type: object
+          properties:
+            appSelectionMode:
+              description: This property defines the session to terminate - everyone, no one, or a specific app instance.
+              type: string
+              enum:
+                - SPECIFIC
+                - ALL
+                - NONE
+            appInstanceIds:
+              type: array
+              description: This property defines the app instance access to terminate. Only include this property when `appSelectionMode` is set to `SPECIFIC`.
+              items:
+                type: string
     CreateBrandRequest:
       title: CreateBrandRequest
       type: object
       properties:
         name:
           type: string
+          description: The name of the Brand
       required:
         - name
     CreateIamRoleRequest:
@@ -24293,13 +35640,29 @@ components:
           description: Unique label for the role
         permissions:
           type: array
-          description: Array of permissions that the role will grant. See [Permission Types](https://developer.okta.com/docs/concepts/role-assignment/#permission-types).
+          description: Array of permissions that the role will grant. See [Permissions](/openapi/okta-management/guides/roles/#permission).
           items:
             $ref: '#/components/schemas/RolePermissionType'
       required:
         - label
         - description
         - permissions
+    CreateRealmAssignmentRequest:
+      type: object
+      properties:
+        actions:
+          $ref: '#/components/schemas/Actions'
+        conditions:
+          $ref: '#/components/schemas/Conditions'
+        name:
+          type: string
+        priority:
+          type: integer
+    CreateRealmRequest:
+      type: object
+      properties:
+        profile:
+          $ref: '#/components/schemas/RealmProfile'
     CreateResourceSetRequest:
       type: object
       properties:
@@ -24308,9 +35671,11 @@ components:
           description: Description of the Resource Set
         label:
           type: string
-          description: Unique label for the Resource Set
+          description: Unique name for the Resource Set
         resources:
           type: array
+          description: The endpoint (URL) that references all resource objects included in the Resource Set. Resources are identified by either an Okta Resource Name (ORN) or by a REST URL format. See [Okta Resource Name](/openapi/okta-management/guides/roles/#okta-resource-name-orn).
+          maximum: 1000
           items:
             type: string
     CreateSessionRequest:
@@ -24324,8 +35689,6 @@ components:
       type: object
       properties:
         uiSchema:
-          type: object
-          description: Updated schema property expressions (Okta object or App Instance object)
           $ref: '#/components/schemas/UISchemaObject'
     CreateUpdateIamRolePermissionRequest:
       type: object
@@ -24345,22 +35708,43 @@ components:
           $ref: '#/components/schemas/UserProfile'
         realmId:
           type: string
-          description: The ID of the realm in which the user is residing
+          description: <div class="x-lifecycle-container"><x-lifecycle class="ea"></x-lifecycle></div>The ID of the Realm in which the user is residing
           example: guo1bfiNtSnZYILxO0g4
           x-okta-lifecycle:
-            features:
-              - UD_REALMS
+            lifecycle: EA
+            isGenerallyAvailable: false
+            SKUs: []
         type:
-          $ref: '#/components/schemas/UserType'
+          type: object
+          description: |-
+            The ID of the user type. Add this value if you want to create a user with a non-default [user type](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/UserType/).
+            The user type determines which [schema](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Schema/) applies to that user. After a user has been created, the user can 
+            only be assigned a different user type by an administrator through a full replacement (`PUT`) operation.
+          properties:
+            id:
+              type: string
+              description: The ID of the user type
       required:
         - profile
+    CredentialSyncState:
+      description: Current credential sync status of the privileged resource
+      type: string
+      enum:
+        - NOT_SYNCED
+        - SYNCED
+        - SYNCING
+        - SYNC_FAILED
+      x-enumDescriptions:
+        NOT_SYNCED: Credentials are not yet synced
+        SYNCING: Credentials are currently being synced
+        SYNCED: Credentials are successfully synced
+        SYNC_FAILED: Credential sync failed
+      readOnly: true
     Csr:
       type: object
       properties:
         created:
-          type: string
-          format: date-time
-          readOnly: true
+          $ref: '#/components/schemas/createdProperty'
         csr:
           type: string
           readOnly: true
@@ -24399,25 +35783,32 @@ components:
           type: array
           items:
             type: string
-    CustomHotpUserFactor:
-      allOf:
-        - $ref: '#/components/schemas/UserFactor'
-        - type: object
-          properties:
-            factorProfileId:
-              type: string
-            profile:
-              $ref: '#/components/schemas/CustomHotpUserFactorProfile'
-    CustomHotpUserFactorProfile:
+    CustomAppUserVerificationEnum:
+      description: User verification setting
+      type: string
+      enum:
+        - PREFERRED
+        - REQUIRED
+    CustomRoleAssignmentSchema:
       type: object
       properties:
-        sharedSecret:
+        resource-set:
+          type: string
+          description: Resource Set ID
+        role:
           type: string
+          description: Custom Role ID
+        type:
+          type: string
+          description: Standard role type
+          enum:
+            - CUSTOM
     CustomizablePage:
       type: object
       properties:
         pageContent:
           type: string
+          description: The HTML for the page
     DNSRecord:
       description: DNS TXT and CNAME records to be registered for the Domain
       type: object
@@ -24462,16 +35853,19 @@ components:
         deviceEnrollmentDomain:
           description: Enrollment domain of the customer that is currently managing the device
           type: string
-        diskEnrypted:
+        diskEncrypted:
           description: Indicates whether the main disk is encrypted
           type: boolean
         keyTrustLevel:
           $ref: '#/components/schemas/KeyTrustLevelOSMode'
+        managedDevice:
+          description: Indicates whether the device is enrolled in ChromeOS device management
+          type: boolean
         osFirewall:
           description: Indicates whether a firewall is enabled at the OS-level on the device
           type: boolean
         osVersion:
-          $ref: '#/components/schemas/OSVersion'
+          $ref: '#/components/schemas/OSVersionFourComponents'
         passwordProtectionWarningTrigger:
           $ref: '#/components/schemas/PasswordProtectionWarningTrigger'
         realtimeUrlCheckMode:
@@ -24500,7 +35894,7 @@ components:
         deviceEnrollmentDomain:
           description: Enrollment domain of the customer that is currently managing the device
           type: string
-        diskEnrypted:
+        diskEncrypted:
           description: Indicates whether the main disk is encrypted
           type: boolean
         keyTrustLevel:
@@ -24509,7 +35903,7 @@ components:
           description: Indicates whether a firewall is enabled at the OS-level on the device
           type: boolean
         osVersion:
-          $ref: '#/components/schemas/OSVersion'
+          $ref: '#/components/schemas/OSVersionThreeComponents'
         passwordProtectionWarningTrigger:
           $ref: '#/components/schemas/PasswordProtectionWarningTrigger'
         realtimeUrlCheckMode:
@@ -24544,7 +35938,7 @@ components:
         deviceEnrollmentDomain:
           description: Enrollment domain of the customer that is currently managing the device
           type: string
-        diskEnrypted:
+        diskEncrypted:
           description: Indicates whether the main disk is encrypted
           type: boolean
         keyTrustLevel:
@@ -24553,7 +35947,7 @@ components:
           description: Indicates whether a firewall is enabled at the OS-level on the device
           type: boolean
         osVersion:
-          $ref: '#/components/schemas/OSVersion'
+          $ref: '#/components/schemas/OSVersionFourComponents'
         passwordProtectionWarningTrigger:
           $ref: '#/components/schemas/PasswordProtectionWarningTrigger'
         realtimeUrlCheckMode:
@@ -24584,10 +35978,24 @@ components:
       properties:
         appInstanceId:
           type: string
+          description: ID for the App instance
         appLinkName:
           type: string
+          description: Name for the app instance
         classicApplicationUri:
           type: string
+          description: Application URI for classic Orgs
+    DetectedRiskEvents:
+      type: string
+      enum:
+        - ADMIN_REPORTED_USER_RISK
+        - BRUTE_FORCE_ATTACK
+        - ENTITY_CRITICAL_ACTION_FROM_HIGH_THREAT_IP
+        - OKTA_THREAT_INTELLIGENCE
+        - SECURITY_EVENTS_PROVIDER_REPORTED_RISK
+        - SESSION_INFLUENCED_USER_RISK
+        - SUSPICIOUS_APP_ACCESS
+        - USER_REPORTED_SUSPICIOUS_ACTIVITY
     Device:
       type: object
       properties:
@@ -24629,19 +36037,12 @@ components:
         - $ref: '#/components/schemas/DevicePolicyRuleCondition'
         - type: object
           properties:
+            assurance:
+              $ref: '#/components/schemas/DevicePolicyRuleConditionAssurance'
             managed:
               type: boolean
             registered:
               type: boolean
-            assurance:
-              $ref: '#/components/schemas/DevicePolicyRuleConditionAssurance'
-    DevicePolicyRuleConditionAssurance:
-      type: object
-      properties:
-        include:
-          type: array
-          items:
-            type: string
     DeviceAssurance:
       title: DeviceAssurance
       type: object
@@ -24655,10 +36056,10 @@ components:
         id:
           type: string
           readOnly: true
-        lastUpdatedBy:
+        lastUpdate:
           type: string
           readOnly: true
-        lastUpdatedDate:
+        lastUpdatedBy:
           type: string
           readOnly: true
         name:
@@ -24687,7 +36088,7 @@ components:
                 include:
                   type: array
                   items:
-                    $ref: '#/components/schemas/DiskEncryptionType'
+                    $ref: '#/components/schemas/DiskEncryptionTypeAndroid'
             jailbreak:
               type: boolean
             osVersion:
@@ -24703,8 +36104,9 @@ components:
               type: boolean
     DeviceAssuranceChromeOSPlatform:
       x-okta-lifecycle:
-        features:
-          - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+        lifecycle: GA
+        isGenerallyAvailable: false
+        SKUs: []
       allOf:
         - $ref: '#/components/schemas/DeviceAssurance'
         - type: object
@@ -24720,13 +36122,6 @@ components:
         - $ref: '#/components/schemas/DeviceAssurance'
         - type: object
           properties:
-            diskEncryptionType:
-              type: object
-              properties:
-                include:
-                  type: array
-                  items:
-                    $ref: '#/components/schemas/DiskEncryptionType'
             jailbreak:
               type: boolean
             osVersion:
@@ -24738,8 +36133,6 @@ components:
                   type: array
                   items:
                     $ref: '#/components/schemas/ScreenLockType'
-            secureHardwarePresent:
-              type: boolean
     DeviceAssuranceMacOSPlatform:
       allOf:
         - $ref: '#/components/schemas/DeviceAssurance'
@@ -24751,9 +36144,7 @@ components:
                 include:
                   type: array
                   items:
-                    $ref: '#/components/schemas/DiskEncryptionType'
-            jailbreak:
-              type: boolean
+                    $ref: '#/components/schemas/DiskEncryptionTypeDesktop'
             osVersion:
               $ref: '#/components/schemas/OSVersion'
             screenLockType:
@@ -24767,8 +36158,9 @@ components:
               type: boolean
             thirdPartySignalProviders:
               x-okta-lifecycle:
-                features:
-                  - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+                lifecycle: GA
+                isGenerallyAvailable: false
+                SKUs: []
               type: object
               description: Settings for third-party signal providers (based on the `MACOS` platform)
               properties:
@@ -24785,11 +36177,27 @@ components:
                 include:
                   type: array
                   items:
-                    $ref: '#/components/schemas/DiskEncryptionType'
-            jailbreak:
-              type: boolean
+                    $ref: '#/components/schemas/DiskEncryptionTypeDesktop'
             osVersion:
-              $ref: '#/components/schemas/OSVersion'
+              $ref: '#/components/schemas/OSVersionFourComponents'
+            osVersionConstraints:
+              x-okta-lifecycle:
+                lifecycle: EA
+                isGenerallyAvailable: false
+                SKUs: []
+              type: array
+              description: |
+                <div class="x-lifecycle-container"><x-lifecycle class="ea"></x-lifecycle></div>Specifies the Windows version requirements for the assurance policy. Each requirement must correspond to a different major version (Windows 11 or Windows 10). If a requirement isn't specified for a major version, then devices on that major version satisfy the condition.
+
+                There are two types of OS requirements:
+                * **Static**: A specific Windows version requirement that doesn't change until you update the policy. A static OS Windows requirement is specified with `majorVersionConstraint` and `minimum`.
+                * **Dynamic**: A Windows version requirement that is relative to the latest major release and security patch. A dynamic OS Windows requirement is specified with `majorVersionConstraint` and `dynamicVersionRequirement`.
+
+                > **Note:** Dynamic OS requirements are available only if the **Dynamic OS version compliance** [self-service EA](/openapi/okta-management/guides/release-lifecycle/#early-access-ea) feature is enabled. The `osVersionConstraints` property is only supported for the Windows platform. You can't specify both `osVersion.minimum` and `osVersionConstraints` properties at the same time.
+              items:
+                $ref: '#/components/schemas/OSVersionConstraint'
+              minItems: 1
+              maxItems: 2
             screenLockType:
               type: object
               properties:
@@ -24801,8 +36209,9 @@ components:
               type: boolean
             thirdPartySignalProviders:
               x-okta-lifecycle:
-                features:
-                  - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+                lifecycle: GA
+                isGenerallyAvailable: false
+                SKUs: []
               type: object
               description: Settings for third-party signal providers (based on the `WINDOWS` platform)
               properties:
@@ -24816,6 +36225,20 @@ components:
           type: boolean
         value:
           type: string
+    DeviceList:
+      allOf:
+        - $ref: '#/components/schemas/Device'
+        - properties:
+            _embedded:
+              type: object
+              description: List of associated users for the device if the `expand=user` query parameter is specified in the request. Use `expand=userSummary` to get only a summary of each associated user for the device.
+              properties:
+                users:
+                  description: Users for the device
+                  type: array
+                  items:
+                    $ref: '#/components/schemas/DeviceUser'
+              readOnly: true
     DevicePlatform:
       description: OS platform of the device
       type: string
@@ -24848,6 +36271,13 @@ components:
           type: boolean
         trustLevel:
           $ref: '#/components/schemas/DevicePolicyTrustLevel'
+    DevicePolicyRuleConditionAssurance:
+      type: object
+      properties:
+        include:
+          type: array
+          items:
+            type: string
     DevicePolicyRuleConditionPlatform:
       type: object
       properties:
@@ -24916,7 +36346,7 @@ components:
           maxLength: 256
         tpmPublicKeyHash:
           type: string
-          description: Windows Trsted Platform Module hash value
+          description: Windows Trusted Platform Module hash value
         udid:
           type: string
           description: macOS Unique Device identifier of the device
@@ -24963,14 +36393,14 @@ components:
         user:
           $ref: '#/components/schemas/User'
     DigestAlgorithm:
+      description: Algorithm used to generate the key. Only required for the PBKDF2 algorithm.
       type: string
       enum:
         - SHA256_HMAC
         - SHA512_HMAC
-    DiskEncryptionType:
+    DiskEncryptionTypeAndroid:
       type: string
       enum:
-        - ALL_INTERNAL_VOLUMES
         - FULL
         - USER
     DiskEncryptionTypeDef:
@@ -24990,6 +36420,10 @@ components:
         USER: Encryption key is tied to the user or profile. Only applicable to `ANDROID` platform.
         ALL_INTERNAL_VOLUMES: All internal disks are encrypted. Only applicable to `WINDOWS` and `MACOS` platforms.
         SYSTEM_VOLUME: Only the system volume is encrypted. Only applicable to `WINDOWS` and `MACOS` platforms.
+    DiskEncryptionTypeDesktop:
+      type: string
+      enum:
+        - ALL_INTERNAL_VOLUMES
     DomainCertificate:
       description: Defines the properties of the certificate
       type: object
@@ -25122,15 +36556,92 @@ components:
           type: integer
         unit:
           type: string
+    DynamicNetworkZone:
+      allOf:
+        - $ref: '#/components/schemas/NetworkZone'
+        - title: Dynamic Network Zone
+        - type: object
+          properties:
+            asns:
+              allOf:
+                - $ref: '#/components/schemas/NetworkZoneAsns'
+                - description: An array of ASNs for a Network Zone
+            proxyType:
+              type: string
+              description: The proxy type used for a Dynamic Network Zone
+              enum:
+                - 'null'
+                - Any
+                - Tor
+                - NotTorAnonymizer
+              x-enumDescriptions:
+                'null': (Or `""`) No proxy used
+                Any: Use any proxy type for the Dynamic Zone.
+                Tor: Use Tor Anonymizer proxy for the Dynamic Zone.
+                NotTorAnonymizer: Use a non Tor Anonymizer proxy for the Dynamic Zone.
+            locations:
+              allOf:
+                - $ref: '#/components/schemas/NetworkZoneLocationArray'
+                - description: An array of geolocations for a Dynamic Network Zone
+    ECKeyJWK:
+      description: Elliptic Curve Key in JWK format, currently used during enrollment to encrypt fulfillment requests to Yubico, or during activation to verify Yubico's JWS objects in fulfillment responses. The currently agreed protocol uses P-384.
+      type: object
+      properties:
+        crv:
+          type: string
+          enum:
+            - P-384
+        kid:
+          type: string
+          description: The unique identifier of the key
+        kty:
+          type: string
+          enum:
+            - EC
+          description: The type of public key
+        use:
+          type: string
+          description: The intended use for the key. The ECKeyJWK is always `enc` because Okta uses it to encrypt requests to Yubico.
+          enum:
+            - enc
+        x:
+          type: string
+          description: The public x coordinate for the elliptic curve point
+        'y':
+          type: string
+          description: The public y coordinate for the elliptic curve point
+      required:
+        - x
+        - 'y'
+        - kty
+        - crv
+        - use
+        - kid
     EmailContent:
       type: object
       properties:
         body:
           type: string
-          description: The email's HTML body. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
+          description: |
+            The HTML body of the email. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references). 
+
+            <x-lifecycle class="ea"></x-lifecycle> Not required if Custom languages for Okta Email Templates is enabled. A `null` body is replaced with a default value from one of the following in priority order:
+
+            1. An existing default email customization, if one exists
+            2. Okta-provided translated content for the specified language, if one exists
+            3. Okta-provided translated content for the brand locale, if it's set 
+            4. Okta-provided content in English
         subject:
           type: string
-          description: The email's subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
+          description: |
+            The email subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
+
+            <x-lifecycle class="ea"></x-lifecycle> Not required if Custom languages for Okta Email Templates is enabled. A `null` subject is replaced with a default value from one of the following in priority order:
+
+            1. An existing default email customization, if one exists
+            2. Okta-provided translated content for the specified language, if one exists
+            3. Okta-provided translated content for the brand locale, if it's set
+            4. Okta-provided content in English
       required:
         - subject
         - body
@@ -25197,6 +36708,10 @@ components:
           type: string
         domain:
           type: string
+        validationSubdomain:
+          type: string
+          description: Subdomain for the email sender's custom mail domain. Specify your subdomain when you configure a custom mail domain.
+          default: mail
       required:
         - domain
         - brandId
@@ -25229,6 +36744,10 @@ components:
           type: string
         validationStatus:
           $ref: '#/components/schemas/EmailDomainStatus'
+        validationSubdomain:
+          type: string
+          description: The subdomain for the email sender's custom mail domain
+          default: mail
     EmailDomainResponseWithEmbedded:
       allOf:
         - $ref: '#/components/schemas/EmailDomainResponse'
@@ -25295,13 +36814,14 @@ components:
         - properties:
             password:
               type: string
-              description: The password to use with your SMTP server
+              description: Password used to access your SMTP server
     EmailServerResponse:
       allOf:
         - $ref: '#/components/schemas/BaseEmailServer'
         - properties:
             id:
               type: string
+              description: ID of your SMTP server
     EmailSettings:
       type: object
       properties:
@@ -25313,7 +36833,24 @@ components:
             - NO_USERS
       required:
         - recipients
-    EmailTemplate:
+    EmailSettingsResponse:
+      type: object
+      properties:
+        recipients:
+          type: string
+          enum:
+            - ALL_USERS
+            - ADMINS_ONLY
+            - NO_USERS
+        _links:
+          allOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - properties:
+                self:
+                  $ref: '#/components/schemas/HrefObject'
+                template:
+                  $ref: '#/components/schemas/HrefObject'
+    EmailTemplateResponse:
       type: object
       properties:
         name:
@@ -25324,7 +36861,7 @@ components:
           type: object
           properties:
             settings:
-              $ref: '#/components/schemas/EmailSettings'
+              $ref: '#/components/schemas/EmailSettingsResponse'
             customizationCount:
               type: integer
           readOnly: true
@@ -25341,34 +36878,30 @@ components:
                 test:
                   $ref: '#/components/schemas/HrefObject'
     EmailTemplateTouchPointVariant:
+      description: |
+        Variant for email templates. You can publish a theme for email templates with different combinations of assets. Variants are preset combinations of those assets.
+      default: OKTA_DEFAULT
       type: string
       enum:
         - FULL_THEME
         - OKTA_DEFAULT
+      x-enumDescriptions:
+        FULL_THEME: Uses the Okta logo and Okta colors in email templates
+        OKTA_DEFAULT: Uses the logo from the Theme. Uses `primaryColorHex` as the background color for buttons.
     EmailTestAddresses:
       type: object
       properties:
         from:
           type: string
-          description: An email address to send the test email from
+          description: Email address that sends test emails
+          example: sender@host.com
         to:
           type: string
-          description: An email address to send the test email to
+          description: Email address that receives test emails
+          example: receiver@host.com
       required:
         - from
         - to
-    EmailUserFactor:
-      allOf:
-        - $ref: '#/components/schemas/UserFactor'
-        - type: object
-          properties:
-            profile:
-              $ref: '#/components/schemas/EmailUserFactorProfile'
-    EmailUserFactorProfile:
-      type: object
-      properties:
-        email:
-          type: string
     EnabledStatus:
       description: Setting status
       type: string
@@ -25376,12 +36909,301 @@ components:
         - DISABLED
         - ENABLED
     EndUserDashboardTouchPointVariant:
+      description: |
+        Variant for the Okta End-User Dashboard. You can publish a theme for end-user dashboard with different combinations of assets. Variants are preset combinations of those assets.
+      default: OKTA_DEFAULT
       type: string
       enum:
         - FULL_THEME
         - LOGO_ON_FULL_WHITE_BACKGROUND
         - OKTA_DEFAULT
         - WHITE_LOGO_BACKGROUND
+      x-enumDescriptions:
+        FULL_THEME: Uses the logo and favicon from the Theme. Uses `primaryColorHex` for the logo and the side navigation bar background color.
+        LOGO_ON_FULL_WHITE_BACKGROUND: Uses the logo and favicon from the Theme. Uses white background color for the logo and the side navigation bar background color.
+        OKTA_DEFAULT: Uses the Okta logo and favicon. Uses a white background color for the logo and the side navigation bar background color.
+        WHITE_LOGO_BACKGROUND: Uses the logo and favicon from the Theme, with a white background color for the logo. Uses `primaryColorHex` for the side navigation bar background color.
+    EndpointAuthMethod:
+      description: Requested authentication method for OAuth 2.0 endpoints.
+      type: string
+      enum:
+        - client_secret_basic
+        - client_secret_jwt
+        - client_secret_post
+        - none
+        - private_key_jwt
+    EnhancedDynamicNetworkZone:
+      allOf:
+        - $ref: '#/components/schemas/NetworkZone'
+        - title: Enhanced Dynamic Network Zone
+        - type: object
+          x-okta-lifecycle:
+            lifecycle: EA
+            isGenerallyAvailable: false
+            SKUs: []
+          properties:
+            asns:
+              x-okta-lifecycle:
+                lifecycle: EA
+                isGenerallyAvailable: false
+                SKUs: []
+              type: object
+              description: <div class="x-lifecycle-container"><x-lifecycle class="ea"></x-lifecycle></div>The list of ASNs associated with an Enhanced Dynamic Network Zone
+              properties:
+                include:
+                  allOf:
+                    - $ref: '#/components/schemas/NetworkZoneAsns'
+                    - description: An array of ASNs to include for an Enhanced Dynamic Network Zone
+            locations:
+              x-okta-lifecycle:
+                lifecycle: EA
+                isGenerallyAvailable: false
+                SKUs: []
+              type: object
+              description: <div class="x-lifecycle-container"><x-lifecycle class="ea"></x-lifecycle></div>The list of geolocations to include or exclude for an Enhanced Dynamic Network Zone
+              properties:
+                include:
+                  allOf:
+                    - $ref: '#/components/schemas/NetworkZoneLocationArray'
+                    - description: An array of geolocations to include for an Enhanced Dynamic Network Zone
+                exclude:
+                  allOf:
+                    - $ref: '#/components/schemas/NetworkZoneLocationArray'
+                    - description: An array of geolocations to exclude for an Enhanced Dynamic Network Zone
+            ipServiceCategories:
+              x-okta-lifecycle:
+                lifecycle: EA
+                isGenerallyAvailable: false
+                SKUs: []
+              type: object
+              description: <div class="x-lifecycle-container"><x-lifecycle class="ea"></x-lifecycle></div>IP services, such as a proxy or VPN, to include or exclude for an Enhanced Dynamic Network Zone
+              properties:
+                include:
+                  type: array
+                  description: IP services to include for an Enhanced Dynamic Network Zone
+                  items:
+                    $ref: '#/components/schemas/IPServiceCategory'
+                  maximum: 75
+                exclude:
+                  type: array
+                  description: IP services to exclude for an Enhanced Dynamic Network Zone
+                  items:
+                    $ref: '#/components/schemas/IPServiceCategory'
+                  maximum: 75
+    EnrollmentActivationRequest:
+      description: Enrollment Initialization Request
+      type: object
+      properties:
+        credResponses:
+          description: List of credential responses from the fulfillment provider
+          type: array
+          items:
+            $ref: '#/components/schemas/WebAuthnCredResponse'
+        fulfillmentProvider:
+          description: Name of the fulfillment provider for the WebAuthn Preregistration Factor
+          type: string
+          enum:
+            - yubico
+        pinResponseJwe:
+          description: Encrypted JWE of PIN response from the fulfillment provider
+          type: string
+        serial:
+          description: Serial number of the YubiKey
+          type: string
+        userId:
+          description: ID of an existing Okta user
+          type: string
+        version:
+          description: Firmware version of the YubiKey
+          type: string
+        yubicoSigningJwks:
+          description: List of usable signing keys from Yubico (in JWKS format) used to verify the JWS inside the JWE
+          type: array
+          items:
+            $ref: '#/components/schemas/ECKeyJWK'
+    EnrollmentActivationResponse:
+      description: Enrollment Initialization Response
+      type: object
+      properties:
+        authenticatorEnrollmentIds:
+          description: List of IDs for preregistered WebAuthn Factors in Okta
+          type: array
+          items:
+            type: string
+        fulfillmentProvider:
+          description: Name of the fulfillment provider for the WebAuthn Preregistration Factor
+          type: string
+          enum:
+            - yubico
+        userId:
+          description: ID of an existing Okta user
+          type: string
+    EnrollmentInitializationRequest:
+      description: Enrollment Initialization Request
+      type: object
+      properties:
+        enrollmentRpIds:
+          description: List of Relying Party hostnames to register on the YubiKey.
+          type: array
+          items:
+            type: string
+        fulfillmentProvider:
+          description: Name of the fulfillment provider for the WebAuthn Preregistration Factor
+          type: string
+          enum:
+            - yubico
+        userId:
+          description: ID of an existing Okta user
+          type: string
+        yubicoTransportKeyJWK:
+          $ref: '#/components/schemas/ECKeyJWK'
+    EnrollmentInitializationResponse:
+      description: Yubico Transport Key in the form of a JWK, used to encrypt our fulfillment request to Yubico. The currently agreed protocol uses P-384.
+      type: object
+      properties:
+        credRequests:
+          description: List of credential requests for the fulfillment provider
+          type: array
+          items:
+            $ref: '#/components/schemas/WebAuthnCredRequest'
+        fulfillmentProvider:
+          description: Name of the fulfillment provider for the WebAuthn Preregistration Factor
+          type: string
+          enum:
+            - yubico
+        pinRequestJwe:
+          description: Encrypted JWE of PIN request for the fulfillment provider
+          type: string
+        userId:
+          description: ID of an existing Okta user
+          type: string
+    EntitlementValue:
+      type: object
+      properties:
+        id:
+          type: string
+        name:
+          type: string
+        value:
+          type: string
+        _links:
+          anyOf:
+            - properties:
+                group:
+                  $ref: '#/components/schemas/HrefObject'
+                app:
+                  $ref: '#/components/schemas/HrefObject'
+                resource-set:
+                  $ref: '#/components/schemas/HrefObject'
+    EntitlementValuesResponse:
+      type: object
+      properties:
+        entitlementValues:
+          type: array
+          items:
+            $ref: '#/components/schemas/EntitlementValue'
+        _links:
+          anyOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - $ref: '#/components/schemas/LinksNext'
+            - properties:
+                bundle:
+                  $ref: '#/components/schemas/HrefObject'
+                entitlements:
+                  $ref: '#/components/schemas/HrefObject'
+    EntityRiskPolicy:
+      allOf:
+        - $ref: '#/components/schemas/Policy'
+        - type: object
+      properties:
+        conditions:
+          type: string
+          description: Policy conditions aren't supported for this policy types.
+          default: null
+          nullable: true
+    EntityRiskPolicyRule:
+      allOf:
+        - $ref: '#/components/schemas/PolicyRule'
+        - type: object
+          properties:
+            actions:
+              type: object
+              description: The action to take based on the risk event
+              properties:
+                entityRisk:
+                  type: object
+                  description: The object that contains the `actions` array
+                  properties:
+                    actions:
+                      type: array
+                      description: The `entityRisk` object's `actions` array can be empty or contain one of two `action` object value pairs. This object determines the specific response to a risk event.
+                      items:
+                        $ref: '#/components/schemas/EntityRiskPolicyRuleActionsObject'
+            conditions:
+              type: object
+              properties:
+                people:
+                  $ref: '#/components/schemas/PolicyPeopleCondition'
+                riskDetectionTypes:
+                  type: object
+                  description: An object that references detected risk events. This object can have an `include` parameter or an `exclude` parameter, but not both.
+                  properties:
+                    exclude:
+                      type: array
+                      description: An array of detected risk events to exclude in the entity policy rule
+                      items:
+                        $ref: '#/components/schemas/DetectedRiskEvents'
+                    include:
+                      type: array
+                      description: An array of detected risk events to include in the entity policy rule
+                      items:
+                        $ref: '#/components/schemas/DetectedRiskEvents'
+                EntityRisk:
+                  type: object
+                  description: The risk score level of the entity risk policy rule
+                  properties:
+                    level:
+                      type: string
+                      enum:
+                        - ANY
+                        - LOW
+                        - MEDIUM
+                        - HIGH
+    EntityRiskPolicyRuleActionRunWorkflow:
+      type: object
+      properties:
+        action:
+          type: string
+          enum:
+            - RUN_WORKFLOW
+        workflow:
+          type: object
+          description: This action runs a workflow
+          properties:
+            id:
+              type: integer
+              description: The `id` of the workflow that runs.
+    EntityRiskPolicyRuleActionTerminateAllSessions:
+      type: object
+      properties:
+        action:
+          type: string
+          description: This action revokes or terminates all of the user's active sessions.
+          enum:
+            - TERMINATE_ALL_SESSIONS
+    EntityRiskPolicyRuleActionsObject:
+      type: object
+      properties:
+        action:
+          type: string
+          enum:
+            - RUN_WORKFLOW
+            - TERMINATE_ALL_SESSIONS
+      discriminator:
+        propertyName: action
+        mapping:
+          RUN_WORKFLOW: '#/components/schemas/EntityRiskPolicyRuleActionRunWorkflow'
+          TERMINATE_ALL_SESSIONS: '#/components/schemas/EntityRiskPolicyRuleActionTerminateAllSessions'
     Error:
       title: Error
       type: object
@@ -25389,10 +37211,7 @@ components:
         errorCauses:
           type: array
           items:
-            type: object
-            properties:
-              errorSummary:
-                type: string
+            $ref: '#/components/schemas/ErrorCause'
         errorCode:
           type: string
           description: An Okta code for this type of error
@@ -25405,6 +37224,11 @@ components:
         errorSummary:
           type: string
           description: A short description of what caused this error. Sometimes this contains dynamically-generated information about your specific error.
+    ErrorCause:
+      type: object
+      properties:
+        errorSummary:
+          type: string
     ErrorPage:
       allOf:
         - $ref: '#/components/schemas/CustomizablePage'
@@ -25413,39 +37237,71 @@ components:
             contentSecurityPolicySetting:
               $ref: '#/components/schemas/ContentSecurityPolicySetting'
     ErrorPageTouchPointVariant:
+      description: |
+        Variant for the error page. You can publish a theme for error page with different combinations of assets. Variants are preset combinations of those assets.
+      default: OKTA_DEFAULT
       type: string
       enum:
         - BACKGROUND_IMAGE
         - BACKGROUND_SECONDARY_COLOR
         - OKTA_DEFAULT
+      x-enumDescriptions:
+        BACKGROUND_IMAGE: Uses the logo, favicon, and background image from the Theme
+        BACKGROUND_SECONDARY_COLOR: Uses the logo and favicon from the Theme. Uses `secondaryColorHex` as the background color for the error page.
+        OKTA_DEFAULT: Uses the Okta logo, favicon, and background color
     EventHook:
       type: object
       properties:
         channel:
           $ref: '#/components/schemas/EventHookChannel'
         created:
+          description: Timestamp of the event hook creation
           type: string
           format: date-time
           readOnly: true
         createdBy:
+          description: The ID of the user who created the event hook
           type: string
+          readOnly: true
+        description:
+          description: Description of the event hook
+          type: string
+          nullable: true
         events:
           $ref: '#/components/schemas/EventSubscriptions'
         id:
           type: string
+          description: Unique key for the event hook
           readOnly: true
         lastUpdated:
+          description: Date of the last event hook update
           type: string
           format: date-time
           readOnly: true
         name:
+          description: Display name for the event hook
           type: string
         status:
-          $ref: '#/components/schemas/LifecycleStatus'
+          description: Status of the event hook
+          type: string
+          enum:
+            - ACTIVE
+            - INACTIVE
+          readOnly: true
         verificationStatus:
           $ref: '#/components/schemas/EventHookVerificationStatus'
         _links:
-          $ref: '#/components/schemas/LinksSelf'
+          allOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - properties:
+                deactivate:
+                  $ref: '#/components/schemas/HrefObject'
+                verify:
+                  $ref: '#/components/schemas/HrefObject'
+      required:
+        - name
+        - events
+        - channel
     EventHookChannel:
       type: object
       properties:
@@ -25454,63 +37310,152 @@ components:
         type:
           $ref: '#/components/schemas/EventHookChannelType'
         version:
+          description: Version of the channel. Currently the only supported version is `1.0.0``.
           type: string
+      required:
+        - type
+        - config
+        - version
     EventHookChannelConfig:
       type: object
       properties:
         authScheme:
           $ref: '#/components/schemas/EventHookChannelConfigAuthScheme'
         headers:
+          description: |-
+            Optional list of key/value pairs for headers that can be sent with the request to the external service. For example,
+            `X-Other-Header` is an example of an optional header, with a value of `my-header-value`, that you want Okta to pass to your
+            external service.
           type: array
           items:
             $ref: '#/components/schemas/EventHookChannelConfigHeader'
+        method:
+          description: The method of the Okta event hook request
+          type: string
+          readOnly: true
         uri:
+          description: The external service endpoint called to execute the event hook handler
           type: string
+      required:
+        - uri
     EventHookChannelConfigAuthScheme:
+      description: |-
+        The authentication scheme used for this request.
+
+        To use Basic Auth for authentication, set `type` to `HEADER`,
+        `key` to `Authorization`, and `value` to the Base64-encoded string of "username:password". Ensure that you include
+        the scheme (including space) as part of the `value` parameter. For example, `Basic YWRtaW46c3VwZXJzZWNyZXQ=`. See
+        [HTTP Basic Authentication](/books/api-security/authn/api-authentication-options/#http-basic-authentication).
       type: object
       properties:
         key:
+          description: The name for the authorization header
           type: string
         type:
           $ref: '#/components/schemas/EventHookChannelConfigAuthSchemeType'
         value:
+          description: |-
+            The header value. This secret key is passed to your external service endpoint for security verification.
+            This property is not returned in the response.
           type: string
+          writeOnly: true
     EventHookChannelConfigAuthSchemeType:
+      description: The authentication scheme type. Currently only supports `HEADER`.
       type: string
       enum:
         - HEADER
     EventHookChannelConfigHeader:
+      nullable: true
       type: object
       properties:
         key:
+          description: The optional field or header name
           type: string
         value:
+          description: The value for the key
           type: string
     EventHookChannelType:
+      description: The channel type. Currently supports `HTTP`.
       type: string
       enum:
         - HTTP
+    EventHookFilterMap:
+      description: The object that maps the filter to the event type
+      items:
+        $ref: '#/components/schemas/EventHookFilterMapObject'
+      type: array
+    EventHookFilterMapObject:
+      type: object
+      properties:
+        condition:
+          $ref: '#/components/schemas/EventHookFilterMapObjectCondition'
+        event:
+          type: string
+          description: The filtered event type
+    EventHookFilterMapObjectCondition:
+      type: object
+      properties:
+        expression:
+          type: string
+          description: The Okta Expression language statement that filters the event type
+        version:
+          type: string
+          nullable: true
+          description: Internal field
+          readOnly: true
+    EventHookFilters:
+      nullable: true
+      description: |-
+        The optional filter defined on a specific event type
+
+        > **Note:** Event hook filters is a [self-service Early Access (EA)](/openapi/okta-management/guides/release-lifecycle/#early-access-ea) to enable.
+        If you want to disable this feature, it's recommended to first remove all event filters.
+      type: object
+      properties:
+        eventFilterMap:
+          $ref: '#/components/schemas/EventHookFilterMap'
+        type:
+          type: string
+          description: The type of filter. Currently only supports `EXPRESSION_LANGUAGE`
+          readOnly: true
+    EventHookSubscribedEventTypes:
+      description: |-
+        The subscribed event types that trigger the event hook. When you register an event hook
+        you need to specify which events you want to subscribe to. To see the list of event types
+        currently eligible for use in event hooks, use the [Event Types catalog](/docs/reference/api/event-types/#catalog)
+        and search with the parameter `event-hook-eligible`.
+      items:
+        type: string
+      type: array
     EventHookVerificationStatus:
+      description: Verification status of the event hook. `UNVERIFIED` event hooks won't receive any events.
       type: string
       enum:
         - UNVERIFIED
         - VERIFIED
+      readOnly: true
     EventSubscriptionType:
+      description: The events object type. Currently supports `EVENT_TYPE`.
       type: string
       enum:
         - EVENT_TYPE
-        - FLOW_EVENT
     EventSubscriptions:
       type: object
       properties:
+        filter:
+          $ref: '#/components/schemas/EventHookFilters'
         items:
-          type: array
-          items:
-            type: string
+          $ref: '#/components/schemas/EventHookSubscribedEventTypes'
         type:
           $ref: '#/components/schemas/EventSubscriptionType'
-      discriminator:
-        propertyName: type
+      required:
+        - type
+        - items
+    Expression:
+      type: object
+      properties:
+        value:
+          type: string
     FCMConfiguration:
       properties:
         fileName:
@@ -25531,66 +37476,20 @@ components:
           properties:
             configuration:
               $ref: '#/components/schemas/FCMConfiguration'
-    FactorProvider:
-      type: string
-      enum:
-        - CUSTOM
-        - DUO
-        - FIDO
-        - GOOGLE
-        - OKTA
-        - RSA
-        - SYMANTEC
-        - YUBICO
-    FactorResultType:
-      type: string
-      enum:
-        - CANCELLED
-        - CHALLENGE
-        - ERROR
-        - FAILED
-        - PASSCODE_REPLAYED
-        - REJECTED
-        - SUCCESS
-        - TIMEOUT
-        - TIME_WINDOW_EXCEEDED
-        - WAITING
-    FactorStatus:
-      type: string
-      enum:
-        - ACTIVE
-        - DISABLED
-        - ENROLLED
-        - EXPIRED
-        - INACTIVE
-        - NOT_SETUP
-        - PENDING_ACTIVATION
-    FactorType:
-      type: string
-      enum:
-        - call
-        - email
-        - push
-        - question
-        - signed_nonce
-        - sms
-        - token
-        - token:hardware
-        - token:hotp
-        - token:software:totp
-        - u2f
-        - web
-        - webauthn
     Feature:
+      description: Specifies feature release cycle information
       type: object
       properties:
         description:
           type: string
+          description: Brief description of the feature and what it provides
         id:
           type: string
+          description: Unique identifier for this feature
           readOnly: true
         name:
           type: string
+          description: Name of the feature
         stage:
           $ref: '#/components/schemas/FeatureStage'
         status:
@@ -25598,14 +37497,40 @@ components:
         type:
           $ref: '#/components/schemas/FeatureType'
         _links:
-          $ref: '#/components/schemas/LinksSelf'
+          allOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - properties:
+                dependents:
+                  description: Link to feature dependents
+                  type: object
+                  readOnly: true
+                  properties:
+                    href:
+                      description: Link URI
+                      type: string
+                      readOnly: true
+                dependencies:
+                  description: Link to feature dependencies
+                  type: object
+                  readOnly: true
+                  properties:
+                    href:
+                      description: Link URI
+                      type: string
+                      readOnly: true
     FeatureLifecycle:
-      example: enable
+      example: ENABLE
       type: string
       enum:
-        - disable
-        - enable
+        - DISABLE
+        - ENABLE
     FeatureStage:
+      description: |-
+        Current release cycle stage of a feature
+
+        If a feature's stage value is `EA`, the state is `null` and not returned. If the value is `BETA`, the state is `OPEN` or `CLOSED` depending on whether the `BETA` feature is manageable.
+
+        > **Note:** If a feature's stage is `OPEN BETA`, you can update it only in Preview cells. If a feature's stage is `CLOSED BETA`, you can disable it only in Preview cells.
       type: object
       properties:
         state:
@@ -25613,16 +37538,19 @@ components:
         value:
           $ref: '#/components/schemas/FeatureStageValue'
     FeatureStageState:
+      description: Indicates the release state of the feature
       type: string
       enum:
         - CLOSED
         - OPEN
     FeatureStageValue:
+      description: Current release stage of the feature
       type: string
       enum:
         - BETA
         - EA
     FeatureType:
+      description: Type of feature
       type: string
       enum:
         - self-service
@@ -25637,6 +37565,144 @@ components:
         resetPasswordUrl:
           type: string
           readOnly: true
+    FulfillmentData:
+      description: Fulfillment provider details
+      type: object
+      properties:
+        customizationId:
+          description: ID for the set of custom configurations of the requested Factor
+          type: string
+        inventoryProductId:
+          description: ID for the specific inventory bucket of the requested Factor
+          type: string
+        productId:
+          description: ID for the make and model of the requested Factor
+          type: string
+    FulfillmentRequest:
+      description: Fulfillment Request
+      type: object
+      properties:
+        fulfillmentData:
+          $ref: '#/components/schemas/FulfillmentData'
+        fulfillmentProvider:
+          description: Name of the fulfillment provider for the WebAuthn Preregistration Factor
+          type: string
+          enum:
+            - yubico
+        userId:
+          description: ID of an existing Okta user
+          type: string
+    GoogleApplication:
+      title: Google Workspace
+      x-tags:
+        - Application
+      x-okta-defined-as:
+        name: google
+      example:
+        name: google
+        label: Sample Google App
+        signOnMode: SAML_2_0
+        settings:
+          app:
+            domain: my-company-domain
+      description: |
+        Schema for the Google Workspace app (key name: `google`)
+
+        To create a Google Workspace app, use the [Create an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication) request with the following parameters in the request body.
+        > **Note:** The Google Workspace app only supports `BROWSER_PLUGIN` and `SAML_2_0` sign-on modes.
+      allOf:
+        - $ref: '#/components/schemas/OINApplication'
+        - type: object
+        - required:
+            - name
+            - label
+            - settings
+          properties:
+            name:
+              enum:
+                - google
+              example: google
+            signOnMode:
+              enum:
+                - BROWSER_PLUGIN
+                - SAML_2_0
+              example: BROWSER_PLUGIN
+            settings:
+              $ref: '#/components/schemas/GoogleApplicationSettings'
+    GoogleApplicationSettings:
+      allOf:
+        - $ref: '#/components/schemas/ApplicationSettings'
+        - type: object
+        - required:
+            - app
+          properties:
+            app:
+              $ref: '#/components/schemas/GoogleApplicationSettingsApplication'
+            signOn:
+              $ref: '#/components/schemas/OINSaml20ApplicationSettingsSignOn'
+    GoogleApplicationSettingsApplication:
+      description: Google app instance properties
+      type: object
+      properties:
+        domain:
+          type: string
+          description: Your Google company domain
+        rpId:
+          type: string
+          description: RPID
+      required:
+        - domain
+    GovernanceBundle:
+      type: object
+      properties:
+        description:
+          type: string
+        id:
+          type: string
+        name:
+          type: string
+        orn:
+          type: string
+        status:
+          type: string
+        _links:
+          allOf:
+            - properties:
+                entitlements:
+                  $ref: '#/components/schemas/HrefObject'
+    GovernanceBundleCreateRequest:
+      type: object
+      properties:
+        description:
+          type: string
+        entitlements:
+          type: array
+          items:
+            $ref: '#/components/schemas/IAMBundleEntitlement'
+        name:
+          type: string
+    GovernanceBundleUpdateRequest:
+      type: object
+      properties:
+        description:
+          type: string
+        entitlements:
+          type: array
+          items:
+            $ref: '#/components/schemas/IAMBundleEntitlement'
+        name:
+          type: string
+    GovernanceBundlesResponse:
+      type: object
+      properties:
+        bundles:
+          type: array
+          items:
+            $ref: '#/components/schemas/GovernanceBundle'
+        _links:
+          anyOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - $ref: '#/components/schemas/LinksNext'
     GrantOrTokenStatus:
       description: Status
       example: ACTIVE
@@ -25645,13 +37711,32 @@ components:
         - ACTIVE
         - REVOKED
       readOnly: true
+    GrantType:
+      description: Determines the mechanism Okta uses to authorize the creation of the tokens.
+      type: string
+      enum:
+        - authorization_code
+        - client_credentials
+        - implicit
+        - interaction_code
+        - password
+        - refresh_token
+        - urn:ietf:params:oauth:grant-type:device_code
+        - urn:ietf:params:oauth:grant-type:jwt-bearer
+        - urn:ietf:params:oauth:grant-type:saml2-bearer
+        - urn:ietf:params:oauth:grant-type:token-exchange
+        - urn:openid:params:grant-type:ciba
+        - urn:okta:params:oauth:grant-type:otp
+        - urn:okta:params:oauth:grant-type:oob
+        - http://auth0.com/oauth/grant-type/mfa-otp
+        - http://auth0.com/oauth/grant-type/mfa-oob
     GrantTypePolicyRuleCondition:
-      type: object
       description: Array of grant types that this condition includes. Determines the mechanism that Okta uses to authorize the creation of the tokens.
+      type: object
       properties:
         include:
           type: array
-          description: Array of grant types thagt this condition includes.
+          description: Array of grant types that this condition includes.
           items:
             type: string
     Group:
@@ -25701,9 +37786,15 @@ components:
                   $ref: '#/components/schemas/HrefObject'
                 users:
                   $ref: '#/components/schemas/HrefObject'
-    GroupCondition:
+    GroupAssignmentProfile:
+      description: |-
+        Specifies the profile properties applied to [Application Users](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/ApplicationUsers/) that are assigned to the app through group membership. 
+        Some reference properties are imported from the target app and can't be configured. See [profile](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/getUser!c=200&path=profile&t=response).
+      additionalProperties: true
       type: object
+    GroupCondition:
       description: Specifies a set of Groups whose Users are to be included or excluded
+      type: object
       properties:
         exclude:
           type: array
@@ -25715,6 +37806,16 @@ components:
           description: Groups to be included
           items:
             type: string
+    GroupMember:
+      allOf:
+        - $ref: '#/components/schemas/User'
+      type: object
+      properties:
+        groupRuleId:
+          type: string
+          description: The group rule ID
+          example: guo56h6ux7ibCPl2G0g7
+          readOnly: true
     GroupOwner:
       type: object
       properties:
@@ -25753,8 +37854,8 @@ components:
         - GROUP
         - USER
     GroupPolicyRuleCondition:
-      type: object
       description: Specifies a set of Groups whose Users are to be included or excluded
+      type: object
       properties:
         exclude:
           type: array
@@ -25985,18 +38086,6 @@ components:
         - APP_GROUP
         - BUILT_IN
         - OKTA_GROUP
-    HardwareUserFactor:
-      allOf:
-        - $ref: '#/components/schemas/UserFactor'
-        - type: object
-          properties:
-            profile:
-              $ref: '#/components/schemas/HardwareUserFactorProfile'
-    HardwareUserFactorProfile:
-      type: object
-      properties:
-        credentialId:
-          type: string
     HookKey:
       type: object
       properties:
@@ -26042,42 +38131,48 @@ components:
       enum:
         - EXTERNALLY_HOSTED
         - OKTA_DEFAULT
-    HrefObject:
-      title: Link Object
+    HrefHints:
+      description: Describes allowed HTTP verbs for the `href`
       type: object
-      additionalProperties: true
       properties:
-        hints:
-          type: object
-          description: Describes allowed HTTP verbs for the `href`
+        allow:
+          type: array
+          items:
+            $ref: '#/components/schemas/HttpMethod'
+    HrefHintsGuidanceObject:
+      allOf:
+        - $ref: '#/components/schemas/HrefHints'
+        - description: Describes allowed HTTP verbs and guidance for the `href`
+        - type: object
           properties:
-            allow:
+            guidance:
               type: array
+              description: |
+                Specifies the URI to invoke for granting scope consent required to complete the OAuth 2.0 connection
               items:
-                $ref: '#/components/schemas/HttpMethod'
+                type: string
+    HrefObject:
+      title: Link Object
+      additionalProperties: true
+      type: object
+      properties:
+        hints:
+          $ref: '#/components/schemas/HrefHints'
         href:
           type: string
           description: Link URI
         name:
           type: string
           description: Link name
+        templated:
+          type: boolean
+          description: Indicates whether the Link Object's `href` property is a URI template.
         type:
           type: string
           description: The media type of the link. If omitted, it is implicitly `application/json`.
-        templated:
-          type: boolean
-          description: Indicates whether the Link Object's "href" property is a URI Template.
       required:
         - href
       readOnly: true
-    HrefObjectMappingsLink:
-      allOf:
-        - $ref: '#/components/schemas/HrefObject'
-        - description: Link to the mappings resource
-    HrefObjectRulesLink:
-      allOf:
-        - $ref: '#/components/schemas/HrefObject'
-        - description: Link to the rules resource    
     HrefObjectActivateLink:
       allOf:
         - $ref: '#/components/schemas/HrefObject'
@@ -26086,6 +38181,21 @@ components:
       allOf:
         - $ref: '#/components/schemas/HrefObject'
         - description: Link to the app resource
+    HrefObjectAuthorizeLink:
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+      description: Link to authorize scopes
+      type: object
+      properties:
+        hints:
+          $ref: '#/components/schemas/HrefHintsGuidanceObject'
+        href:
+          type: string
+          description: Link URI
+      required:
+        - href
+      readOnly: true
     HrefObjectClientLink:
       allOf:
         - $ref: '#/components/schemas/HrefObject'
@@ -26098,10 +38208,22 @@ components:
       allOf:
         - $ref: '#/components/schemas/HrefObject'
         - description: Link to delete the resource
+    HrefObjectGroupLink:
+      allOf:
+        - $ref: '#/components/schemas/HrefObject'
+        - description: Link to the group resource
     HrefObjectLogoLink:
       allOf:
         - $ref: '#/components/schemas/HrefObject'
         - description: Link to the logo resource
+    HrefObjectMappingsLink:
+      allOf:
+        - $ref: '#/components/schemas/HrefObject'
+        - description: Link to the mappings resource
+    HrefObjectRulesLink:
+      allOf:
+        - $ref: '#/components/schemas/HrefObject'
+        - description: Link to the rules resource
     HrefObjectSelfLink:
       allOf:
         - $ref: '#/components/schemas/HrefObject'
@@ -26125,6 +38247,62 @@ components:
         - GET
         - POST
         - PUT
+    IAMBundleEntitlement:
+      type: object
+      properties:
+        resourceSets:
+          type: array
+          items:
+            type: string
+        role:
+          type: string
+        targets:
+          type: array
+          items:
+            type: string
+    IPNetworkZone:
+      allOf:
+        - $ref: '#/components/schemas/NetworkZone'
+        - title: IP Network Zone
+        - type: object
+          properties:
+            gateways:
+              type: array
+              items:
+                $ref: '#/components/schemas/NetworkZoneAddress'
+              description: |-
+                The IP addresses (range or CIDR form) for an IP Network Zone.
+                The maximum array length is 150 entries for admin-created IP zones, 1000 entries for IP blocklist zones, and 5000 entries for the default system IP Zone.
+            proxies:
+              type: array
+              items:
+                $ref: '#/components/schemas/NetworkZoneAddress'
+              nullable: true
+              description: |-
+                The IP addresses (range or CIDR form) that are allowed to forward a request from gateway addresses for an IP Network Zone.
+                These proxies are automatically trusted by Threat Insights and used to identify the client IP of a request.
+                The maximum array length is 150 entries for admin-created zones and 5000 entries for the default system IP Zone.
+    IPServiceCategory:
+      description: An IP service offered by a provider, such as a proxy or VPN
+      type: string
+      enum:
+        - ALL_ANONYMIZERS
+        - ALL_ANONYMIZERS_EXCEPT_TOR
+        - ALL_IP_SERVICES
+        - ALL_PROXIES_VPNS
+        - ANONYMIZER_TOR
+        - APPLE_ICLOUD_RELAY_PROXY
+        - AVAST_VPN
+        - GLOBALPROTECT_VPN
+        - GOOGLE_VPN
+        - MULLVAD_VPN
+        - NORD_VPN
+        - OXYLABS_PROXY
+        - SAMSUNG_VPN
+        - SURFSHARK_VPN
+        - SYMANTEC_VPN
+        - TRENDMICRO_VPN
+        - ULTRASURF_VPN
     IamRole:
       type: object
       properties:
@@ -26216,7 +38394,7 @@ components:
                 metadata:
                   description: 'Federation metadata document for the IdP (for example: SAML 2.0 Metadata)'
                   allOf:
-                    - $ref: '#/components/schemas/HrefObject'                           
+                    - $ref: '#/components/schemas/HrefObject'
                 users:
                   description: IdP users
                   allOf:
@@ -26274,6 +38452,9 @@ components:
           type: string
         client_secret:
           type: string
+        pkce_required:
+          type: boolean
+          description: Require Proof Key for Code Exchange (PKCE) for additional verification
     IdentityProviderCredentialsSigning:
       type: object
       properties:
@@ -26306,36 +38487,25 @@ components:
               $ref: '#/components/schemas/PolicyAccountLink'
             mapAMRClaims:
               type: boolean
-              description: Enable mapping AMR from IdP to Okta to downstream apps
+              description: <div class="x-lifecycle-container"><x-lifecycle class="ea"></x-lifecycle> <x-lifecycle class="oie"></x-lifecycle></div>Enable mapping AMR from IdP to Okta to downstream apps
               default: false
               x-okta-lifecycle:
-                features:
-                  - IDP_AMR_CLAIMS_MAPPING
+                lifecycle: EA
+                isGenerallyAvailable: false
+                SKUs:
+                  - Okta Identity Engine
             maxClockSkew:
               type: integer
             provisioning:
               $ref: '#/components/schemas/Provisioning'
             subject:
               $ref: '#/components/schemas/PolicySubject'
-    IdpDiscoveryPolicy:
-      allOf:
-        - $ref: '#/components/schemas/Policy'
-        - type: object
-          properties:
-            conditions:
-              type: object
-              nullable: true
     IdentityProviderPolicyProvider:
       type: string
       enum:
         - ANY
         - OKTA
         - SPECIFIC_IDP
-    IdpSelectionType:
-      type: string
-      enum:
-        - DYNAMIC
-        - SPECIFIC
     IdentityProviderPolicyRuleCondition:
       type: object
       properties:
@@ -26440,6 +38610,35 @@ components:
         userName:
           type: string
           maxLength: 100
+    IdpDiscoveryPolicy:
+      allOf:
+        - $ref: '#/components/schemas/Policy'
+        - type: object
+          properties:
+            conditions:
+              type: object
+              nullable: true
+    IdpDiscoveryPolicyRule:
+      allOf:
+        - $ref: '#/components/schemas/PolicyRule'
+        - type: object
+          properties:
+            actions:
+              $ref: '#/components/schemas/IdpPolicyRuleAction'
+            conditions:
+              $ref: '#/components/schemas/IdpDiscoveryPolicyRuleCondition'
+    IdpDiscoveryPolicyRuleCondition:
+      allOf:
+        - type: object
+          properties:
+            app:
+              $ref: '#/components/schemas/AppAndInstancePolicyRuleCondition'
+            network:
+              $ref: '#/components/schemas/PolicyNetworkCondition'
+            userIdentifier:
+              $ref: '#/components/schemas/UserIdentifierPolicyRuleCondition'
+            platform:
+              $ref: '#/components/schemas/PlatformPolicyRuleCondition'
     IdpPolicyRuleAction:
       type: object
       properties:
@@ -26462,13 +38661,13 @@ components:
     IdpPolicyRuleActionMatchCriteria:
       type: object
       properties:
+        propertyName:
+          type: string
+          description: The IdP property that the evaluated string should match to
         providerExpression:
           type: string
           description: |
             You can provide an Okta Expression Language expression with the Login Context that's evaluated with the IdP. For example, the value `login.identifier` refers to the user's username. If the user is signing in with the username `john.doe@mycompany.com`, the expression `login.identifier.substringAfter(@))` is evaluated to the domain name of the user, for example: `mycompany.com`.
-        propertyName:
-          type: string
-          description: The IdP property that the evaluated string should match to              
     IdpPolicyRuleActionProvider:
       type: object
       properties:
@@ -26480,6 +38679,11 @@ components:
           description: Provider `name` in Okta. Optional. Supported in `IDENTITY ENGINE`.
         type:
           $ref: '#/components/schemas/IdentityProviderType'
+    IdpSelectionType:
+      type: string
+      enum:
+        - DYNAMIC
+        - SPECIFIC
     IframeEmbedScopeAllowedApps:
       type: string
       enum:
@@ -26490,6 +38694,51 @@ components:
         url:
           readOnly: true
           type: string
+    ImportScheduleObject:
+      description: Import schedule configuration
+      type: object
+      properties:
+        fullImport:
+          allOf:
+            - $ref: '#/components/schemas/ImportScheduleSettings'
+            - description: Determines the full import schedule
+        incrementalImport:
+          allOf:
+            - $ref: '#/components/schemas/ImportScheduleSettings'
+            - description: Determines the incremental import schedule
+        status:
+          $ref: '#/components/schemas/EnabledStatus'
+    ImportScheduleSettings:
+      type: object
+      properties:
+        expression:
+          type: string
+          description: The import schedule in UNIX cron format
+          example: 00 21 * * Mon,Thu,Fri,Sat
+        timezone:
+          type: string
+          description: The import schedule time zone in Internet Assigned Numbers Authority (IANA) time zone name format
+          minLength: 1
+          maxLength: 64
+          example: America/Los_Angeles
+      required:
+        - expression
+    ImportUsernameObject:
+      description: Determines the Okta username for the imported user
+      type: object
+      properties:
+        userNameExpression:
+          type: string
+          description: For `usernameFormat=CUSTOM`, specifies the Okta Expression Language statement for a username format that imported users use to sign in to Okta
+        usernameFormat:
+          type: string
+          description: Determines the username format when users sign in to Okta
+          default: EMAIL
+          enum:
+            - EMAIL
+            - CUSTOM
+      required:
+        - usernameFormat
     InactivityPolicyRuleCondition:
       type: object
       properties:
@@ -26497,6 +38746,13 @@ components:
           type: integer
         unit:
           type: string
+    InboundProvisioningApplicationFeature:
+      allOf:
+        - $ref: '#/components/schemas/ApplicationFeature'
+        - type: object
+        - properties:
+            capabilities:
+              $ref: '#/components/schemas/CapabilitiesInboundProvisioningObject'
     InlineHook:
       type: object
       properties:
@@ -26513,6 +38769,11 @@ components:
           type: string
           format: date-time
           readOnly: true
+        metadata:
+          type: object
+          description: Specific properties for the inline hook configuration, for example, `optOutServiceProtectionRateLimit` to opt-out of Telephony Service Protection Rate Limits when using the Telephony inline hook.
+          additionalProperties:
+            type: string
         name:
           type: string
         status:
@@ -26523,6 +38784,29 @@ components:
           type: string
         _links:
           $ref: '#/components/schemas/LinksSelf'
+    InlineHookBasePayload:
+      type: object
+      properties:
+        cloudEventVersion:
+          description: The inline hook cloud version
+          example: 0.1
+          type: string
+        contentType:
+          description: The inline hook request header content
+          example: application/JSON
+          type: string
+        eventId:
+          type: string
+          description: The individual inline hook request ID
+          example: 3o9jBzq1SmOGmmsDsqyyeQ
+        eventTime:
+          type: string
+          description: The time the inline hook request was sent
+          example: '2020-01-17T21:23:56.000Z'
+        eventTypeVersion:
+          description: The inline hook version
+          example: 1
+          type: string
     InlineHookChannel:
       type: object
       properties:
@@ -26623,6 +38907,29 @@ components:
     InlineHookPayload:
       type: object
       x-okta-extensible: true
+    InlineHookRequestObject:
+      type: object
+      properties:
+        request:
+          type: object
+          description: The API request that triggered the inline hook
+          properties:
+            id:
+              type: string
+              description: The unique identifier that Okta assigned to the API request
+            method:
+              type: string
+              description: The HTTP request method of the API request
+            url:
+              type: object
+              description: The URL of the API endpoint
+              properties:
+                value:
+                  type: string
+                  description: The URL value of the API endpoint
+            ipAddress:
+              type: string
+              description: The IP address of the client that made the API request
     InlineHookResponse:
       type: object
       properties:
@@ -26659,6 +38966,7 @@ components:
         - com.okta.import.transform
         - com.okta.oauth2.tokens.transform
         - com.okta.saml.tokens.transform
+        - com.okta.telephony.provider
         - com.okta.user.credential.password.import
         - com.okta.user.pre-registration
     IssuerMode:
@@ -26667,46 +38975,83 @@ components:
         - CUSTOM_URL
         - DYNAMIC
         - ORG_URL
+    JsonPatchOperation:
+      description: The update action
+      type: object
+      properties:
+        op:
+          $ref: '#/components/schemas/PatchAction'
+        path:
+          type: string
+          description: The resource path of the attribute to update
+        value:
+          type: object
+          description: The update operation value
     JsonWebKey:
       type: object
       properties:
         alg:
+          description: 'The algorithm used with the Key. Valid value: `RS256`'
           type: string
         created:
-          type: string
-          format: date-time
+          $ref: '#/components/schemas/createdProperty'
         e:
+          description: RSA key value (public exponent) for Key binding
           type: string
+          readOnly: true
         expiresAt:
+          description: Timestamp when the certificate expires
           type: string
           format: date-time
+          readOnly: true
         key_ops:
+          description: Identifies the operation(s) for which the key is intended to be used
           type: array
           items:
             type: string
         kid:
+          description: Unique identifier for the certificate
           type: string
+          readOnly: true
         kty:
+          description: 'Cryptographic algorithm family for the certificate''s keypair. Valid value: `RSA`'
           type: string
+          readOnly: true
         lastUpdated:
           type: string
           format: date-time
+          $ref: '#/components/schemas/lastUpdatedProperty'
         'n':
+          description: RSA modulus value that is used by both the public and private keys and provides a link between them
           type: string
         status:
+          description: |-
+            An `ACTIVE` Key is used to sign tokens issued by the authorization server. Supported values: `ACTIVE`, `NEXT`, or `EXPIRED`<br>
+            A `NEXT` Key is the next Key that the authorization server uses to sign tokens when Keys are rotated. The `NEXT` Key might not be listed if it hasn't been generated yet.
+            An `EXPIRED` Key is the previous Key that the authorization server used to sign tokens. The `EXPIRED` Key might not be listed if no Key has expired or the expired Key was deleted.
           type: string
         use:
+          description: 'Acceptable use of the certificate. Valid value: `sig`'
           type: string
+          readOnly: true
         x5c:
+          description: X.509 certificate chain that contains a chain of one or more certificates
           type: array
           items:
             type: string
+          readOnly: true
         x5t:
+          description: X.509 certificate SHA-1 thumbprint, which is the base64url-encoded SHA-1 thumbprint (digest) of the DER encoding of an X.509 certificate
           type: string
+          readOnly: true
         x5t#S256:
+          description: X.509 certificate SHA-256 thumbprint, which is the base64url-encoded SHA-256 thumbprint (digest) of the DER encoding of an X.509 certificate
           type: string
+          readOnly: true
         x5u:
+          description: A URI that refers to a resource for the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS (JSON Web Signature)
           type: string
+          readOnly: true
         _links:
           $ref: '#/components/schemas/LinksSelf'
     JwkUse:
@@ -26779,7 +39124,19 @@ components:
       enum:
         - ACTIVE
         - INACTIVE
+    LinkedHrefObject:
+      title: Link Object
+      additionalProperties: true
+      type: object
+      properties:
+        href:
+          type: string
+          description: Link URI
+      required:
+        - href
+      readOnly: true
     LinkedObject:
+      title: LinkedObject
       type: object
       properties:
         associated:
@@ -26787,31 +39144,90 @@ components:
         primary:
           $ref: '#/components/schemas/LinkedObjectDetails'
         _links:
-          $ref: '#/components/schemas/LinksSelf'
+          $ref: '#/components/schemas/LinkedObjectLinksSelf'
     LinkedObjectDetails:
+      title: LinkedObjectDetails
       type: object
       properties:
         description:
           type: string
+          description: Description of the `primary` or the `associated` relationship
         name:
           type: string
+          description: API name of the `primary` or the `associated` link
         title:
           type: string
+          description: Display name of the `primary` or the `associated` link
         type:
           $ref: '#/components/schemas/LinkedObjectDetailsType'
+      required:
+        - name
+        - title
+        - type
     LinkedObjectDetailsType:
+      description: The object type for this relationship
       type: string
       enum:
         - USER
+      x-enumDescriptions:
+        USER: Specifies the type of object
+    LinkedObjectLinksSelf:
+      description: Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of an application using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. This object is used for dynamic discovery of related resources and lifecycle operations.
+      type: object
+      properties:
+        self:
+          $ref: '#/components/schemas/LinkedHrefObject'
+    LinksActivate:
+      type: object
+      properties:
+        activate:
+          allOf:
+            - description: Activates an enrolled Factor. See [Activate a Factor](/openapi/okta-management/management/tag/UserFactor/#tag/UserFactor/operation/activateFactor)
+            - $ref: '#/components/schemas/HrefObject'
+      readOnly: true
     LinksAppAndUser:
-      description: Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. This object is used for dynamic discovery of resources related to the App User.
+      description: Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. This object is used for dynamic discovery of resources related to the Application User.
       type: object
       properties:
         app:
           $ref: '#/components/schemas/HrefObjectAppLink'
+        group:
+          $ref: '#/components/schemas/HrefObjectGroupLink'
         user:
           $ref: '#/components/schemas/HrefObjectUserLink'
       readOnly: true
+    LinksCancel:
+      type: object
+      properties:
+        cancel:
+          allOf:
+            - description: Cancels a `push` factor challenge with a `WAITING` status.
+            - $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+    LinksDeactivate:
+      type: object
+      properties:
+        deactivate:
+          allOf:
+            - description: Deactivates the Factor. See [Unenroll a Factor](/openapi/okta-management/management/tag/UserFactor/#tag/UserFactor/operation/unenrollFactor)
+            - $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+    LinksEnroll:
+      type: object
+      properties:
+        enroll:
+          allOf:
+            - description: Enrolls a supported Factor. See [Enroll a Factor](/openapi/okta-management/management/tag/UserFactor/#tag/UserFactor/operation/enrollFactor)
+            - $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+    LinksFactor:
+      type: object
+      properties:
+        factor:
+          allOf:
+            - description: Link to the Factor resource
+            - $ref: '#/components/schemas/HrefObject'
+      readOnly: true
     LinksNext:
       description: Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of an application using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. Use the `LinksNext` object for dynamic discovery of related resources and lifecycle operations.
       type: object
@@ -26819,6 +39235,38 @@ components:
         next:
           $ref: '#/components/schemas/HrefObject'
       readOnly: true
+    LinksPoll:
+      type: object
+      properties:
+        poll:
+          allOf:
+            - description: Polls the Factor resource for status information. Always use the `poll` link instead of manually constructing your own URL.
+            - $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+    LinksQrcode:
+      type: object
+      properties:
+        qrcode:
+          allOf:
+            - description: QR code that encodes the push activation code needed for enrollment on the device
+            - $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+    LinksQuestions:
+      type: object
+      properties:
+        question:
+          allOf:
+            - description: Lists all supported security questions. See [List all Supported Security Questions](/openapi/okta-management/management/tag/UserFactor/#tag/UserFactor/operation/listSupportedSecurityQuestions)
+            - $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+    LinksResend:
+      type: object
+      properties:
+        resend:
+          allOf:
+            - description: Resends the factor enrollment challenge. See [Resend a Factor enrollment](/openapi/okta-management/management/tag/UserFactor/#tag/UserFactor/operation/resendEnrollFactor)
+            - $ref: '#/components/schemas/HrefObject'
+      readOnly: true
     LinksSelf:
       description: Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of an application using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. This object is used for dynamic discovery of related resources and lifecycle operations.
       type: object
@@ -26855,6 +39303,37 @@ components:
           properties:
             roles:
               $ref: '#/components/schemas/HrefObject'
+    LinksSelfLifecycleAndAuthorize:
+      allOf:
+        - $ref: '#/components/schemas/LinksSelfAndLifecycle'
+        - type: object
+          properties:
+            authorize:
+              $ref: '#/components/schemas/HrefObjectAuthorizeLink'
+    LinksSend:
+      type: object
+      properties:
+        send:
+          allOf:
+            - description: Sends an activation link through email or sms for users who can't scan the QR code
+            - $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+    LinksUser:
+      type: object
+      properties:
+        user:
+          allOf:
+            - description: Returns information on the specified user
+            - $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+    LinksVerify:
+      type: object
+      properties:
+        verify:
+          allOf:
+            - description: Verifies the Factor resource. See [Verify a Factor](/openapi/okta-management/management/tag/UserFactor/#tag/UserFactor/operation/verifyFactor)
+            - $ref: '#/components/schemas/HrefObject'
+      readOnly: true
     ListProfileMappings:
       description: |-
         A collection of the profile mappings that include a subset of the profile mapping object's properties. The Profile Mapping object describes a mapping between an Okta User's and an App User's properties using [JSON Schema Draft 4](https://datatracker.ietf.org/doc/html/draft-zyp-json-schema-04).
@@ -26867,20 +39346,22 @@ components:
           description: Unique identifier for profile mapping
           readOnly: true
         source:
-          type: object
-          description: Source of the schema property expressions (Okta object or App Instance object)
           $ref: '#/components/schemas/ProfileMappingSource'
         target:
-          type: object
-          description: Target of the schema property expressions (Okta object or App Instance object)
           $ref: '#/components/schemas/ProfileMappingTarget'
         _links:
           $ref: '#/components/schemas/LinksSelf'
     LoadingPageTouchPointVariant:
+      description: |
+        Variant for the Okta loading page. You can publish a theme for Okta loading page with different combinations of assets. Variants are preset combinations of those assets.
+      default: OKTA_DEFAULT
       type: string
       enum:
         - NONE
         - OKTA_DEFAULT
+      x-enumDescriptions:
+        NONE: Uses no loading page animation during the redirect
+        OKTA_DEFAULT: Uses the default Okta loading page animation during the redirect
     LocationGranularity:
       type: string
       enum:
@@ -27353,25 +39834,51 @@ components:
         - aws_eventbridge
         - splunk_cloud_logstreaming
     LogTarget:
+      description: The entity that an actor performs an action on. Targets can be anything, such as an app user, a sign-in token, or anything else.
       type: object
       properties:
         alternateId:
           type: string
+          description: The alternate ID of the target
           readOnly: true
+        changeDetails:
+          type: object
+          description: |-
+            Details on the target's changes. Not all event types support the `changeDetails` property, and not all
+            target objects contain the `changeDetails` property.You must include a property within the object. When
+            querying on this property, you can't search on the `to` or `from` objects alone. You must include a
+            property within the object.
+          properties:
+            from:
+              type: object
+              description: The original properties of the target
+              additionalProperties:
+                type: object
+                properties: {}
+            to:
+              type: object
+              description: The updated properties of the target
+              additionalProperties:
+                type: object
+                properties: {}
         detailEntry:
           type: object
+          description: Further details on the target
           additionalProperties:
             type: object
             properties: {}
           readOnly: true
         displayName:
           type: string
+          description: The display name of the target
           readOnly: true
         id:
           type: string
+          description: The ID of the target
           readOnly: true
         type:
           type: string
+          description: The type of target
           readOnly: true
     LogTransaction:
       type: object
@@ -27435,8 +39942,9 @@ components:
                 type: string
                 uniqueItems: true
           x-okta-lifecycle:
-            features:
-              - WEBAUTHN_MDS_CATALOG_BASED_AAGUID_ALLOWLIST
+            lifecycle: GA
+            isGenerallyAvailable: false
+            SKUs: []
         enroll:
           type: object
           properties:
@@ -27484,81 +39992,55 @@ components:
     NetworkZone:
       type: object
       properties:
-        asns:
-          type: array
-          items:
-            type: string
-          description: Dynamic network zone property. array of strings that represent an ASN numeric value
-          maximum: 75
         created:
           type: string
           format: date-time
-          description: Timestamp when the network zone was created
+          description: Timestamp when the object was created
           readOnly: true
-        gateways:
-          type: array
-          items:
-            $ref: '#/components/schemas/NetworkZoneAddress'
-          description: |-
-            IP network zone property: the IP addresses (range or CIDR form) of this zone.
-            The maximum array length is 150 entries for admin-created IP zones, 1000 entries for IP blocklist zones, and 5000 entries for the default system IP Zone.
         id:
           type: string
-          description: Unique identifier for the network zone
+          description: Unique identifier for the Network Zone
           readOnly: true
         lastUpdated:
           type: string
           format: date-time
-          description: Timestamp when the network zone was last modified
+          description: Timestamp when the object was last modified
           readOnly: true
-        locations:
-          type: array
-          items:
-            $ref: '#/components/schemas/NetworkZoneLocation'
-          description: 'Dynamic network zone property: an array of geolocations of this network zone'
-          maximum: 75
         name:
           type: string
-          description: Unique name for this network zone. Maximum of 128 characters.
-        proxies:
-          type: array
-          items:
-            $ref: '#/components/schemas/NetworkZoneAddress'
-          nullable: true
-          description: |-
-            IP network zone property: the IP addresses (range or CIDR form) that are allowed to forward a request from gateway addresses
-            These proxies are automatically trusted by Threat Insights, and used to identify the client IP of a request.
-            The maximum array length is 150 entries for admin-created zones and 5000 entries for the default system IP Zone.
-        proxyType:
-          type: string
-          description: 'Dynamic network zone property: the proxy type used'
-          enum:
-            - 'null'
-            - Any
-            - Tor
-            - NotTorAnonymizer
-          x-enumDescriptions:
-            'null': (Or `""`) No proxy used
-            Any: Use any proxy type for the dynamic zone.
-            Tor: Use TorAnonymizer as the proxy type for the dynamic zone.
-            NotTorAnonymizer: Use NotTorAnonymizer as the proxy type for the dynamic zone.
+          description: Unique name for this Network Zone
+          maxLength: 128
         status:
           $ref: '#/components/schemas/NetworkZoneStatus'
         system:
           type: boolean
-          description: |-
-            Indicates if this is a system network zone. For admin-created zones, this is always `false`.
-            The system IP Policy Network Zone (`LegacyIpZone`) is included by default in your Okta org. Notice that `system=true` for the `LegacyIpZone` object. Admin users can modify the name of this default system Zone and can add up to 5000 gateway or proxy IP entries.
+          readOnly: true
+          description: |
+            Indicates a system Network Zone:
+            * `true` for system Network Zones
+            * `false` for custom Network Zones
+
+            The Okta org provides the following default system Network Zones:
+            * `LegacyIpZone`
+            * `BlockedIpZone`
+            * <x-lifecycle class="ea"></x-lifecycle> `DefaultEnhancedDynamicZone`
+
+            Admins can modify the name of the default system Network Zone and add up to 5000 gateway or proxy IP entries.
         type:
           $ref: '#/components/schemas/NetworkZoneType'
         usage:
           $ref: '#/components/schemas/NetworkZoneUsage'
         _links:
-          allOf:
-            - $ref: '#/components/schemas/LinksSelf'
-            - properties:
-                deactivate:
-                  $ref: '#/components/schemas/HrefObject'
+          $ref: '#/components/schemas/LinksSelfAndLifecycle'
+      required:
+        - name
+        - type
+      discriminator:
+        propertyName: type
+        mapping:
+          IP: '#/components/schemas/IPNetworkZone'
+          DYNAMIC: '#/components/schemas/DynamicNetworkZone'
+          DYNAMIC_V2: '#/components/schemas/EnhancedDynamicNetworkZone'
     NetworkZoneAddress:
       description: Specifies the value of an IP address expressed using either `range` or `CIDR` form.
       type: object
@@ -27567,42 +40049,56 @@ components:
           $ref: '#/components/schemas/NetworkZoneAddressType'
         value:
           type: string
-          description: Value in CIDR/range form depending on the type specified
+          description: Value in CIDR/range form, depending on the `type` specified
     NetworkZoneAddressType:
-      description: Format of the value
+      description: Format of the IP addresses
       type: string
       enum:
         - CIDR
         - RANGE
+    NetworkZoneAsns:
+      items:
+        type: string
+      maximum: 75
+      type: array
     NetworkZoneLocation:
       type: object
       properties:
         country:
           type: string
           description: |-
-            Format of the country value: length 2 [ISO-3166-1](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) country code.
-            Do not use continent codes as they are treated as generic codes for undesignated countries.
-          example: US
+            The two-character ISO-3166-1 country code.
+            Don't use continent codes since they are treated as generic codes for undesignated countries.
+            <br>For example: `US`
+          maxLength: 2
+          minLength: 2
         region:
           type: string
           description: |-
-            Format of the region value (optional): region code [ISO-3166-2](https://en.wikipedia.org/wiki/ISO_3166-2) appended to country code (`countryCode-regionCode`), or `null` if empty.
-            Do not use continent codes as they are treated as generic codes for undesignated regions.
-          example: US-CA
+            (Optional) The ISO-3166-2 region code appended to the country code (`countryCode-regionCode`), or `null` if empty.
+            Don't use continent codes since they are treated as generic codes for undesignated regions.
+            <br>For example: `CA` (for `US-CA` country and region code)
+    NetworkZoneLocationArray:
+      items:
+        $ref: '#/components/schemas/NetworkZoneLocation'
+      maximum: 75
+      nullable: true
+      type: array
     NetworkZoneStatus:
-      description: Network zone status
+      description: Network Zone status
       type: string
       enum:
         - ACTIVE
         - INACTIVE
     NetworkZoneType:
-      description: The type of network zone
+      description: The type of Network Zone
       type: string
       enum:
         - DYNAMIC
         - IP
+        - DYNAMIC_V2
     NetworkZoneUsage:
-      description: The usage of the network zone
+      description: The usage of the Network Zone
       type: string
       enum:
         - BLOCKLIST
@@ -27613,6 +40109,7 @@ components:
       enum:
         - AD_AGENT
         - AGENT_AUTO_UPDATE_NOTIFICATION
+        - AGENT_AUTO_UPDATE_NOTIFICATION_LDAP
         - APP_IMPORT
         - CONNECTOR_AGENT
         - IWA_AGENT
@@ -27645,7 +40142,6 @@ components:
         id:
           type: string
           description: User ID
-          example: 00uu3u0ujW1P6AfZC1d7
           readOnly: true
         type:
           type: string
@@ -27657,6 +40153,7 @@ components:
       properties:
         alwaysIncludeInToken:
           type: boolean
+          description: Specifies whether to include Claims in the token. The value is always `TRUE` for access token Claims. If the value is set to `FALSE` for an ID token claim, the Claim isn't included in the ID token when the token is requested with the access token or with the `authorization_code`. The client instead uses the access token to get Claims from the `/userinfo` endpoint.
         claimType:
           $ref: '#/components/schemas/OAuth2ClaimType'
         conditions:
@@ -27665,20 +40162,25 @@ components:
           $ref: '#/components/schemas/OAuth2ClaimGroupFilterType'
         id:
           type: string
+          description: ID of the Claim
           readOnly: true
         name:
           type: string
+          description: Name of the Claim
         status:
           $ref: '#/components/schemas/LifecycleStatus'
         system:
+          description: When `true`, indicates that Okta created the Claim
           type: boolean
         value:
+          description: Specifies the value of the Claim. This value must be a string literal if `valueType` is `GROUPS`, and the string literal is matched with the selected `group_filter_type`. The value must be an Okta EL expression if `valueType` is `EXPRESSION`.
           type: string
         valueType:
           $ref: '#/components/schemas/OAuth2ClaimValueType'
         _links:
           $ref: '#/components/schemas/LinksSelf'
     OAuth2ClaimConditions:
+      description: Specifies the scopes for the Claim
       type: object
       properties:
         scopes:
@@ -27686,18 +40188,31 @@ components:
           items:
             type: string
     OAuth2ClaimGroupFilterType:
+      description: |-
+        Specifies the type of group filter if `valueType` is `GROUPS`
+
+        If `valueType` is `GROUPS`, then the groups returned are filtered according to the value of `group_filter_type`.
+
+        If you have complex filters for Groups, you can [create a Groups allowlist](https://developer.okta.com/docs/guides/customize-tokens-groups-claim/main/) to put them all in a Claim.
       type: string
       enum:
         - CONTAINS
         - EQUALS
         - REGEX
         - STARTS_WITH
+      x-enumDescriptions:
+        STARTS_WITH: Group names start with `value` (not case-sensitive). For example, if `value` is `group1`, then `group123` and `Group123` are included.
+        EQUALS: Group name is the same as `value` (not case-sensitive). For example, if `value` is `group1`, then `group1` and `Group1` are included, but `group123` isn't.
+        CONTAINS: Group names contain `value` (not case-sensitive). For example, if `value` is `group1`, then `MyGroup123` and `group1` are included.
+        REGEX: Group names match the regular expression in `value` (case-sensitive). For example if `value` is `/^[a-z0-9_-]{3,16}$/`, then any Group name that has at least three letters, no more than 16, and contains lowercase letters, a hyphen, or numbers is a match.
     OAuth2ClaimType:
+      description: Specifies whether the Claim is for an access token (`RESOURCE`) or an ID token (`IDENTITY`)
       type: string
       enum:
         - IDENTITY
         - RESOURCE
     OAuth2ClaimValueType:
+      description: Specifies whether the Claim is an Okta Expression Language (EL) expression (`EXPRESSION`), a set of groups (`GROUPS`), or a system claim (`SYSTEM`)
       type: string
       enum:
         - EXPRESSION
@@ -27707,15 +40222,18 @@ components:
       type: object
       properties:
         client_id:
+          description: Unique key for the client application. The `client_id` is immutable
           type: string
           readOnly: true
         client_name:
+          description: Human-readable string name of the client application
           type: string
           readOnly: true
         client_uri:
           type: string
           readOnly: true
         logo_uri:
+          description: URL string that references a logo for the client consent dialog (not the sign-in dialog)
           type: string
           readOnly: true
         _links:
@@ -27725,41 +40243,100 @@ components:
       properties:
         clientId:
           type: string
+          description: Client ID
         created:
-          type: string
-          format: date-time
-          readOnly: true
-        createdBy:
-          $ref: '#/components/schemas/OAuth2Actor'
+          $ref: '#/components/schemas/createdProperty'
         expiresAt:
           type: string
+          description: Expiration time of the OAuth 2.0 Token
           format: date-time
           readOnly: true
         id:
           type: string
+          description: ID of the Token object
           readOnly: true
         issuer:
           type: string
+          description: The complete URL of the authorization server that issued the Token
         lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
+          $ref: '#/components/schemas/lastUpdatedProperty'
         scopes:
           type: array
+          description: The scope names attached to the Token
           items:
             type: string
         status:
           $ref: '#/components/schemas/GrantOrTokenStatus'
         userId:
           type: string
+          description: The ID of the user associated with the Token
         _embedded:
           type: object
-          additionalProperties:
-            type: object
-            properties: {}
+          description: The embedded resources related to the object if the `expand` query parameter is specified
+          properties:
+            scopes:
+              type: array
+              description: The scope objects attached to the Token
+              items:
+                $ref: '#/components/schemas/OAuth2RefreshTokenScope'
           readOnly: true
         _links:
-          $ref: '#/components/schemas/LinksSelf'
+          allOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - type: object
+              properties:
+                app:
+                  description: Link to the app resource
+                  allOf:
+                    - $ref: '#/components/schemas/AppCustomHrefObject'
+                revoke:
+                  description: Link to revoke the refresh Token
+                  allOf:
+                    - $ref: '#/components/schemas/AppCustomHrefObject'
+                    - properties:
+                        hints:
+                          properties:
+                            allow:
+                              items:
+                                enum:
+                                  - DELETE
+                                default: DELETE
+                client:
+                  description: Link to the client resource
+                  allOf:
+                    - $ref: '#/components/schemas/AppCustomHrefObject'
+                user:
+                  description: Link to the user resource
+                  allOf:
+                    - $ref: '#/components/schemas/AppCustomHrefObject'
+                authorizationServer:
+                  description: Link to the Token authorization server resource
+                  allOf:
+                    - $ref: '#/components/schemas/AppCustomHrefObject'
+    OAuth2RefreshTokenScope:
+      type: object
+      properties:
+        description:
+          type: string
+          description: Description of the Scope
+        displayName:
+          type: string
+          description: Name of the end user displayed in a consent dialog
+        id:
+          type: string
+          description: Scope object ID
+          readOnly: true
+        name:
+          type: string
+          description: Scope name
+        _links:
+          description: Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of an application using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. This object is used for dynamic discovery of related resources and lifecycle operations.
+          type: object
+          properties:
+            scope:
+              description: Link to Scope resource
+              allOf:
+                - $ref: '#/components/schemas/AppCustomHrefObject'
     OAuth2Scope:
       type: object
       properties:
@@ -27767,19 +40344,27 @@ components:
           $ref: '#/components/schemas/OAuth2ScopeConsentType'
         default:
           type: boolean
+          description: Indicates if this Scope is a default scope
         description:
           type: string
+          description: Description of the Scope
         displayName:
           type: string
+          description: Name of the end user displayed in a consent dialog
         id:
           type: string
+          description: Scope object ID
           readOnly: true
         metadataPublish:
           $ref: '#/components/schemas/OAuth2ScopeMetadataPublish'
         name:
           type: string
+          description: Scope name
+        optional:
+          type: boolean
         system:
           type: boolean
+          description: Indicates if Okta created the Scope
     OAuth2ScopeConsentGrant:
       description: Grant object that represents an app consent scope grant
       type: object
@@ -27787,31 +40372,21 @@ components:
         clientId:
           type: string
           description: Client ID of the app integration
-          example: 0oafxqCAJWWGELFTYASJ
           readOnly: true
         created:
-          type: string
-          description: Timestamp when the Grant object was created
-          format: date-time
-          example: '2023-06-28T16:40:10.000Z'
-          readOnly: true
+          $ref: '#/components/schemas/createdProperty'
         createdBy:
           $ref: '#/components/schemas/OAuth2Actor'
         id:
           type: string
           description: ID of the Grant object
-          example: oagsebt2ltaSlR6t81d6
           readOnly: true
         issuer:
           type: string
           description: The issuer of your org authorization server. This is typically your Okta domain.
           example: https://my_test_okta_org.oktapreview.com
         lastUpdated:
-          type: string
-          description: Timestamp when the Grant object was last updated
-          format: date-time
-          example: '2023-06-28T16:40:10.000Z'
-          readOnly: true
+          $ref: '#/components/schemas/lastUpdatedProperty'
         scopeId:
           type: string
           description: The name of the [Okta scope](https://developer.okta.com/docs/api/oauth2/#oauth-20-scopes) for which consent is granted
@@ -27842,13 +40417,13 @@ components:
             - type: object
               properties:
                 app:
-                  description: Link to app
+                  description: Link to the app resource
                   allOf:
-                    - $ref: '#/components/schemas/HrefObject'
+                    - $ref: '#/components/schemas/AppCustomHrefObject'
                 client:
-                  description: Link to client
+                  description: Link to the client resource
                   allOf:
-                    - $ref: '#/components/schemas/HrefObject'
+                    - $ref: '#/components/schemas/AppCustomHrefObject'
             - readOnly: true
       required:
         - issuer
@@ -27862,17 +40437,23 @@ components:
         - END_USER
       readOnly: true
     OAuth2ScopeConsentType:
+      description: Indicates whether a consent dialog is needed for the Scope
+      default: IMPLICIT
       type: string
       enum:
         - ADMIN
+        - FLEXIBLE
         - IMPLICIT
         - REQUIRED
     OAuth2ScopeMetadataPublish:
+      description: Indicates whether the Scope is included in the metadata
+      default: NO_CLIENTS
       type: string
       enum:
         - ALL_CLIENTS
         - NO_CLIENTS
     OAuth2ScopesMediationPolicyRuleCondition:
+      description: Array of scopes that the condition includes
       type: object
       properties:
         include:
@@ -27884,25 +40465,28 @@ components:
       properties:
         clientId:
           type: string
-        created:
-          type: string
-          format: date-time
+          description: Client ID
+          example: 0oabskvc6442nkvQO0h7
           readOnly: true
+        created:
+          $ref: '#/components/schemas/createdProperty'
         expiresAt:
           type: string
+          description: Expiration time of the OAuth 2.0 Token
           format: date-time
           readOnly: true
         id:
           type: string
+          description: ID of the Token object
           readOnly: true
         issuer:
           type: string
+          description: The complete URL of the authorization server that issued the Token
         lastUpdated:
-          type: string
-          format: date-time
-          readOnly: true
+          $ref: '#/components/schemas/lastUpdatedProperty'
         scopes:
           type: array
+          description: Name of scopes attached to the Token
           items:
             type: string
         status:
@@ -27911,6 +40495,7 @@ components:
           type: string
         _embedded:
           type: object
+          description: Embedded resources related to the object if the `expand` query parameter is specified
           additionalProperties:
             type: object
             properties: {}
@@ -27945,18 +40530,532 @@ components:
         - urn:ietf:params:oauth:grant-type:jwt-bearer
         - urn:ietf:params:oauth:grant-type:saml2-bearer
         - urn:ietf:params:oauth:grant-type:token-exchange
+    OAuthMetadata:
+      type: object
+      properties:
+        authorization_endpoint:
+          type: string
+          description: URL of the authorization server's authorization endpoint.
+        backchannel_authentication_request_signing_alg_values_supported:
+          description: <div class="x-lifecycle-container"><x-lifecycle class="lea"></x-lifecycle> <x-lifecycle class="oie"></x-lifecycle></div>A list of signing algorithms that this authorization server supports for signed requests.
+          type: array
+          items:
+            $ref: '#/components/schemas/SigningAlgorithm'
+          x-okta-lifecycle:
+            lifecycle: LIMITED_GA
+            isGenerallyAvailable: false
+            SKUs:
+              - Okta Identity Engine
+        backchannel_token_delivery_modes_supported:
+          description: <div class="x-lifecycle-container"><x-lifecycle class="lea"></x-lifecycle> <x-lifecycle class="oie"></x-lifecycle></div>The delivery modes that this authorization server supports for Client-Initiated Backchannel Authentication.
+          type: array
+          items:
+            $ref: '#/components/schemas/TokenDeliveryMode'
+          x-okta-lifecycle:
+            lifecycle: LIMITED_GA
+            isGenerallyAvailable: false
+            SKUs:
+              - Okta Identity Engine
+        claims_supported:
+          description: A list of the claims supported by this authorization server.
+          type: array
+          items:
+            $ref: '#/components/schemas/Claim'
+        code_challenge_methods_supported:
+          description: A list of PKCE code challenge methods supported by this authorization server.
+          type: array
+          items:
+            $ref: '#/components/schemas/CodeChallengeMethod'
+        device_authorization_endpoint:
+          type: string
+        dpop_signing_alg_values_supported:
+          description: A list of signing algorithms supported by this authorization server for Demonstrating Proof-of-Possession (DPoP) JWTs.
+          type: array
+          items:
+            type: string
+            enum:
+              - ES256
+              - ES384
+              - ES512
+              - RS256
+              - RS384
+              - RS512
+          x-okta-lifecycle:
+            lifecycle: GA
+            isGenerallyAvailable: true
+        end_session_endpoint:
+          description: URL of the authorization server's logout endpoint.
+          type: string
+        grant_types_supported:
+          description: A list of the grant type values that this authorization server supports.
+          type: array
+          items:
+            $ref: '#/components/schemas/GrantType'
+        introspection_endpoint:
+          description: URL of the authorization server's introspection endpoint.
+          type: string
+        introspection_endpoint_auth_methods_supported:
+          description: A list of client authentication methods supported by this introspection endpoint.
+          type: array
+          items:
+            $ref: '#/components/schemas/EndpointAuthMethod'
+        issuer:
+          type: string
+          description: The authorization server's issuer identifier. In the context of this document, this is your authorization server's base URL. This becomes the `iss` claim in an access token.
+        jwks_uri:
+          description: URL of the authorization server's JSON Web Key Set document.
+          type: string
+        pushed_authorization_request_endpoint:
+          type: string
+        registration_endpoint:
+          description: URL of the authorization server's JSON Web Key Set document.
+          type: string
+        request_object_signing_alg_values_supported:
+          description: A list of signing algorithms that this authorization server supports for signed requests.
+          type: array
+          items:
+            $ref: '#/components/schemas/SigningAlgorithm'
+        request_parameter_supported:
+          description: Indicates if Request Parameters are supported by this authorization server.
+          type: boolean
+        response_modes_supported:
+          description: A list of the `response_mode` values that this authorization server supports. More information here.
+          type: array
+          items:
+            $ref: '#/components/schemas/ResponseMode'
+        response_types_supported:
+          description: A list of the `response_type` values that this authorization server supports. Can be a combination of `code`, `token`, and `id_token`.
+          type: array
+          items:
+            $ref: '#/components/schemas/ResponseTypesSupported'
+        revocation_endpoint:
+          description: URL of the authorization server's revocation endpoint.
+          type: string
+        revocation_endpoint_auth_methods_supported:
+          description: A list of client authentication methods supported by this revocation endpoint.
+          type: array
+          items:
+            $ref: '#/components/schemas/EndpointAuthMethod'
+        scopes_supported:
+          description: A list of the scope values that this authorization server supports.
+          type: array
+          items:
+            $ref: '#/components/schemas/Scope'
+        subject_types_supported:
+          description: A list of the Subject Identifier types that this authorization server supports. Valid types include `pairwise` and `public`, but only `public` is currently supported. See the [Subject Identifier Types](https://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes) section in the OpenID Connect specification.
+          type: array
+          items:
+            $ref: '#/components/schemas/SubjectType'
+        token_endpoint:
+          description: URL of the authorization server's token endpoint.
+          type: string
+        token_endpoint_auth_methods_supported:
+          description: A list of client authentication methods supported by this token endpoint.
+          type: array
+          items:
+            $ref: '#/components/schemas/EndpointAuthMethod'
+    OAuthProvisioningEnabledApp:
+      description: Application name for the provisioning connection
+      type: string
+      enum:
+        - google
+        - office365
+        - slack
+        - zoomus
     OAuthResponseType:
       type: string
       enum:
         - code
         - id_token
         - token
+    OINApplication:
+      type: object
+      properties:
+        accessibility:
+          $ref: '#/components/schemas/ApplicationAccessibility'
+        credentials:
+          $ref: '#/components/schemas/SchemeApplicationCredentials'
+        label:
+          $ref: '#/components/schemas/ApplicationLabel'
+        licensing:
+          $ref: '#/components/schemas/ApplicationLicensing'
+        name:
+          type: string
+          description: The key name for the OIN app definition
+        profile:
+          type: object
+          description: Contains any valid JSON schema for specifying properties that can be referenced from a request (only available to OAuth 2.0 client apps)
+          additionalProperties:
+            type: object
+            properties: {}
+        signOnMode:
+          type: string
+          description: Authentication mode for the app
+        status:
+          $ref: '#/components/schemas/ApplicationLifecycleStatus'
+        visibility:
+          $ref: '#/components/schemas/ApplicationVisibility'
+    OINSaml11ApplicationSettingsSignOn:
+      title: SAML 1.1 settings
+      description: Contains SAML 1.1 sign-on mode attributes
+      type: object
+      properties:
+        audienceOverride:
+          type: string
+          description: Audience override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm).
+        defaultRelayState:
+          type: string
+          description: Identifies a specific application resource in an IdP-initiated SSO scenario
+        recipientOverride:
+          type: string
+          description: Recipient override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm).
+        ssoAcsUrlOverride:
+          type: string
+          description: Assertion Consumer Service (ACS) URL override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm).
+    OINSaml20ApplicationSettingsSignOn:
+      title: SAML 2.0 settings
+      description: |-
+        Contains SAML 2.0 sign-on mode attributes.
+        > **Note:** Set `destinationOverride` to configure any other SAML 2.0 attributes in this section.
+      type: object
+      properties:
+        audienceOverride:
+          type: string
+          description: Audience override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm).
+        configuredAttributeStatements:
+          type: array
+          items:
+            $ref: '#/components/schemas/SamlAttributeStatement'
+        defaultRelayState:
+          type: string
+          description: Identifies a specific application resource in an IdP-initiated SSO scenario
+        destinationOverride:
+          type: string
+          description: Destination override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm).
+        recipientOverride:
+          type: string
+          description: Recipient override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm).
+        samlAssertionLifetimeSeconds:
+          x-okta-lifecycle:
+            lifecycle: GA
+            isGenerallyAvailable: true
+          type: integer
+          description: Determines the SAML app session lifetimes with Okta
+          example: 3600
+        ssoAcsUrlOverride:
+          type: string
+          description: Assertion Consumer Service (ACS) URL override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm).
     OSVersion:
-      description: Current version of the operating system
+      description: |
+        Specifies the OS requirement for the policy.
+
+        There are two types of OS requirements:
+
+        * **Static**: A specific OS version requirement that doesn't change until you update the policy. A static OS requirement is specified with the `osVersion.minimum` property.
+        * **Dynamic**: An OS version requirement that is relative to the latest major OS release and security patch. A dynamic OS requirement is specified with the `osVersion.dynamicVersionRequirement` property.
+        > **Note:** Dynamic OS requirements are available only if the **Dynamic OS version compliance** [self-service EA](/openapi/okta-management/guides/release-lifecycle/#early-access-ea) feature is enabled. You can't specify both `osVersion.minimum` and `osVersion.dynamicVersionRequirement` properties at the same time.
+      type: object
+      properties:
+        dynamicVersionRequirement:
+          x-okta-lifecycle:
+            lifecycle: EA
+            isGenerallyAvailable: false
+            SKUs: []
+          description: <div class="x-lifecycle-container"><x-lifecycle class="ea"></x-lifecycle></div>Contains the necessary properties for a dynamic version requirement
+          type: object
+          properties:
+            type:
+              type: string
+              description: Indicates the type of the dynamic OS version requirement
+              enum:
+                - MINIMUM
+                - EXACT
+                - EXACT_ANY_SUPPORTED
+              x-enumDescriptions:
+                MINIMUM: The device version must be equal to or newer than the dynamically determined version. `distanceFromLatestMajor` must be specified for this type.
+                EXACT: The device version must be on the same major version as the dynamically determined version. `distanceFromLatestMajor` must be specified for this type.
+                EXACT_ANY_SUPPORTED: The device version must be on a major version which is supported. You can't specify `distanceFromLatestMajor` for this type.
+            distanceFromLatestMajor:
+              description: Indicates the distance from the latest major version
+              type: integer
+              minimum: 0
+              maximum: 1
+            latestSecurityPatch:
+              description: Indicates whether the device needs to be on the latest security patch
+              type: boolean
+        minimum:
+          description: The device version must be equal to or newer than the specified version string (maximum of three components for iOS and macOS, and maximum of four components for Android)
+          type: string
+          example: 12.4.5
+    OSVersionConstraint:
+      type: object
+      properties:
+        dynamicVersionRequirement:
+          type: object
+          description: Contains the necessary properties for a dynamic Windows version requirement
+          properties:
+            type:
+              type: string
+              description: Indicates the type of the dynamic Windows version requirement
+              enum:
+                - MINIMUM
+                - EXACT
+                - EXACT_ANY_SUPPORTED
+                - NOT_ALLOWED
+              x-enumDescriptions:
+                MINIMUM: The device version must be equal to or newer than the dynamically determined Windows version. `distanceFromLatestMajor` must be specified for this type.
+                EXACT: The device version must be on the same major version as the dynamically determined Windows version. `distanceFromLatestMajor` must be specified for this type.
+                EXACT_ANY_SUPPORTED: The device version must be on a Windows major version which is supported. You can't specify `distanceFromLatestMajor` for this type.
+                NOT_ALLOWED: The device version isn't allowed. You can't specify `distanceFromLatestMajor` or `latestSecurityPatch` for this type.
+            distanceFromLatestMajor:
+              description: Indicates the distance from the latest Windows major version
+              type: integer
+              minimum: 0
+              maximum: 1
+            latestSecurityPatch:
+              description: Indicates whether the policy requires Windows devices to be on the latest security patch
+              type: boolean
+        majorVersionConstraint:
+          type: string
+          description: Indicates the Windows major version
+          enum:
+            - WINDOWS_11
+            - WINDOWS_10
+          x-enumDescriptions:
+            WINDOWS_11: The device is on Windows 11
+            WINDOWS_10: The device is on Windows 10 or an older Windows version
+        minimum:
+          description: The Windows device version must be equal to or newer than the specified version
+          type: string
+          example: 12.4.5.9
+      required:
+        - majorVersionConstraint
+    OSVersionFourComponents:
+      description: Current version of the operating system (maximum of four components in the versioning scheme)
       type: object
       properties:
         minimum:
           type: string
+          example: 12.4.5.9
+    OSVersionThreeComponents:
+      description: Current version of the operating system (maximum of three components in the versioning scheme)
+      type: object
+      properties:
+        minimum:
+          type: string
+          example: 12.4.5
+    Office365Application:
+      title: Microsoft Office 365
+      x-tags:
+        - Application
+      x-okta-defined-as:
+        name: office365
+      description: |
+        Schema for the Microsoft Office 365 app (key name: `office365`)
+
+        To create a Microsoft Office 365 app, use the [Create an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication) request with the following parameters in the request body.
+        > **Note:** The Office 365 app only supports `BROWSER_PLUGIN` and `SAML_1_1` sign-on modes.
+      allOf:
+        - $ref: '#/components/schemas/OINApplication'
+        - type: object
+        - required:
+            - name
+            - label
+            - settings
+          properties:
+            name:
+              type: string
+              enum:
+                - office365
+              example: office365
+            signOnMode:
+              enum:
+                - BROWSER_PLUGIN
+                - SAML_1_1
+              example: BROWSER_PLUGIN
+            settings:
+              $ref: '#/components/schemas/Office365ApplicationSettings'
+      example:
+        name: office365
+        label: Sample Office365 App
+        signOnMode: SAML_1_1
+        settings:
+          app:
+            domain: myintegration.okta365test.net
+            msftTenant: mycompanyinc
+    Office365ApplicationSettings:
+      allOf:
+        - $ref: '#/components/schemas/ApplicationSettings'
+        - type: object
+        - required:
+            - app
+          properties:
+            app:
+              $ref: '#/components/schemas/Office365ApplicationSettingsApplication'
+            signOn:
+              $ref: '#/components/schemas/OINSaml11ApplicationSettingsSignOn'
+    Office365ApplicationSettingsApplication:
+      description: Office365 app instance properties
+      type: object
+      properties:
+        domain:
+          type: string
+          description: The domain for your Office 365 account
+        msftTenant:
+          type: string
+          description: Microsoft tenant name
+      required:
+        - msftTenant
+        - domain
+    Office365ProvisioningSettings:
+      x-okta-lifecycle:
+        lifecycle: GA
+        isGenerallyAvailable: true
+      title: Microsoft Office 365 provisioning settings
+      description: Settings required for the Microsoft Office 365 Provisioning Connection
+      type: object
+      properties:
+        adminPassword:
+          type: string
+          description: Microsoft Office 365 global administrator password
+        adminUsername:
+          type: string
+          description: Microsoft Office 365 global administrator username
+      required:
+        - adminUsername
+        - adminPassword
+    Oidc:
+      description: OIDC configuration details
+      type: object
+      properties:
+        doc:
+          type: string
+          format: uri
+          description: The URL to your customer-facing instructions for configuring your OIDC integration. See [Customer configuration document guidelines](https://developer.okta.com/docs/guides/submit-app-prereq/main/#customer-configuration-document-guidelines).
+          example: https://example.com/strawberry/help/oidcSetup
+        initiateLoginUri:
+          type: string
+          format: uri
+          description: The URL to redirect users when they click on your app from their Okta End-User Dashboard
+          example: https://${org.subdomain}.example.com/strawberry/oidc/sp-init
+        postLogoutUris:
+          type: array
+          description: The sign-out redirect URIs for your app. You can send a request to `/v1/logout` to sign the user out and redirect them to one of these URIs.
+          items:
+            type: string
+            format: uri
+            description: 'A sign-out redirect URI. You can use the org properties you defined in the `config` array as variables in your URI. For example: `https://${org.subdomain}.example.com/strawberry/oidc/logged-out`'
+            example: https://${org.subdomain}.example.com/strawberry/oidc/logged-out
+        redirectUris:
+          type: array
+          minItems: 1
+          description: List of sign-in redirect URIs
+          items:
+            type: string
+            format: uri
+            description: Sign-in redirect URI
+            example: https://${org.subdomain}.example.com/strawberry/oidc/login
+      required:
+        - redirectUris
+        - doc
+    OktaDeviceRiskChangeEvent:
+      description: The device risk level changed
+      type: object
+      properties:
+        current_level:
+          type: string
+          description: Current risk level of the device
+          enum:
+            - low
+            - medium
+            - high
+            - secure
+            - none
+          example: low
+        event_timestamp:
+          type: integer
+          format: int64
+          description: The time of the event (UNIX timestamp)
+          example: 1702448550
+        initiating_entity:
+          type: string
+          description: The entity that initiated the event
+          enum:
+            - admin
+            - user
+            - policy
+            - system
+        previous_level:
+          type: string
+          description: Previous risk level of the device
+          enum:
+            - low
+            - medium
+            - high
+            - secure
+            - none
+          example: medium
+        reason_admin:
+          allOf:
+            - $ref: '#/components/schemas/SecurityEventReason'
+            - type: object
+              description: A localized administrative message intended for logging and auditing.<br>Either `reason_admin` or `reason_user` is required.
+        reason_user:
+          allOf:
+            - $ref: '#/components/schemas/SecurityEventReason'
+            - type: object
+              description: A localized message intended for the end user.<br>Either `reason_admin` or `reason_user` is required.
+        subjects:
+          type: object
+          $ref: '#/components/schemas/SecurityEventSubject'
+      required:
+        - event_timestamp
+        - subjects
+        - current_level
+        - previous_level
+    OktaIpChangeEvent:
+      description: IP changed for the subject's session
+      type: object
+      properties:
+        current_ip_address:
+          type: string
+          description: Current IP address of the subject
+          example: 123.4.5.6
+        event_timestamp:
+          type: integer
+          format: int64
+          description: The time of the event (UNIX timestamp)
+          example: 1702448550
+        initiating_entity:
+          type: string
+          description: The entity that initiated the event
+          enum:
+            - admin
+            - user
+            - policy
+            - system
+        previous_ip_address:
+          type: string
+          description: Previous IP address of the subject
+          example: 123.45.67.8
+        reason_admin:
+          allOf:
+            - $ref: '#/components/schemas/SecurityEventReason'
+            - type: object
+              description: A localized administrative message intended for logging and auditing.<br>Either `reason_admin` or `reason_user` is required.
+        reason_user:
+          allOf:
+            - $ref: '#/components/schemas/SecurityEventReason'
+            - type: object
+              description: A localized message intended for the end user.<br>Either `reason_admin` or `reason_user` is required.
+        subjects:
+          type: object
+          $ref: '#/components/schemas/SecurityEventSubject'
+      required:
+        - event_timestamp
+        - subjects
+        - current_ip_address
+        - previous_ip_address
     OktaSignOnPolicy:
       allOf:
         - $ref: '#/components/schemas/Policy'
@@ -28031,6 +41130,61 @@ components:
         usePersistentCookie:
           type: boolean
           default: false
+    OktaUserRiskChangeEvent:
+      description: The user risk level changed
+      type: object
+      properties:
+        current_level:
+          type: string
+          description: Current risk level of the user
+          enum:
+            - low
+            - medium
+            - high
+            - secure
+            - none
+          example: low
+        event_timestamp:
+          type: integer
+          format: int64
+          description: The time of the event (UNIX timestamp)
+          example: 1702448550
+        initiating_entity:
+          type: string
+          description: The entity that initiated the event
+          enum:
+            - admin
+            - user
+            - policy
+            - system
+        previous_level:
+          type: string
+          description: Previous risk level of the user
+          enum:
+            - low
+            - medium
+            - high
+            - secure
+            - none
+          example: medium
+        reason_admin:
+          allOf:
+            - $ref: '#/components/schemas/SecurityEventReason'
+            - type: object
+              description: A localized administrative message intended for logging and auditing.<br>Either `reason_admin` or `reason_user` is required.
+        reason_user:
+          allOf:
+            - $ref: '#/components/schemas/SecurityEventReason'
+            - type: object
+              description: A localized message intended for the end user.<br>Either `reason_admin` or `reason_user` is required.
+        subjects:
+          type: object
+          $ref: '#/components/schemas/SecurityEventSubject'
+      required:
+        - event_timestamp
+        - subjects
+        - current_level
+        - previous_level
     OpenIdConnectApplication:
       x-okta-defined-as:
         name: oidc_client
@@ -28042,9 +41196,15 @@ components:
               $ref: '#/components/schemas/OAuthApplicationCredentials'
             name:
               type: string
-              default: oidc_client
+              description: '`oidc_client` is the key name for an OIDC app instance'
+              enum:
+                - oidc_client
             settings:
               $ref: '#/components/schemas/OpenIdConnectApplicationSettings'
+          required:
+            - name
+            - settings
+            - credentials
     OpenIdConnectApplicationConsentMethod:
       type: string
       enum:
@@ -28086,8 +41246,8 @@ components:
           description: Indicates that the client application uses Demonstrating Proof-of-Possession (DPoP) for token requests. If `true`, the authorization server rejects token requests from this client that don't contain the DPoP header.
           default: false
           x-okta-lifecycle:
-            features:
-              - OAUTH2_DPOP
+            lifecycle: GA
+            isGenerallyAvailable: true
         frontchannel_logout_session_required:
           description: Include user session details.
           type: boolean
@@ -28140,14 +41300,30 @@ components:
         keys:
           type: array
           items:
-            $ref: '#/components/schemas/JsonWebKey'
+            $ref: '#/components/schemas/schemas-JsonWebKey'
     OpenIdConnectApplicationSettingsRefreshToken:
+      description: |
+        Refresh token configuration for an OAuth 2.0 client
+
+        When you create or update an OAuth 2.0 client, you can configure refresh token rotation by setting the `rotation_type` and `leeway` properties. If you don't set these properties when you create an app integration, the default values are used.
+        When you update an app integration, your previously configured values are used.
       type: object
       properties:
         leeway:
           type: integer
+          minimum: 0
+          maximum: 60
+          description: |
+            The leeway, in seconds, allowed for the OAuth 2.0 client.
+            After the refresh token is rotated, the previous token remains valid for the specified period of time so clients can get the new token.
+
+            > **Note:** A leeway of 0 doesn't necessarily mean that the previous token is immediately invalidated. The previous token is invalidated after the new token is generated and returned in the response.
+          default: 30
+          example: 20
         rotation_type:
           $ref: '#/components/schemas/OpenIdConnectRefreshTokenRotationType'
+      required:
+        - rotation_type
     OpenIdConnectApplicationType:
       type: string
       enum:
@@ -28156,10 +41332,80 @@ components:
         - service
         - web
     OpenIdConnectRefreshTokenRotationType:
+      description: The refresh token rotation mode for the OAuth 2.0 client
+      example: STATIC
       type: string
       enum:
         - ROTATE
         - STATIC
+      x-enumDescriptions:
+        ROTATE: The default rotation type for single-page apps (SPAs)
+        STATIC: The default rotation type for all clients, except SPAs
+    OperationRequest:
+      type: object
+      properties:
+        assignmentId:
+          type: string
+    OperationResponse:
+      type: object
+      properties:
+        assignmentOperation:
+          type: object
+          properties:
+            configuration:
+              type: object
+              properties:
+                actions:
+                  type: object
+                  properties:
+                    assignUserToRealm:
+                      type: object
+                      properties:
+                        realmId:
+                          type: string
+                conditions:
+                  $ref: '#/components/schemas/Conditions'
+                id:
+                  type: string
+                name:
+                  type: string
+        completed:
+          type: string
+          format: date-time
+          readOnly: true
+        created:
+          type: string
+          format: date-time
+          readOnly: true
+        id:
+          type: string
+          readOnly: true
+        numUserMoved:
+          type: number
+          readOnly: true
+        realmId:
+          type: string
+          readOnly: true
+        realmName:
+          type: string
+          readOnly: true
+        started:
+          type: string
+          format: date-time
+          readOnly: true
+        status:
+          type: string
+          readOnly: true
+          enum:
+            - COMPLETED
+            - SCHEDULED
+            - IN_PROGRESS
+            - FAILED
+        type:
+          type: string
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
     OperationalStatus:
       description: Operational status of a given agent
       type: string
@@ -28168,6 +41414,21 @@ components:
         - DISRUPTED
         - INACTIVE
         - OPERATIONAL
+    OptInStatusResponse:
+      type: object
+      properties:
+        optInStatus:
+          type: string
+          enum:
+            - OPTING_IN
+            - OPTED_IN
+            - OPTING_OUT
+            - OPTED_OUT
+        _links:
+          allOf:
+            - properties:
+                optInStatus:
+                  $ref: '#/components/schemas/HrefObject'
     OrgCAPTCHASettings:
       title: OrgCAPTCHASettings
       description: ''
@@ -28288,6 +41549,7 @@ components:
         _links:
           $ref: '#/components/schemas/LinksSelf'
     OtpProtocol:
+      description: The protocol used
       type: string
       enum:
         - SYMANTEC
@@ -28301,11 +41563,21 @@ components:
         - HMacSHA256
         - HMacSHA512
     OtpTotpEncoding:
+      description: The shared secret encoding
       type: string
       enum:
         - base32
         - base64
         - hexadecimal
+    OtpTotpPassCodeLength:
+      description: Number of digits in an OTP value
+      minimum: 6
+      maximum: 10
+      multipleOf: 2
+      type: integer
+    OtpTotpTimeIntervalInSeconds:
+      description: Time interval for TOTP in seconds
+      type: integer
     PageRoot:
       type: object
       properties:
@@ -28335,7 +41607,34 @@ components:
                   $ref: '#/components/schemas/HrefObject'
                 preview:
                   $ref: '#/components/schemas/HrefObject'
+    Parameters:
+      description: Attributes used for processing AD Group membership update
+      type: object
+      properties:
+        action:
+          type: string
+          description: The update action to take
+          enum:
+            - ADD
+            - REMOVE
+          x-enumDescriptions:
+            ADD: Add to the membership of the group
+            REMOVE: Remove from the membership of the group
+        attribute:
+          type: string
+          description: The attribute that tracks group memberships in AD. This should be `member` for AD.
+        values:
+          type: array
+          description: List of user IDs whose group memberships to update
+          items:
+            type: string
+            description: ID of an existing user
     PasswordCredential:
+      description: |-
+        When a user has a valid password, imported hashed password, or password hook, and a response object contains
+        a password credential, then the password object is a bare object without the value property defined (for example, `password: {}`). This 
+        indicates that a password value exists. You can modify password policy requirements in the Admin Console by editing the Password
+        authenticator:  **Security** > **Authenticators** > **Password** (or for Okta Classic orgs, use **Security** > **Authentication** > **Password**).
       type: object
       properties:
         hash:
@@ -28344,8 +41643,16 @@ components:
           $ref: '#/components/schemas/PasswordCredentialHook'
         value:
           type: string
+          writeOnly: true
+          description: Specifies the password for a user. The Password Policy validates this password.
           format: password
     PasswordCredentialHash:
+      description: |-
+        Specifies a hashed password to import into Okta. This allows an existing password to be imported into Okta directly
+        from some other store. Okta supports the BCRYPT, SHA-512, SHA-256, SHA-1, MD5, and PBKDF2 hash functions for password import.
+         A hashed password may be specified in a Password object when creating or updating a user, but not for other operations.
+         See [Create User with Imported Hashed Password](https://developer.okta.com/docs/reference/api/users/#create-user-with-imported-hashed-password)
+         for information on using this object when creating a user. When updating a user with a hashed password, the user must be in the `STAGED` status.
       type: object
       properties:
         algorithm:
@@ -28354,17 +41661,33 @@ components:
           $ref: '#/components/schemas/DigestAlgorithm'
         iterationCount:
           type: integer
+          description: The number of iterations used when hashing passwords using PBKDF2. Must be >= 4096. Only required for PBKDF2 algorithm.
         keySize:
           type: integer
+          description: Size of the derived key in bytes. Only required for PBKDF2 algorithm.
         salt:
+          description: |-
+            Only required for salted hashes. For BCRYPT, this specifies Radix-64 as the encoded salt used to generate the hash,
+            which must be 22 characters long. For other salted hashes, this specifies the Base64-encoded salt used to
+            generate the hash.
           type: string
         saltOrder:
           type: string
+          description: Specifies whether salt was pre- or postfixed to the password before hashing. Only required for salted algorithms.
         value:
+          description: |-
+            For SHA-512, SHA-256, SHA-1, MD5, and PBKDF2, this is the actual base64-encoded hash of the password (and salt, if used).
+            This is the Base64-encoded `value` of the SHA-512/SHA-256/SHA-1/MD5/PBKDF2 digest that was computed by either pre-fixing or post-fixing
+            the `salt` to the `password`, depending on the `saltOrder`. If a `salt` was not used in the `source` system, then this should just be
+            the Base64-encoded `value` of the password's SHA-512/SHA-256/SHA-1/MD5/PBKDF2 digest. For BCRYPT, this is the actual Radix-64 encoded hashed password.
           type: string
         workFactor:
           type: integer
+          description: Governs the strength of the hash and the time required to compute it. Only required for BCRYPT algorithm.
+          minimum: 1
+          maximum: 20
     PasswordCredentialHashAlgorithm:
+      description: The algorithm used to generate the hash using the password (and salt, when applicable).
       type: string
       enum:
         - BCRYPT
@@ -28374,10 +41697,15 @@ components:
         - SHA-256
         - SHA-512
     PasswordCredentialHook:
+      description: |-
+        Specify a [password import inline hook](https://developer.okta.com/docs/reference/password-hook/) to trigger verification of the user's password
+        the first time the user logs in. This allows an existing password to be imported into Okta directly from some other store.
+        See [Create User with Password Hook](https://developer.okta.com/docs/reference/api/users/#create-user-with-password-import-inline-hook) for information on using this object when creating a user.
       type: object
       properties:
         type:
           type: string
+          description: The type of password inline hook. Currently, must be set to default.
     PasswordDictionary:
       type: object
       properties:
@@ -28396,6 +41724,67 @@ components:
           type: integer
         unit:
           type: string
+    PasswordImportRequest:
+      type: object
+      properties:
+        data:
+          $ref: '#/components/schemas/PasswordImportRequestData'
+        eventType:
+          type: string
+          description: The type of inline hook. The password import inline hook type is `com.okta.user.credential.password.import`.
+        source:
+          description: The ID and URL of the password import inline hook
+          type: string
+    PasswordImportRequestData:
+      type: object
+      properties:
+        action:
+          type: object
+          description: This object specifies the default action Okta is set to take. Okta takes this action if your external service sends an empty HTTP 204 response. You can override the default action by returning a commands object in your response specifying the action to take.
+          properties:
+            credential:
+              description: The status of the user credential, either `UNVERIFIED` or `VERIFIED`
+              default: UNVERIFIED
+              type: string
+        context:
+          type: object
+          properties:
+            request:
+              $ref: '#/components/schemas/InlineHookRequestObject'
+            credential:
+              type: object
+              properties:
+                username:
+                  description: The `username` that the end user supplied when attempting to sign in to Okta.
+                  type: string
+                password:
+                  description: The `password` that the end user supplied when attempting to sign in to Okta.
+                  type: string
+    PasswordImportResponse:
+      type: object
+      properties:
+        commands:
+          description: The `commands` object specifies whether Okta accepts the end user's sign-in credentials as valid or not. For the password import inline hook, you typically only return one `commands` object with one array element in it.
+          type: array
+          items:
+            type: object
+            properties:
+              type:
+                description: The location where you specify the command. For the password import inline hook, there's only one command, `com.okta.action.update`.
+                type: string
+              value:
+                description: |-
+                  The parameter value of the command.
+                  * To indicate that the supplied credentials are valid, supply a type property set to `com.okta.action.update` together with a value property set to `{"credential": "VERIFIED"}`.
+                  * To indicate that the supplied credentials are invalid, supply a type property set to `com.okta.action.update` together with a value property set to `{"credential": "UNVERIFIED"}`.
+                    Alternatively, you can send an empty response (`204`). By default, the `data.action.credential` is always set to `UNVERIFIED`.
+                type: object
+                properties:
+                  credential:
+                    type: string
+                    enum:
+                      - UNVERIFIED
+                      - VERIFIED
     PasswordPolicy:
       allOf:
         - $ref: '#/components/schemas/Policy'
@@ -28619,6 +42008,15 @@ components:
             - $ref: '#/components/schemas/EnabledStatus'
             - default: DISABLED
             - example: ENABLED
+    PatchAction:
+      description: The operation (PATCH action)
+      type: string
+      enum:
+        - remove
+        - replace
+      x-enumDescriptions:
+        remove: Removes the attribute in `path`
+        replace: Replaces the attribute in content `path` with the content in `value`
     PerClientRateLimitMode:
       type: string
       enum:
@@ -28672,8 +42070,8 @@ components:
                   $ref: '#/components/schemas/HrefObject'
     PermissionConditions:
       x-okta-lifecycle:
-        features:
-          - CUSTOM_ADMIN_ROLES_CONDITIONS
+        lifecycle: GA
+        isGenerallyAvailable: true
       description: Conditions for further restricting a permission
       nullable: true
       type: object
@@ -28684,6 +42082,21 @@ components:
           type: array
           items:
             $ref: '#/components/schemas/Permission'
+    PinRequest:
+      description: Pin Request
+      type: object
+      properties:
+        authenticatorEnrollmentId:
+          description: ID for a WebAuthn Preregistration Factor in Okta
+          type: string
+        fulfillmentProvider:
+          description: Name of the fulfillment provider for the WebAuthn Preregistration Factor
+          type: string
+          enum:
+            - yubico
+        userId:
+          description: ID of an existing Okta user
+          type: string
     PipelineType:
       description: The authentication pipeline of the org. `idx` means the org is using the Identity Engine, while `v1` means the org is using the Classic authentication pipeline.
       type: string
@@ -28787,19 +42200,8 @@ components:
           OKTA_SIGN_ON: '#/components/schemas/OktaSignOnPolicy'
           PASSWORD: '#/components/schemas/PasswordPolicy'
           PROFILE_ENROLLMENT: '#/components/schemas/ProfileEnrollmentPolicy'
-    PolicyLinks:
-      type: object
-      properties:
-        self:
-          $ref: '#/components/schemas/HrefObjectSelfLink'
-        activate:
-          $ref: '#/components/schemas/HrefObjectActivateLink'
-        deactivate:
-          $ref: '#/components/schemas/HrefObjectDeactivateLink'
-        rules:
-          $ref: '#/components/schemas/HrefObjectRulesLink'
-        mappings:
-          $ref: '#/components/schemas/HrefObjectMappingsLink'
+          CONTINUOUS_ACCESS: '#/components/schemas/ContinuousAccessPolicy'
+          ENTITY_RISK: '#/components/schemas/EntityRiskPolicy'
     PolicyAccess:
       type: string
       enum:
@@ -28832,15 +42234,21 @@ components:
     PolicyContext:
       type: object
       properties:
-        user:
+        device:
           type: object
-          description: The user ID for the simulate operation. Only user IDs or Group IDs are allowed, not both.
           properties:
-            id:
+            platform:
               type: string
-              description: The unique ID number for the user.
-          required:
-            -  id
+              description: The platform of the device, for example, IOS.
+            registered:
+              type: boolean
+              description: If the device is registered
+            managed:
+              type: boolean
+              description: If the device is managed
+            assuranceId:
+              type: string
+              description: The device assurance policy ID for the simulation
         groups:
           type: object
           description: An array of Group IDs for the simulate operation. Only user IDs or Group IDs are allowed, not both.
@@ -28851,7 +42259,10 @@ components:
                 type: string
                 uniqueItems: true
           required:
-            -  ids
+            - ids
+        ip:
+          type: string
+          description: The network rule condition, zone, or IP address
         risk:
           type: object
           description: The risk rule condition level
@@ -28862,31 +42273,39 @@ components:
                 - LOW
                 - MEDIUM
                 - HIGH
-        ip:
-          type: string
-          description: The network rule condition, zone, or IP address
+        user:
+          type: object
+          description: The user ID for the simulate operation. Only user IDs or Group IDs are allowed, not both.
+          properties:
+            id:
+              type: string
+              description: The unique ID number for the user.
+          required:
+            - id
         zones:
           type: object
+          description: The zone ID under the network rule condition.
           properties:
             ids:
               type: array
               items:
                 type: string
-        device:
-          type: object
-          properties:
-            platform:
-              type: string
-              description: The platform of the device, for example, IOS.
-            registered:
-              type: boolean
-              description: If the device is registered
-            managed:
-              type: boolean
-              description: If the device is managed
       required:
         - user
         - groups
+    PolicyLinks:
+      type: object
+      properties:
+        activate:
+          $ref: '#/components/schemas/HrefObjectActivateLink'
+        deactivate:
+          $ref: '#/components/schemas/HrefObjectDeactivateLink'
+        mappings:
+          $ref: '#/components/schemas/HrefObjectMappingsLink'
+        rules:
+          $ref: '#/components/schemas/HrefObjectRulesLink'
+        self:
+          $ref: '#/components/schemas/HrefObjectSelfLink'
     PolicyMapping:
       type: object
       properties:
@@ -28900,14 +42319,6 @@ components:
                   allOf:
                     - $ref: '#/components/schemas/HrefObject'
                     - description: Link to the mapped application
-                authenticator:
-                  allOf:
-                    - $ref: '#/components/schemas/HrefObject'
-                    - description: Link to the mapped authenticator
-                policy:
-                  allOf:
-                    - $ref: '#/components/schemas/HrefObject'
-                    - description: Link to the mapped policy
     PolicyMappingRequest:
       type: object
       properties:
@@ -28933,11 +42344,13 @@ components:
           items:
             type: string
     PolicyNetworkConnection:
+      description: Network selection mode
       type: string
       enum:
         - ANYWHERE
         - ZONE
     PolicyPeopleCondition:
+      description: Identifies Users and Groups that are used together
       type: object
       properties:
         groups:
@@ -29001,6 +42414,8 @@ components:
           RESOURCE_ACCESS: '#/components/schemas/AuthorizationServerPolicyRule'
           SIGN_ON: '#/components/schemas/OktaSignOnPolicyRule'
           IDP_DISCOVERY: '#/components/schemas/IdpDiscoveryPolicyRule'
+          CONTINUOUS_ACCESS: '#/components/schemas/ContinuousAccessPolicyRule'
+          ENTITY_RISK: '#/components/schemas/EntityRiskPolicyRule'
     PolicyRuleActions:
       type: object
     PolicyRuleActionsEnroll:
@@ -29070,9 +42485,12 @@ components:
         userStatus:
           $ref: '#/components/schemas/UserStatusPolicyRuleCondition'
     PolicyRuleType:
+      description: Rule type
       type: string
       enum:
         - ACCESS_POLICY
+        - CONTINUOUS_ACCESS
+        - ENTITY_RISK
         - IDP_DISCOVERY
         - MFA_ENROLL
         - PASSWORD
@@ -29102,14 +42520,29 @@ components:
         - USERNAME
         - USERNAME_OR_EMAIL
     PolicyType:
+      description: |-
+        All Okta orgs contain only one IdP Discovery Policy with an immutable default Rule routing to your org's sign-in page. 
+        Creating or replacing a policy with `IDP_DISCOVERY` type isn't supported. The following policy types are available with
+        the Okta Identity Engine: `ACCESS_POLICY`, `PROFILE_ENROLLMENT`, `CONTINUOUS_ACCESS`, and `ENTITY_RISK`. The `CONTINUOUS_ACCESS`, and `ENTITY_RISK` 
+        policy types are in Early Access (EA). Contact your Okta account team to enable these features.
       type: string
       enum:
         - ACCESS_POLICY
+        - CONTINUOUS_ACCESS
+        - ENTITY_RISK
         - IDP_DISCOVERY
         - MFA_ENROLL
         - OKTA_SIGN_ON
         - PASSWORD
         - PROFILE_ENROLLMENT
+        - RESOURCE_ACCESS
+    PolicyTypeSimulation:
+      type: string
+      enum:
+        - ACCESS_POLICY
+        - MFA_ENROLL
+        - OKTA_SIGN_ON
+        - PROFILE_ENROLLMENT
     PolicyUserNameTemplate:
       type: object
       properties:
@@ -29213,6 +42646,100 @@ components:
       type: string
       enum:
         - SSWS_TOKEN
+    PrivilegedResource:
+      default:
+        resourceType: OKTA_USER_ACCOUNT
+      type: object
+      properties:
+        created:
+          type: string
+          description: Timestamp when the object was created
+          format: date-time
+          readOnly: true
+        credentialChanged:
+          type: string
+          description: Timestamp when the credential was changed
+          format: date-time
+          readOnly: true
+        credentialSyncState:
+          $ref: '#/components/schemas/CredentialSyncState'
+        id:
+          type: string
+          description: ID of the privileged resource
+          readOnly: true
+        lastUpdated:
+          type: string
+          description: Timestamp when the object was last updated
+          format: date-time
+          readOnly: true
+        resourceType:
+          $ref: '#/components/schemas/PrivilegedResourceType'
+        status:
+          $ref: '#/components/schemas/PrivilegedResourceStatus'
+      discriminator:
+        propertyName: resourceType
+        mapping:
+          APP_ACCOUNT: '#/components/schemas/PrivilegedResourceAccountApp'
+          OKTA_USER_ACCOUNT: '#/components/schemas/PrivilegedResourceAccountOkta'
+    PrivilegedResourceAccountApp:
+      allOf:
+        - type: object
+          properties:
+            containerDetails:
+              $ref: '#/components/schemas/AppAccountContainerDetails'
+            credentials:
+              $ref: '#/components/schemas/PrivilegedResourceCredentials'
+        - $ref: '#/components/schemas/PrivilegedResource'
+      required:
+        - containerId
+        - credentials
+    PrivilegedResourceAccountOkta:
+      allOf:
+        - type: object
+          properties:
+            resourceId:
+              type: string
+              description: The user ID associated with the Okta privileged resource
+            credentials:
+              $ref: '#/components/schemas/PrivilegedResourceCredentials'
+            profile:
+              $ref: '#/components/schemas/profile'
+          required:
+            - resourceId
+        - $ref: '#/components/schemas/PrivilegedResource'
+    PrivilegedResourceCredentials:
+      description: Credentials for the privileged account
+      type: object
+      properties:
+        password:
+          type: string
+          description: The password associated with the privileged resource
+          format: password
+          writeOnly: true
+        userName:
+          type: string
+          description: The username associated with the privileged resource
+          minLength: 1
+          maxLength: 100
+          example: testuser@example.com
+    PrivilegedResourceStatus:
+      description: Current status of the privileged resource
+      type: string
+      enum:
+        - ACTIVE
+        - CREATED
+        - INACTIVE
+      x-enumDescriptions:
+        CREATED: The privileged resource is created but not yet managed by OPA
+        ACTIVE: The privileged resource is currently managed by OPA
+        INACTIVE: The privileged resource is `INACTIVE` and not currently managed by OPA
+      readOnly: true
+    PrivilegedResourceType:
+      description: The type of the resource
+      type: string
+      enum:
+        - APP_ACCOUNT
+        - OKTA_USER_ACCOUNT
     ProfileEnrollmentPolicy:
       allOf:
         - $ref: '#/components/schemas/Policy'
@@ -29244,6 +42771,11 @@ components:
           items:
             $ref: '#/components/schemas/ProfileEnrollmentPolicyRuleProfileAttribute'
           type: array
+        progressiveProfilingAction:
+          type: string
+          enum:
+            - ENABLED
+            - DISABLED
         targetGroupIds:
           items:
             type: string
@@ -29253,11 +42785,6 @@ components:
           enum:
             - DENY
             - REGISTER
-        progressiveProfilingAction:
-          type: string
-          enum:
-            - ENABLED
-            - DISABLED
     ProfileEnrollmentPolicyRuleActions:
       allOf:
         - $ref: '#/components/schemas/PolicyRuleActions'
@@ -29269,7 +42796,7 @@ components:
       type: object
       properties:
         emailVerification:
-          type: boolean          
+          type: boolean
     ProfileEnrollmentPolicyRuleProfileAttribute:
       type: object
       properties:
@@ -29279,27 +42806,6 @@ components:
           type: string
         required:
           type: boolean
-    IdpDiscoveryPolicyRule:
-      allOf:
-        - $ref: '#/components/schemas/PolicyRule'
-        - type: object
-          properties:
-            actions:
-              $ref: '#/components/schemas/IdpPolicyRuleAction'
-            conditions:
-              $ref: '#/components/schemas/IdpDiscoveryPolicyRuleCondition'
-    IdpDiscoveryPolicyRuleCondition:
-      allOf:
-        - type: object
-          properties:
-            app:
-              $ref: '#/components/schemas/AppAndInstancePolicyRuleCondition'
-            network:
-              $ref: '#/components/schemas/PolicyNetworkCondition'
-            userIdentifier:
-              $ref: '#/components/schemas/UserIdentifierPolicyRuleCondition'
-            platform:
-              $ref: '#/components/schemas/PlatformPolicyRuleCondition'          
     ProfileMapping:
       description: |-
         The Profile Mapping object describes a mapping between an Okta User's and an App User's properties using [JSON Schema Draft 4](https://datatracker.ietf.org/doc/html/draft-zyp-json-schema-04).
@@ -29317,10 +42823,8 @@ components:
             $ref: '#/components/schemas/ProfileMappingProperty'
           readOnly: false
         source:
-          type: object
           $ref: '#/components/schemas/ProfileMappingSource'
         target:
-          type: object
           $ref: '#/components/schemas/ProfileMappingTarget'
         _links:
           $ref: '#/components/schemas/LinksSelf'
@@ -29549,20 +43053,6 @@ components:
           $ref: '#/components/schemas/ProvisioningDeprovisionedCondition'
         suspended:
           $ref: '#/components/schemas/ProvisioningSuspendedCondition'
-    ProvisioningConnection:
-      type: object
-      properties:
-        authScheme:
-          $ref: '#/components/schemas/ProvisioningConnectionAuthScheme'
-        profile:
-          $ref: '#/components/schemas/ProvisioningConnectionProfile'
-        status:
-          $ref: '#/components/schemas/ProvisioningConnectionStatus'
-        _links:
-          $ref: '#/components/schemas/LinksSelfAndLifecycle'
-      required:
-        - authScheme
-        - status
     ProvisioningConnectionAuthScheme:
       description: Defines the method of authentication
       type: string
@@ -29574,62 +43064,75 @@ components:
         TOKEN: A token is used to authenticate with the app.
         OAUTH2: OAuth 2.0 is used to authenticate with the app.
         UNKNOWN: The authentication scheme used by the app isn't supported, or the app doesn't support provisioning.
-    ProvisioningConnectionProfile:
-      description: |
-        The profile used to configure the connection method of authentication and the credentials.
-        Currently, token-based and OAuth 2.0-based authentication are supported.
-      type: object
-      properties:
-        authScheme:
-          $ref: '#/components/schemas/ProvisioningConnectionAuthScheme'
-      discriminator:
-        propertyName: authScheme
-        mapping:
-          TOKEN: '#/components/schemas/ProvisioningConnectionProfileToken'
-          OAUTH2: '#/components/schemas/ProvisioningConnectionProfileOauth'
-          UNKNOWN: '#/components/schemas/ProvisioningConnectionProfileUnknown'
-    ProvisioningConnectionProfileOauth:
-      description: |
-        The app provisioning connection profile used to configure the method of authentication and the credentials.
-        Currently, token-based and OAuth 2.0-based authentication are supported.
+    ProvisioningConnectionOauthAuthScheme:
+      description: OAuth 2.0 is used to authenticate with the app.
+      type: string
+      enum:
+        - OAUTH2
+    ProvisioningConnectionOauthRequest:
+      title: OAuth 2.0-based connection
       allOf:
-        - $ref: '#/components/schemas/ProvisioningConnectionProfile'
-        - type: object
+        - $ref: '#/components/schemas/ProvisioningConnectionRequest'
+        - description: OAuth 2.0-based Provisioning Connection request
           properties:
-            clientId:
-              type: string
-              description: Unique client identifier for the OAuth 2.0 service app from the target org
+            profile:
+              $ref: '#/components/schemas/ProvisioningConnectionOauthRequestProfile'
           required:
-            - authScheme
-            - clientId
-    ProvisioningConnectionProfileToken:
+            - profile
+    ProvisioningConnectionOauthRequestProfile:
+      properties:
+        authScheme:
+          $ref: '#/components/schemas/ProvisioningConnectionOauthAuthScheme'
+        clientId:
+          type: string
+          description: Only used for the Okta Org2Org (`okta_org2org`) app. The unique client identifier for the OAuth 2.0 service app from the target org.
+        settings:
+          $ref: '#/components/schemas/Office365ProvisioningSettings'
+      required:
+        - authScheme
+    ProvisioningConnectionProfileOauth:
       description: |
         The app provisioning connection profile used to configure the method of authentication and the credentials.
         Currently, token-based and OAuth 2.0-based authentication are supported.
-      allOf:
-        - $ref: '#/components/schemas/ProvisioningConnectionProfile'
-        - type: object
-          properties:
-            token:
-              type: string
-              description: Token used to authenticate with the app
-          required:
-            - authScheme
-            - token
-    ProvisioningConnectionProfileUnknown:
-      description: Unknown provisioning connection
-      allOf:
-        - $ref: '#/components/schemas/ProvisioningConnectionProfile'
-        - type: object
+      properties:
+        authScheme:
+          $ref: '#/components/schemas/ProvisioningConnectionOauthAuthScheme'
+        clientId:
+          type: string
+      required:
+        - authScheme
     ProvisioningConnectionRequest:
       type: object
+    ProvisioningConnectionRequestAuthScheme:
+      type: string
+      enum:
+        - OAUTH2
+        - TOKEN
+    ProvisioningConnectionResponse:
+      type: object
       properties:
+        authScheme:
+          $ref: '#/components/schemas/ProvisioningConnectionTokenAuthScheme'
+        baseUrl:
+          type: string
+          description: Base URL
         profile:
-          $ref: '#/components/schemas/ProvisioningConnectionProfile'
+          $ref: '#/components/schemas/ProvisioningConnectionResponseProfile'
+        status:
+          $ref: '#/components/schemas/ProvisioningConnectionStatus'
+        _links:
+          $ref: '#/components/schemas/LinksSelfLifecycleAndAuthorize'
       required:
         - profile
+        - status
+    ProvisioningConnectionResponseProfile:
+      properties:
+        authScheme:
+          $ref: '#/components/schemas/ProvisioningConnectionAuthScheme'
+      required:
+        - authScheme
     ProvisioningConnectionStatus:
-      description: Provisioning connection status
+      description: Provisioning Connection status
       default: DISABLED
       type: string
       enum:
@@ -29637,15 +43140,46 @@ components:
         - ENABLED
         - UNKNOWN
       x-enumDescriptions:
-        DISABLED: The provisioning connection is disabled.
-        ENABLED: The provisioning connection is enabled.
+        DISABLED: The Provisioning Connection is disabled.
+        ENABLED: The Provisioning Connection is enabled.
         UNKNOWN: Provisioning isn't supported by the app, or the authentication method is unknown.
+    ProvisioningConnectionTokenAuthScheme:
+      description: A token is used to authenticate with the app. This property is only returned for the `TOKEN` authentication scheme.
+      type: string
+      enum:
+        - TOKEN
+    ProvisioningConnectionTokenRequest:
+      title: Token-based connection
+      allOf:
+        - $ref: '#/components/schemas/ProvisioningConnectionRequest'
+        - description: Token-based Provisioning Connection request
+          properties:
+            baseUrl:
+              type: string
+              description: Only used for the Zscaler 2.0 (`zscalerbyz`) app. The base URL for the Zscaler 2.0 target app, which also contains the Zscaler ID.
+              x-okta-lifecycle:
+                lifecycle: GA
+                isGenerallyAvailable: true
+            profile:
+              $ref: '#/components/schemas/ProvisioningConnectionTokenRequestProfile'
+          required:
+            - profile
+    ProvisioningConnectionTokenRequestProfile:
+      properties:
+        authScheme:
+          $ref: '#/components/schemas/ProvisioningConnectionTokenAuthScheme'
+        token:
+          type: string
+          description: Token used to authenticate with the app
+      required:
+        - authScheme
     ProvisioningDeprovisionedAction:
       type: string
       enum:
         - NONE
         - REACTIVATE
     ProvisioningDeprovisionedCondition:
+      description: Not supported with OIDC IdPs
       type: object
       properties:
         action:
@@ -29678,11 +43212,13 @@ components:
         - NONE
         - UNSUSPEND
     ProvisioningSuspendedCondition:
+      description: Not supported with OIDC IdPs
       type: object
       properties:
         action:
           $ref: '#/components/schemas/ProvisioningSuspendedAction'
     PushMethodKeyProtection:
+      description: Indicates whether you must use a hardware key store
       type: string
       enum:
         - ANY
@@ -29694,9 +43230,11 @@ components:
         id:
           type: string
           readOnly: true
+          description: Unique key for the Push Provider
         lastUpdatedDate:
           type: string
           readOnly: true
+          description: Timestamp when the Push Provider was last modified
         name:
           type: string
           description: Display name of the push provider
@@ -29709,33 +43247,6 @@ components:
         mapping:
           APNS: '#/components/schemas/APNSPushProvider'
           FCM: '#/components/schemas/FCMPushProvider'
-    PushUserFactor:
-      allOf:
-        - $ref: '#/components/schemas/UserFactor'
-        - type: object
-          properties:
-            expiresAt:
-              type: string
-              format: date-time
-            factorResult:
-              $ref: '#/components/schemas/FactorResultType'
-            profile:
-              $ref: '#/components/schemas/PushUserFactorProfile'
-    PushUserFactorProfile:
-      type: object
-      properties:
-        credentialId:
-          type: string
-        deviceToken:
-          type: string
-        deviceType:
-          type: string
-        name:
-          type: string
-        platform:
-          type: string
-        version:
-          type: string
     RateLimitAdminNotifications:
       title: RateLimitAdminNotifications
       description: ''
@@ -29792,19 +43303,69 @@ components:
           $ref: '#/components/schemas/RealmProfile'
         _links:
           $ref: '#/components/schemas/LinksSelf'
+    RealmAssignment:
+      type: object
+      properties:
+        actions:
+          $ref: '#/components/schemas/Actions'
+        conditions:
+          $ref: '#/components/schemas/Conditions'
+        created:
+          type: string
+          format: date-time
+          readOnly: true
+        id:
+          type: string
+          readOnly: true
+        isDefault:
+          type: boolean
+          readOnly: true
+        lastUpdated:
+          type: string
+          format: date-time
+          readOnly: true
+        name:
+          type: string
+        priority:
+          type: integer
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
     RealmProfile:
       type: object
       properties:
         name:
           type: string
           description: Name of a Realm
+        realmType:
+          type: string
+          description: Used to store partner users. This must be set to Partner to access Okta's external partner portal.
+          enum:
+            - PARTNER
+            - DEFAULT
+          x-enumDescriptions:
+            PARTNER: Realm with external partner portal
+            DEFAULT: Default
+      required:
+        - name
     RecoveryQuestionCredential:
+      description: |-
+        Specifies a secret question and answer that's validated (case insensitive) when a user forgets their
+        password or unlocks their account. The answer property is write-only.
       type: object
       properties:
         answer:
           type: string
+          description: The recovery question answer
+          minimum: 1
+          maximum: 100
+          writeOnly: true
         question:
           type: string
+          description: The recovery question
+          minimum: 1
+          maximum: 100
     ReleaseChannel:
       description: Release channel for auto-update
       type: string
@@ -29819,12 +43380,105 @@ components:
         - ALWAYS
         - HIGH_RISK_ONLY
         - NEVER
+    ResendUserFactor:
+      type: object
+      properties:
+        factorType:
+          description: Type of the Factor
+          type: string
+          enum:
+            - call
+            - email
+            - sms
+      discriminator:
+        propertyName: factorType
+        mapping:
+          call: '#/components/schemas/UserFactorCall'
+          email: '#/components/schemas/UserFactorEmail'
+          sms: '#/components/schemas/UserFactorSMS'
     ResetPasswordToken:
       type: object
       properties:
         resetPasswordUrl:
           type: string
           readOnly: true
+    ResourceSelectorCreateRequestSchema:
+      type: object
+      properties:
+        description:
+          type: string
+          description: Description of the Resource Selector
+        filter:
+          type: string
+          description: SCIM filter of the Resource Selector
+        name:
+          type: string
+          description: Name of the Resource Selector
+        schema:
+          type: string
+          description: Schema of the Resource Selector
+    ResourceSelectorPatchRequestSchema:
+      type: object
+      properties:
+        description:
+          type: string
+          description: Description of the Resource Selector
+        filter:
+          type: string
+          description: SCIM filter of the Resource Selector
+        name:
+          type: string
+          description: Name of the Resource Selector
+    ResourceSelectorResponseSchema:
+      type: object
+      properties:
+        description:
+          type: string
+          description: Description of the Resource Selector
+        id:
+          type: string
+          description: Unique key for the Resource Selector
+        name:
+          type: string
+          description: Name of the Resource Selector
+        orn:
+          type: string
+          description: An Okta resource name
+        _links:
+          allOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - properties:
+                resources:
+                  $ref: '#/components/schemas/HrefObject'
+    ResourceSelectorResponseWithoutSelfLinkSchema:
+      type: object
+      properties:
+        description:
+          type: string
+          description: Description of the Resource Selector
+        id:
+          type: string
+          description: Unique key for the Resource Selector
+        name:
+          type: string
+          description: Name of the Resource Selector
+        orn:
+          type: string
+          description: An Okta resource name
+        _links:
+          allOf:
+            - properties:
+                resources:
+                  $ref: '#/components/schemas/HrefObject'
+    ResourceSelectorsSchema:
+      type: object
+      properties:
+        resourceSelectors:
+          type: array
+          items:
+            $ref: '#/components/schemas/ResourceSelectorResponseWithoutSelfLinkSchema'
+        _links:
+          $ref: '#/components/schemas/LinksNext'
     ResourceSet:
       type: object
       properties:
@@ -29998,6 +43652,58 @@ components:
           $ref: '#/components/schemas/LinksNext'
     ResponseLinks:
       type: object
+    ResponseMode:
+      type: string
+      enum:
+        - form_post
+        - fragment
+        - okta_post_message
+        - query
+      x-enumDescriptions:
+        fragment: Parameters are encoded in the URL fragment added to the `redirect_uri` when redirecting back to the client.
+        query: Parameters are encoded in the query string added to the `redirect_uri` when redirecting back to the client.
+        form_post: Parameters are encoded as HTML form values (`application/x-www-form-urlencoded` format) and are transmitted through the HTTP POST method to the client.
+        okta_post_message: |-
+          Uses [HTML5 Web Messaging](https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage) (for example, `window.postMessage()`) instead of the redirect for the authorization response from the `/authorize` endpoint.
+
+          `okta_post_message` is an adaptation of the [Web Message Response Mode](https://tools.ietf.org/html/draft-sakimura-oauth-wmrm-00#section-4.1).
+          This value provides a secure way for a single-page application to perform a sign-in flow in a pop-up window or an iFrame and receive the ID token, access token, and/or authorization code back in the parent page without leaving the context of that page. The data object for the `postMessage` call is in the next section.
+    ResponseType:
+      type: string
+      enum:
+        - code
+        - id_token
+        - none
+        - token
+    ResponseTypesSupported:
+      type: string
+      enum:
+        - code
+        - code id_token
+        - code id_token token
+        - code token
+        - id_token
+        - id_token token
+        - token
+    RiscIdentifierChangedEvent:
+      description: The subject's identifier has changed, which is either an email address or a phone number change
+      type: object
+      properties:
+        event_timestamp:
+          type: integer
+          format: int64
+          description: The time of the event (UNIX timestamp)
+          example: 1702448550
+        new-value:
+          type: string
+          description: The new identifier value
+          example: new.email@okta.example.com
+        subjects:
+          type: object
+          $ref: '#/components/schemas/SecurityEventSubject'
+      required:
+        - event_timestamp
+        - subjects
     RiskEvent:
       type: object
       properties:
@@ -30162,6 +43868,7 @@ components:
         - GROUP
         - USER
     RolePermissionType:
+      description: Permission type
       type: string
       enum:
         - okta.apps.assignment.manage
@@ -30172,6 +43879,14 @@ components:
         - okta.authzServers.read
         - okta.customizations.manage
         - okta.customizations.read
+        - okta.devices.lifecycle.activate
+        - okta.devices.lifecycle.deactivate
+        - okta.devices.lifecycle.delete
+        - okta.devices.lifecycle.manage
+        - okta.devices.lifecycle.suspend
+        - okta.devices.lifecycle.unsuspend
+        - okta.devices.manage
+        - okta.devices.read
         - okta.governance.accessCertifications.manage
         - okta.governance.accessRequests.manage
         - okta.groups.appAssignment.manage
@@ -30201,6 +43916,7 @@ components:
         - okta.users.read
         - okta.users.userprofile.manage
     RoleType:
+      description: Standard role type
       type: string
       enum:
         - API_ACCESS_MANAGEMENT_ADMIN
@@ -30216,18 +43932,18 @@ components:
         - SUPER_ADMIN
         - USER_ADMIN
       x-enumDescriptions:
-        - API_ACCESS_MANAGEMENT_ADMIN: Access Management Administrator
-        - API_ADMIN: Access Management Administrator
-        - APP_ADMIN: Application Administrator
-        - CUSTOM: Custom Label specified by the client
-        - GROUP_MEMBERSHIP_ADMIN: Group Membership Administrator
-        - HELP_DESK_ADMIN: Help Desk Administrator
-        - MOBILE_ADMIN: Mobile Administrator
-        - ORG_ADMIN: Organizational Administrator
-        - READ_ONLY_ADMIN: Read-Only Administrator
-        - REPORT_ADMIN: Report Administrator
-        - SUPER_ADMIN: Super Administrator
-        - USER_ADMIN: Group Administrator
+        API_ACCESS_MANAGEMENT_ADMIN: Access Management Administrator
+        API_ADMIN: Access Management Administrator
+        APP_ADMIN: Application Administrator
+        CUSTOM: Custom label specified by the client
+        GROUP_MEMBERSHIP_ADMIN: Group Membership Administrator
+        HELP_DESK_ADMIN: Help Desk Administrator
+        MOBILE_ADMIN: Mobile Administrator
+        ORG_ADMIN: Organizational Administrator
+        READ_ONLY_ADMIN: Read-Only Administrator
+        REPORT_ADMIN: Report Administrator
+        SUPER_ADMIN: Super Administrator
+        USER_ADMIN: Group Administrator
     SafeBrowsingProtectionLevel:
       description: Represents the current value of the Safe Browsing protection level
       example: ENHANCED_PROTECTION
@@ -30240,6 +43956,162 @@ components:
         NO_SAFE_BROWSING: Safe Browsing is never active
         STANDARD_PROTECTION: Safe Browsing is active in the standard mode
         ENHANCED_PROTECTION: Safe Browsing is active in the enhanced mode
+    SalesforceApplication:
+      title: Salesforce
+      x-tags:
+        - Application
+      x-okta-defined-as:
+        name: salesforce
+      example:
+        name: salesforce
+        label: Sample Salesforce App
+        signOnMode: SAML_2_0
+        settings:
+          app:
+            instanceType: SANDBOX
+            integrationType: STANDARD
+      description: |
+        Schema for the Salesforce app (key name: `salesforce`)
+
+        To create a Salesforce app, use the [Create an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication) request with the following parameters in the request body.
+        > **Note:** The Salesforce app only supports `BROWSER_PLUGIN`, `BOOKMARK`, and `SAML_2_0` sign-on modes.
+      allOf:
+        - $ref: '#/components/schemas/OINApplication'
+        - type: object
+        - required:
+            - name
+            - label
+            - settings
+          properties:
+            name:
+              type: string
+              enum:
+                - salesforce
+              example: salesforce
+            signOnMode:
+              enum:
+                - BROWSER_PLUGIN
+                - BOOKMARK
+                - SAML_2_0
+              example: BROWSER_PLUGIN
+            settings:
+              $ref: '#/components/schemas/SalesforceApplicationSettings'
+    SalesforceApplicationSettings:
+      allOf:
+        - $ref: '#/components/schemas/ApplicationSettings'
+        - type: object
+        - required:
+            - app
+          properties:
+            app:
+              $ref: '#/components/schemas/SalesforceApplicationSettingsApplication'
+            signOn:
+              $ref: '#/components/schemas/OINSaml20ApplicationSettingsSignOn'
+    SalesforceApplicationSettingsApplication:
+      description: Salesforce app instance properties
+      type: object
+      properties:
+        instanceType:
+          type: string
+          description: Salesforce instance that you want to connect to
+          enum:
+            - SANDBOX
+            - PRODUCTION
+            - GOVERNMENT
+        integrationType:
+          type: string
+          description: Salesforce integration type
+          enum:
+            - STANDARD
+            - PORTAL
+            - COMMUNITY
+        loginUrl:
+          type: string
+          description: The Login URL specified in your Salesforce Single Sign-On settings
+        logoutUrl:
+          type: string
+          description: Salesforce Logout URL
+      required:
+        - integrationType
+        - instanceType
+    Saml:
+      description: SAML configuration details
+      type: object
+      properties:
+        acs:
+          type: array
+          minItems: 1
+          description: 'List of Assertion Consumer Service (ACS) URLs. The default ACS URL is required and is indicated by a null `index` value. You can use the org-level variables you defined in the `config` array in the URL. For example: `https://${org.subdomain}.example.com/saml/login`'
+          items:
+            type: object
+            properties:
+              index:
+                type: number
+                minimum: 0
+                maximum: 65535
+                description: Index of ACS URL. You can't reuse the same index in the ACS URL array.
+                example: 0
+              url:
+                type: string
+                format: uri
+                maxLength: 1024
+                description: Assertion Consumer Service (ACS) URL
+                example: https://${org.subdomain}.example.com/saml/login
+        doc:
+          type: string
+          format: uri
+          description: The URL to your customer-facing instructions for configuring your SAML integration. See [Customer configuration document guidelines](https://developer.okta.com/docs/guides/submit-app-prereq/main/#customer-configuration-document-guidelines).
+          example: https://example.com/strawberry/help/samlSetup
+        entityId:
+          type: string
+          description: Globally unique name for your SAML entity. For instance, your Identity Provider (IdP) or Service Provider (SP) URL.
+          example: https://${org.subdomain}.example.com
+      required:
+        - acs
+        - entityId
+        - doc
+    Saml11Application:
+      allOf:
+        - $ref: '#/components/schemas/Application'
+        - type: object
+          properties:
+            credentials:
+              $ref: '#/components/schemas/ApplicationCredentials'
+            name:
+              type: string
+              description: The key name for the SAML 1.1 app definition. You can't create a custom SAML 1.1 app integration instance. Only existing OIN SAML 1.1 app integrations are supported.
+            settings:
+              $ref: '#/components/schemas/Saml11ApplicationSettings'
+          required:
+            - name
+    Saml11ApplicationSettings:
+      allOf:
+        - $ref: '#/components/schemas/ApplicationSettings'
+        - type: object
+          properties:
+            app:
+              type: object
+              additionalProperties:
+                type: string
+            signOn:
+              $ref: '#/components/schemas/Saml11ApplicationSettingsSignOn'
+    Saml11ApplicationSettingsSignOn:
+      title: SAML 1.1 settings
+      description: SAML 1.1 sign-on mode attributes
+      type: object
+      properties:
+        audienceOverride:
+          type: string
+          description: The intended audience of the SAML assertion. This is usually the Entity ID of your application.
+        defaultRelayState:
+          type: string
+          description: The URL of the resource to direct users after they successfully sign in to the SP using SAML. See the SP documentation to check if you need to specify a RelayState. In most instances, you can leave this field blank.
+        recipientOverride:
+          type: string
+          description: The location where the application can present the SAML assertion. This is usually the Single Sign-On (SSO) URL.
+        ssoAcsUrlOverride:
+          type: string
+          description: Assertion Consumer Services (ACS) URL value for the Service Provider (SP). This URL is always used for Identity Provider (IdP) initiated sign-on requests.
     SamlApplication:
       allOf:
         - $ref: '#/components/schemas/Application'
@@ -30249,6 +44121,8 @@ components:
               $ref: '#/components/schemas/ApplicationCredentials'
             name:
               type: string
+              description: A unique key is generated for the custom app instance when you use SAML_2_0 `signOnMode`.
+              readOnly: true
             settings:
               $ref: '#/components/schemas/SamlApplicationSettings'
     SamlApplicationSettings:
@@ -30262,7 +44136,6 @@ components:
               $ref: '#/components/schemas/SamlApplicationSettingsSignOn'
     SamlApplicationSettingsApplication:
       type: object
-      additionalProperties: true
       properties:
         acsUrl:
           type: string
@@ -30271,6 +44144,9 @@ components:
         baseUrl:
           type: string
     SamlApplicationSettingsSignOn:
+      description: |-
+        SAML sign-on attributes.
+        > **Note:** Only for SAML 2.0, set either `destinationOverride` or `ssoAcsUrl` to configure any other SAML 2.0 attributes in this section.
       type: object
       properties:
         acsEndpoints:
@@ -30289,6 +44165,7 @@ components:
           type: string
         audienceOverride:
           type: string
+          description: Audience override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm).
         authnContextClassRef:
           type: string
         configuredAttributeStatements:
@@ -30297,14 +44174,17 @@ components:
             $ref: '#/components/schemas/SamlAttributeStatement'
         defaultRelayState:
           type: string
+          description: Identifies a specific application resource in an IdP-initiated SSO scenario
         destination:
           type: string
         destinationOverride:
           type: string
+          description: Destination override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm).
         digestAlgorithm:
           type: string
         honorForceAuthn:
           type: boolean
+          description: Set to `true` to prompt users for their credentials when a SAML request has the `ForceAuthn` attribute set to `true`
         idpIssuer:
           type: string
         inlineHooks:
@@ -30317,10 +44197,18 @@ components:
           type: string
         recipientOverride:
           type: string
+          description: Recipient override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm).
         requestCompressed:
           type: boolean
         responseSigned:
           type: boolean
+        samlAssertionLifetimeSeconds:
+          x-okta-lifecycle:
+            lifecycle: GA
+            isGenerallyAvailable: true
+          type: integer
+          description: For SAML 2.0 only.<br>Determines the SAML app session lifetimes with Okta
+          example: 3600
         signatureAlgorithm:
           type: string
         slo:
@@ -30331,13 +44219,16 @@ components:
           type: string
         ssoAcsUrl:
           type: string
+          description: Single Sign-On Assertion Consumer Service (ACS) URL
         ssoAcsUrlOverride:
           type: string
+          description: Assertion Consumer Service (ACS) URL override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm).
         subjectNameIdFormat:
           type: string
         subjectNameIdTemplate:
           type: string
     SamlAttributeStatement:
+      description: Define custom attribute statements for the integration. These statements are inserted into the SAML assertions shared with your app
       type: object
       properties:
         filterType:
@@ -30368,16 +44259,20 @@ components:
               $ref: '#/components/schemas/PasswordCredential'
             revealPassword:
               type: boolean
+              description: Allow users to securely see their password
             scheme:
               $ref: '#/components/schemas/ApplicationCredentialsScheme'
             signing:
               $ref: '#/components/schemas/ApplicationCredentialsSigning'
             userName:
               type: string
+    Scope:
+      type: string
     ScreenLockType:
       type: string
       enum:
         - BIOMETRIC
+        - NONE
         - PASSCODE
     SecurePasswordStoreApplication:
       x-okta-defined-as:
@@ -30390,9 +44285,14 @@ components:
               $ref: '#/components/schemas/SchemeApplicationCredentials'
             name:
               type: string
-              default: template_sps
+              description: '`template_sps` is the key name for a SWA app instance that uses HTTP POST and doesn''t require a browser plugin'
+              enum:
+                - template_sps
             settings:
               $ref: '#/components/schemas/SecurePasswordStoreApplicationSettings'
+          required:
+            - name
+            - settings
     SecurePasswordStoreApplicationSettings:
       allOf:
         - $ref: '#/components/schemas/ApplicationSettings'
@@ -30421,31 +44321,252 @@ components:
           type: string
         usernameField:
           type: string
-    SecurityQuestion:
+    SecurityEvent:
       type: object
       properties:
-        answer:
+        event_timestamp:
+          type: integer
+          format: int64
+          description: The time of the event (UNIX timestamp)
+          example: 1702448550
+        subjects:
+          type: object
+          $ref: '#/components/schemas/SecurityEventSubject'
+      required:
+        - event_timestamp
+        - subjects
+    SecurityEventReason:
+      type: object
+      properties:
+        en:
           type: string
-        question:
+          description: The event reason in English
+          example: Event message example
+      required:
+        - en
+    SecurityEventSubject:
+      description: The event subjects
+      properties:
+        device:
+          type: object
+          description: The device involved with the event
+        tenant:
+          type: object
+          description: The tenant involved with the event
+        user:
+          type: object
+          description: The user involved with the event
+    SecurityEventTokenError:
+      title: Security Event Token Error
+      description: Error object thrown when parsing the Security Event Token
+      type: object
+      properties:
+        description:
           type: string
-        questionText:
+          description: |
+            Describes the error
+            > **Note:** SET claim fields with underscores (snake case) are presented in camelcase. For example, `previous_status` appears as `previousStatus`.
+          example: 'Failed claim validation in security event token. ''events.mediationDeviceComplianceChangeEvent.previousStatus'': The field cannot be left blank'
+        err:
           type: string
-    SecurityQuestionUserFactor:
-      allOf:
-        - $ref: '#/components/schemas/UserFactor'
-        - type: object
-          properties:
-            profile:
-              $ref: '#/components/schemas/SecurityQuestionUserFactorProfile'
-    SecurityQuestionUserFactorProfile:
+          description: A code that describes the category of the error
+          example: invalid_request
+          enum:
+            - authentication_failed
+            - invalid_audience
+            - invalid_issuer
+            - invalid_key
+            - invalid_request
+    SecurityEventTokenRequestJwtBody:
+      title: Security Event Token JWT body payload
+      x-tags:
+        - SSFSecurityEventToken
+      description: JSON Web Token body payload for a Security Event Token
+      type: object
+      properties:
+        aud:
+          type: string
+          description: Audience
+          example: https://receiverexample.okta.com/
+        events:
+          type: object
+          $ref: '#/components/schemas/SecurityEventTokenRequestJwtEvents'
+        iat:
+          type: integer
+          format: int64
+          description: Token issue time (UNIX timestamp)
+          example: 1702448550
+        iss:
+          type: string
+          description: Token issuer
+          example: https://transmitter.example.com
+        jti:
+          type: string
+          description: Token ID
+          example: 24c63fb56f ... a9fa24
+      required:
+        - iss
+        - aud
+        - jti
+        - iat
+        - events
+    SecurityEventTokenRequestJwtEvents:
+      description: A non-empty collection of events
       type: object
       properties:
-        answer:
+        https://schemas.okta.com/secevent/okta/event-type/device-risk-change:
+          type: object
+          $ref: '#/components/schemas/OktaDeviceRiskChangeEvent'
+        https://schemas.okta.com/secevent/okta/event-type/ip-change:
+          type: object
+          $ref: '#/components/schemas/OktaIpChangeEvent'
+        https://schemas.okta.com/secevent/okta/event-type/user-risk-change:
+          type: object
+          $ref: '#/components/schemas/OktaUserRiskChangeEvent'
+        https://schemas.openid.net/secevent/caep/event-type/device-compliance-change:
+          type: object
+          $ref: '#/components/schemas/CaepDeviceComplianceChangeEvent'
+        https://schemas.openid.net/secevent/caep/event-type/session-revoked:
+          type: object
+          $ref: '#/components/schemas/CaepSessionRevokedEvent'
+        https://schemas.openid.net/secevent/risc/event-type/identifier-changed:
+          type: object
+          $ref: '#/components/schemas/RiscIdentifierChangedEvent'
+    SecurityEventTokenRequestJwtHeader:
+      title: Security Event Token JWT header
+      x-tags:
+        - SSFSecurityEventToken
+      description: JSON Web Token header for a Security Event Token
+      type: object
+      properties:
+        alg:
           type: string
-        question:
+          description: Algorithm used to sign or encrypt the JWT
+          example: RS256
+        kid:
           type: string
-        questionText:
+          description: Key ID used to sign or encrypt the JWT
+        typ:
+          type: string
+          description: The type of content being signed or encrypted
+          example: secevent+jwt
+      required:
+        - kid
+        - typ
+        - alg
+    SecurityEventsProviderRequest:
+      title: Security Events Provider Request
+      description: The request schema for creating or updating a Security Events Provider. The `settings` must match one of the schemas.
+      type: object
+      properties:
+        name:
+          description: The name of the Security Events Provider instance
+          type: string
+          maxLength: 100
+          example: Target SSF Provider
+        settings:
+          type: object
+          description: Information about the Security Events Provider for signal ingestion
+          oneOf:
+            - $ref: '#/components/schemas/SecurityEventsProviderSettingsSSFCompliant'
+            - $ref: '#/components/schemas/SecurityEventsProviderSettingsNonSSFCompliant'
+        type:
+          description: The application type of the Security Events Provider
+          maxLength: 255
+          type: string
+          example: okta
+      required:
+        - name
+        - settings
+        - type
+    SecurityEventsProviderResponse:
+      title: Security Events Provider Response
+      description: The Security Events Provider response
+      type: object
+      properties:
+        id:
+          description: The unique identifier of this instance
+          type: string
+          readOnly: true
+          example: sse1qg25RpusjUP6m0g5
+        name:
+          description: The name of the Security Events Provider instance
+          type: string
+          maxLength: 100
+          example: Target SSF Provider
+        settings:
+          type: object
+          description: Information about the Security Events Provider for signal ingestion
+          $ref: '#/components/schemas/SecurityEventsProviderSettingsResponse'
+        status:
+          description: Indicates whether the Security Events Provider is active or not
+          type: string
+          enum:
+            - ACTIVE
+            - INACTIVE
+          readOnly: true
+        type:
+          description: The application type of the Security Events Provider
+          maxLength: 255
+          type: string
+          example: okta
+        _links:
+          $ref: '#/components/schemas/LinksSelfAndLifecycle'
+    SecurityEventsProviderSettingsNonSSFCompliant:
+      title: Provider with issuer and JWKS settings
+      description: Security Events Provider with issuer and JWKS settings for signal ingestion
+      type: object
+      properties:
+        issuer:
+          type: string
+          description: Issuer URL
+          maxLength: 700
+          example: example.okta.com
+        jwks_url:
+          type: string
+          format: url
+          description: The public URL where the JWKS public key is uploaded
+          maxLength: 1000
+          example: https://example.okta.com/oauth2/v1/keys
+      required:
+        - jwks_url
+        - issuer
+    SecurityEventsProviderSettingsResponse:
+      title: Security Events Provider settings
+      description: Security Events Provider settings
+      type: object
+      properties:
+        issuer:
+          type: string
+          description: Issuer URL
+          maxLength: 700
+          example: example.okta.com
+        jwks_url:
+          type: string
+          format: url
+          description: The public URL where the JWKS public key is uploaded
+          maxLength: 1000
+          example: https://example.okta.com/oauth2/v1/keys
+        well_known_url:
+          type: string
+          format: url
+          description: The well-known URL of the Security Events Provider (the SSF transmitter)
+          nullable: true
+          maxLength: 1000
+          example: https://example.okta.com/.well-known/ssf-configuration
+    SecurityEventsProviderSettingsSSFCompliant:
+      title: Provider with well-known URL setting
+      description: Security Events Provider with well-known URL setting
+      type: object
+      properties:
+        well_known_url:
           type: string
+          format: url
+          description: The published well-known URL of the Security Events Provider (the SSF transmitter)
+          maxLength: 1000
+          example: https://example.okta.com/.well-known/ssf-configuration
+      required:
+        - well_known_url
     SeedEnum:
       description: Determines whether the generated password is the user's Okta password or a randomly generated password
       default: RANDOM
@@ -30571,6 +44692,7 @@ components:
         MFA_REQUIRED: The Session is established, but requires second factor verification.
         MFA_ENROLL: The Session is established, but the user needs to enroll a second factor.
     ShowSignInWithOV:
+      description: Controls whether to show the Sign in with Okta Verify button on the Sign-In Widget
       type: string
       enum:
         - ALWAYS
@@ -30625,64 +44747,80 @@ components:
                   type: string
                 classicRecoveryFlowEmailOrUsernameLabel:
                   type: string
+                widgetGeneration:
+                  $ref: '#/components/schemas/WidgetGeneration'
             widgetVersion:
               $ref: '#/components/schemas/Version'
     SignInPageTouchPointVariant:
+      description: |
+        Variant for the Okta sign-in page. You can publish a theme for sign-in page with different combinations of assets. Variants are preset combinations of those assets.
+        > **Note:**  For a non-`OKTA_DEFAULT` variant, `primaryColorHex` is used for button background color and `primaryColorContrastHex` is used to optimize the opacity for button text.
       type: string
       enum:
         - BACKGROUND_IMAGE
         - BACKGROUND_SECONDARY_COLOR
         - OKTA_DEFAULT
+      x-enumDescriptions:
+        BACKGROUND_IMAGE: Uses the logo, favicon, and background image from the Theme
+        BACKGROUND_SECONDARY_COLOR: Uses the logo and favicon from the Theme. Uses `secondaryColorHex` as the background color for the Okta sign-in page.
+        OKTA_DEFAULT: Uses the Okta logo and favicon with no background image. Uses the Okta colors on the Okta sign-in page.
     SignOnInlineHook:
       properties:
         id:
           type: string
           readOnly: false
+    SigningAlgorithm:
+      type: string
+      enum:
+        - ES256
+        - ES384
+        - ES512
+        - HS256
+        - HS384
+        - HS512
+        - RS256
+        - RS384
+        - RS512
     SimulatePolicyBody:
-      type: object
       description: The request body required for a simulate policy operation.
+      type: object
       properties:
-        policyTypes:
-          type: array
-          description: Supported policy types for a simulate operation. The default value, `null`, returns all types.
-          items:
-            $ref: '#/components/schemas/PolicyType'
         appInstance:
           type: string
           description: The application instance ID for a simulate operation
         policyContext:
           $ref: '#/components/schemas/PolicyContext'
+        policyTypes:
+          type: array
+          description: Supported policy types for a simulate operation. The default value, `null`, returns all types.
+          items:
+            $ref: '#/components/schemas/PolicyTypeSimulation'
       required:
-        -  appInstance
+        - appInstance
     SimulatePolicyEvaluations:
       type: object
       properties:
-        status:
-          type: string
-          description: The result of this entity evaluation
-          enum:
-            - MATCH
-            - NOT_MATCH
-            - UNDEFINED
+        evaluated:
+          type: object
+          description: A list of evaluated but not matched policies and rules
+          properties:
+            policies:
+              $ref: '#/components/schemas/SimulateResultPolicies'
         policyType:
           type: array
           description: The policy type of the simulate operation
           items:
-            $ref: '#/components/schemas/PolicyType'
+            $ref: '#/components/schemas/PolicyTypeSimulation'
         result:
-          $ref: "#/components/schemas/SimulatePolicyResult"
+          $ref: '#/components/schemas/SimulatePolicyResult'
+        status:
+          $ref: '#/components/schemas/SimulateResultStatus'
         undefined:
           type: object
           description: A list of undefined but not matched policies and rules
           properties:
             policies:
-              $ref: "#/components/schemas/SimulateResultPolicies"
-        evaluated:
-          type: object
-          description: A list of evaluated but not matched policies and rules
-          properties:
-            policies:
-              $ref: "#/components/schemas/SimulateResultPolicies"
+              $ref: '#/components/schemas/SimulateResultPolicies'
     SimulatePolicyResponse:
       description: The response body returned for a simulate policy operation. An array of `evaluations`.
       items:
@@ -30698,12 +44836,7 @@ components:
       type: object
       properties:
         status:
-          type: string
-          description: The result of the entity evaluation
-          enum:
-            - MATCH
-            - UNMATCHED
-            - UNDEFINED
+          $ref: '#/components/schemas/SimulateResultStatus'
         type:
           type: string
           description: The type of condition
@@ -30714,21 +44847,31 @@ components:
     SimulateResultPoliciesItems:
       type: object
       properties:
+        conditions:
+          type: array
+          description: List of all conditions involved for this policy evaluation
+          items:
+            $ref: '#/components/schemas/SimulateResultConditions'
         id:
           type: string
+          description: ID of the specified policy type
         name:
           type: string
-        status:
-          type: string
-        conditions:
-          type: array
-          $ref: "#/components/schemas/SimulateResultConditions"
+          description: Policy name
         rules:
           type: array
-          $ref: "#/components/schemas/SimulateResultRules"
+          items:
+            $ref: '#/components/schemas/SimulateResultRules'
+        status:
+          $ref: '#/components/schemas/SimulateResultStatus'
     SimulateResultRules:
       type: object
       properties:
+        conditions:
+          type: array
+          description: List of all conditions involved for this rule evaluation
+          items:
+            $ref: '#/components/schemas/SimulateResultConditions'
         id:
           type: string
           description: The unique ID number of the policy rule
@@ -30736,15 +44879,14 @@ components:
           type: string
           description: The name of the policy rule
         status:
-          type: string
-          description: The result of the entity evaluation
-          enum:
-            - MATCH
-            - UNMATCHED
-            - UNDEFINED
-        conditions:
-          type: array
-          $ref: "#/components/schemas/SimulateResultConditions"
+          $ref: '#/components/schemas/SimulateResultStatus'
+    SimulateResultStatus:
+      description: The result of this entity evaluation
+      type: string
+      enum:
+        - MATCH
+        - NOT_MATCH
+        - UNDEFINED
     SingleLogout:
       type: object
       properties:
@@ -30754,6 +44896,66 @@ components:
           type: string
         logoutUrl:
           type: string
+    SlackApplication:
+      title: Slack
+      x-tags:
+        - Application
+      x-okta-defined-as:
+        name: slack
+      example:
+        name: slack
+        label: Sample Slack App
+        signOnMode: SAML_2_0
+        settings:
+          app:
+            domain: my-company-domain
+      description: |
+        Schema for the Slack app (key name: `slack`)
+
+        To create a Slack app, use the [Create an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication) request with the following parameters in the request body.
+        > **Note:** The Slack app only supports `BROWSER_PLUGIN` and `SAML_2_0` sign-on modes.
+      allOf:
+        - $ref: '#/components/schemas/OINApplication'
+        - type: object
+        - required:
+            - name
+            - label
+            - settings
+          properties:
+            name:
+              type: string
+              enum:
+                - slack
+              example: slack
+            signOnMode:
+              enum:
+                - BROWSER_PLUGIN
+                - SAML_2_0
+            settings:
+              $ref: '#/components/schemas/SlackApplicationSettings'
+    SlackApplicationSettings:
+      allOf:
+        - $ref: '#/components/schemas/ApplicationSettings'
+        - type: object
+        - required:
+            - app
+          properties:
+            app:
+              $ref: '#/components/schemas/SlackApplicationSettingsApplication'
+            signOn:
+              $ref: '#/components/schemas/OINSaml20ApplicationSettingsSignOn'
+    SlackApplicationSettingsApplication:
+      description: Slack app instance properties
+      type: object
+      properties:
+        domain:
+          type: string
+          description: The Slack app domain name
+        userEmailValue:
+          type: string
+          description: The `User.Email` attribute value
+      required:
+        - domain
     SloParticipate:
       type: object
       properties:
@@ -30788,31 +44990,31 @@ components:
           readOnly: true
         name:
           type: string
+          description: Human-readable name of the Template
+          maxLength: 50
+          minLength: 1
         template:
           type: string
+          description: Text of the Template, including any [macros](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Template/)
+          maxLength: 161
+          minLength: 1
         translations:
           $ref: '#/components/schemas/SmsTemplateTranslations'
         type:
           $ref: '#/components/schemas/SmsTemplateType'
     SmsTemplateTranslations:
+      description: |
+        - Template translations are optionally provided when you want to localize the SMS messages. Translations are provided as an object that contains `key:value` pairs: the language and the translated Template text. The key portion is a two-letter country code that conforms to [ISO 639-1](https://www.loc.gov/standards/iso639-2/php/code_list.php). The value is the translated SMS Template.
+        - Just like with regular SMS Templates, the length of the SMS message can't exceed 160 characters.
       type: object
       x-okta-extensible: true
     SmsTemplateType:
+      description: Type of the Template
+      maxLength: 50
+      minLength: 1
       type: string
       enum:
         - SMS_VERIFY_CODE
-    SmsUserFactor:
-      allOf:
-        - $ref: '#/components/schemas/UserFactor'
-        - type: object
-          properties:
-            profile:
-              $ref: '#/components/schemas/SmsUserFactorProfile'
-    SmsUserFactorProfile:
-      type: object
-      properties:
-        phoneNumber:
-          type: string
     SocialAuthToken:
       type: object
       properties:
@@ -30869,13 +45071,29 @@ components:
       writeOnly: true
       type: string
       pattern: (?i)^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$
-    SsprPrimaryRequirement:
+    Sso:
+      description: 'Supported SSO protocol configurations. You must configure at least one protocol: `oidc` or `saml`'
       type: object
+      properties:
+        oidc:
+          $ref: '#/components/schemas/Oidc'
+        saml:
+          $ref: '#/components/schemas/Saml'
+    SsprPrimaryRequirement:
       description: Defines the authenticators permitted for the initial authentication step of password recovery
+      type: object
       properties:
+        methodConstraints:
+          description: Constraints on the values specified in the `methods` array. Specifying a constraint limits methods to specific authenticator(s). Currently, Google OTP is the only accepted constraint.
+          x-okta-lifecycle:
+            lifecycle: GA
+            isGenerallyAvailable: true
+          type: array
+          items:
+            $ref: '#/components/schemas/AuthenticatorMethodConstraint'
         methods:
           type: array
-          description: Authenticator methods allowed for the initial authentication step of password recovery
+          description: Authenticator methods allowed for the initial authentication step of password recovery. Method `otp` requires a constraint limiting it to a Google authenticator.
           items:
             type: string
             enum:
@@ -30883,25 +45101,7 @@ components:
               - sms
               - voice
               - email
-          x-okta-feature-flag-amends:
-            IDX_SSPR_EXTENDED_PRIMARY_FACTORS:
-              description: Authenticator methods allowed for the initial authentication step of password recovery. Method `otp` requires a constraint limiting it to a Google authenticator.
-              items:
-                type: string
-                enum:
-                  - push
-                  - sms
-                  - voice
-                  - email
-                  - otp
-        methodConstraints:
-          description: Constraints on the values specified in the `methods` array. Specifying a constraint limits methods to specific authenticator(s). Currently, Google OTP is the only accepted constraint.
-          x-okta-lifecycle:
-            features:
-              - IDX_SSPR_EXTENDED_PRIMARY_FACTORS
-          type: array
-          items:
-            $ref: '#/components/schemas/AuthenticatorMethodConstraint'
+              - otp
     SsprRequirement:
       description: Describes the initial and secondary authenticator requirements a user needs to reset their password
       type: object
@@ -30927,6 +45127,223 @@ components:
               - security_question
         required:
           type: boolean
+    StandardRoleAssignmentSchema:
+      type: object
+      properties:
+        type:
+          type: string
+          description: Standard role type
+    StreamConfiguration:
+      title: Stream Configuration
+      type: object
+      properties:
+        aud:
+          oneOf:
+            - type: string
+              format: uri
+              example: https://example.com
+            - type: array
+              items:
+                type: string
+                format: uri
+                example: https://example.com
+          description: |-
+            The audience used in the SET. This value is set as `aud` in the claim.
+
+            A read-only parameter that is set by the transmitter. If this parameter is included in the request, the value must match the expected value from the transmitter.
+          example: https://example.com
+        delivery:
+          type: object
+          $ref: '#/components/schemas/StreamConfigurationDelivery'
+        events_delivered:
+          type: array
+          items:
+            type: string
+            format: uri
+          description: |-
+            The events (mapped by the array of event type URIs) that the transmitter actually delivers to the SSF Stream.
+
+            A read-only parameter that is set by the transmitter. If this parameter is included in the request, the value must match the expected value from the transmitter.
+          example:
+            - https://schemas.openid.net/secevent/caep/event-type/session-revoked
+            - https://schemas.openid.net/secevent/caep/event-type/credential-change
+        events_requested:
+          type: array
+          maxItems: 50
+          items:
+            type: string
+            format: uri
+            maxLength: 256
+          description: The events (mapped by the array of event type URIs) that the receiver wants to receive
+          example:
+            - https://schemas.openid.net/secevent/caep/event-type/session-revoked
+            - https://schemas.openid.net/secevent/caep/event-type/credential-change
+        events_supported:
+          type: array
+          items:
+            type: string
+            format: uri
+          description: |-
+            An array of event type URIs that the transmitter supports.
+
+            A read-only parameter that is set by the transmitter. If this parameter is included in the request, the value must match the expected value from the transmitter.
+          example:
+            - https://schemas.openid.net/secevent/caep/event-type/session-revoked
+            - https://schemas.openid.net/secevent/caep/event-type/credential-change
+        format:
+          type: string
+          description: The Subject Identifier format expected for any SET transmitted.
+          enum:
+            - iss_sub
+        iss:
+          type: string
+          description: |-
+            The issuer used in Security Event Tokens (SETs). This value is set as `iss` in the claim.
+
+            A read-only parameter that is set by the transmitter. If this parameter is included in the request, the value must match the expected value from the transmitter.
+          example: https://{yourOktaDomain}
+        min_verification_interval:
+          type: integer
+          nullable: true
+          example: 60
+          description: |-
+            The minimum amount of time, in seconds, between two verification requests.
+
+            A read-only parameter that is set by the transmitter. If this parameter is included in the request, the value must match the expected value from the transmitter.
+        stream_id:
+          type: string
+          description: The ID of the SSF Stream configuration
+          example: esc1k235GIIztAuGK0g5
+      required:
+        - events_requested
+        - delivery
+    StreamConfigurationCreateRequest:
+      title: Stream Configuration Create Request
+      type: object
+      properties:
+        delivery:
+          type: object
+          $ref: '#/components/schemas/StreamConfigurationDelivery'
+        events_requested:
+          type: array
+          maxItems: 50
+          items:
+            type: string
+            format: uri
+            maxLength: 256
+          description: The events (mapped by the array of event type URIs) that the receiver wants to receive
+          example:
+            - https://schemas.openid.net/secevent/caep/event-type/session-revoked
+            - https://schemas.openid.net/secevent/caep/event-type/credential-change
+        format:
+          type: string
+          description: The Subject Identifier format expected for any SET transmitted.
+          enum:
+            - iss_sub
+      required:
+        - events_requested
+        - delivery
+    StreamConfigurationDelivery:
+      title: Stream Configuration Delivery
+      description: Contains information about the intended SET delivery method by the receiver
+      type: object
+      properties:
+        authorization_header:
+          type: string
+          description: The HTTP Authorization header that is included for each HTTP POST request
+          example: Basic dXNlcjpwYXNzd29yZA==
+          nullable: true
+          maxLength: 8192
+        endpoint_url:
+          type: string
+          format: uri
+          description: The target endpoint URL where the transmitter delivers the SET using HTTP POST requests
+          example: https://example.com/
+          maxLength: 2048
+        method:
+          type: string
+          description: The delivery method that the transmitter uses for delivering a SET
+          enum:
+            - https://schemas.openid.net/secevent/risc/delivery-method/push
+            - urn:ietf:rfc:8935
+      required:
+        - method
+        - endpoint_url
+    SubjectType:
+      type: string
+      enum:
+        - pairwise
+        - public
+    SubmissionRequest:
+      allOf:
+        - $ref: '#/components/schemas/SubmissionResponse'
+      required:
+        - name
+        - description
+        - logo
+    SubmissionResponse:
+      type: object
+      properties:
+        config:
+          type: array
+          description: 'List of org-level variables for the customer per-tenant configuration. For example, a `subdomain` variable can be used in the ACS URL: `https://${org.subdomain}.example.com/saml/login`'
+          items:
+            type: object
+            properties:
+              label:
+                type: string
+                description: Display name of the variable in the Admin Console
+                example: Subdomain
+              name:
+                type: string
+                maxLength: 1024
+                minLength: 1
+                description: Name of the variable
+                example: subdomain
+        description:
+          type: string
+          maxLength: 1024
+          minLength: 1
+          description: A general description of your application and the benefits provided to your customers
+          example: Your one source for in-season strawberry deals. Okta's Strawberry Central integration allow users to securely access those sweet deals.
+        id:
+          type: string
+          description: OIN Integration ID
+          readOnly: true
+          example: acme_submissionapp_1
+        lastPublished:
+          type: string
+          description: Timestamp when the OIN Integration was last published
+          readOnly: true
+          example: '2023-08-24T14:15:22.000Z'
+        lastUpdated:
+          type: string
+          description: Timestamp when the OIN Integration instance was last updated
+          readOnly: true
+          example: '2023-08-24T14:15:22.000Z'
+        lastUpdatedBy:
+          type: string
+          description: ID of the user who made the last update
+          readOnly: true
+          example: 00ub0oNGTSWTBKOLGLNR
+        logo:
+          type: string
+          format: uri
+          description: URL to an uploaded application logo. This logo appears next to your app integration name in the OIN catalog. You must first [Upload an OIN Integration logo](/openapi/okta-management/management/tag/YourOinIntegrations/#tag/YourOinIntegrations/operation/uploadSubmissionLogo) to obtain the logo URL before you can specify this value.
+          example: https://acme.okta.com/bc/image/fileStoreRecord?id=fs03xxd3KmkDBwJU80g4
+        name:
+          type: string
+          maxLength: 64
+          minLength: 1
+          description: The app integration name. This is the main title used for your integration in the OIN catalog.
+          example: Strawberry Central
+        sso:
+          $ref: '#/components/schemas/Sso'
+        status:
+          type: string
+          description: Status of the OIN Integration submission
+          readOnly: true
+          example: New
     Subscription:
       type: object
       properties:
@@ -30955,25 +45372,30 @@ components:
         - subscribed
         - unsubscribed
     SupportedMethods:
+      description: The supported methods of an Authenticator
       type: object
       properties:
         settings:
           type: object
           properties:
             keyProtection:
-              type: string
+              $ref: '#/components/schemas/PushMethodKeyProtection'
             algorithms:
+              description: The encryption algorithm for this authenticator method
               type: array
               items:
                 $ref: '#/components/schemas/AuthenticatorMethodAlgorithm'
             transactionTypes:
               type: array
+              description: The transaction type for this authenticator method
               items:
                 $ref: '#/components/schemas/AuthenticatorMethodTransactionType'
         status:
-          type: string
+          description: The status of the authenticator method
+          $ref: '#/components/schemas/LifecycleStatus'
         type:
           type: string
+          description: The type of authenticator method
           enum:
             - push
     SwaApplicationSettings:
@@ -31012,38 +45434,199 @@ components:
           type: string
         userNameSelector:
           type: string
+    TelephonyRequest:
+      type: object
+      properties:
+        data:
+          $ref: '#/components/schemas/TelephonyRequestData'
+        eventType:
+          type: string
+          description: The type of inline hook. The Telephony inline hook type is `com.okta.telephony.provider`.
+        requestType:
+          type: string
+          description: The type of inline hook request. For example, `com.okta.user.telephony.pre-enrollment`.
+        source:
+          description: The ID and URL of the Telephony inline hook
+          type: string
+    TelephonyRequestData:
+      type: object
+      properties:
+        context:
+          type: object
+          properties:
+            request:
+              $ref: '#/components/schemas/InlineHookRequestObject'
+        messageProfile:
+          type: object
+          description: Message profile specifies information about the telephony (sms/voice) message to be sent to the Okta user
+          properties:
+            msgTemplate:
+              description: Default or Okta org configured sms or voice message template
+              type: string
+            phoneNumber:
+              description: The Okta's user's phone number
+              type: string
+            otpExpires:
+              description: The time when OTP expires
+              type: string
+            deliveryChannel:
+              description: The channel for OTP delivery - SMS or voice
+              type: string
+            otpCode:
+              description: The OTP code requested by the Okta user
+              type: string
+            locale:
+              description: The locale associated with the Okta user
+              type: string
+        userProfile:
+          type: object
+          description: User profile specifies information about the Okta user
+          properties:
+            firstName:
+              description: The user's first name
+              type: string
+            lastName:
+              description: The user's last name
+              type: string
+            login:
+              description: The user's Okta login
+              type: string
+            userId:
+              description: The user's Okta user ID
+              type: string
+    TelephonyResponse:
+      type: object
+      properties:
+        commands:
+          description: The `commands` object specifies whether Okta accepts the end user's sign-in credentials as valid or not. For the Telephony inline hook, you typically only return one `commands` object with one array element in it.
+          type: array
+          items:
+            type: object
+            properties:
+              type:
+                description: The location where you specify the command. For the Telephony inline hook, there's only one command, `com.okta.telephony.action`.
+                type: string
+              value:
+                description: The status of the telephony operation along with optional additional information about the provider, transaction ID and any other transaction metadata.
+                type: array
+                items:
+                  type: object
+                  properties:
+                    status:
+                      type: string
+                      description: Status of telephony callout
+                      enum:
+                        - SUCCESSFUL
+                        - PENDING
+                        - FAILED
+                      x-enumDescriptions:
+                        SUCCESSFUL: External web service was able to deliver the OTP to the Requester.
+                        PENDING: External web service wasn't able to confirm delivery of the OTP to the Requester.
+                        FAILED: External web service was unable to deliver the OTP to the Requester.
+                    provider:
+                      type: string
+                      description: Telephony provider for sms/voice
+                    transactionId:
+                      type: string
+                      description: Transaction ID for sms/voice
+                    transactionMetadata:
+                      type: string
+                      description: Any relevant metadata for the telephony transaction
     TempPassword:
       type: object
       properties:
         tempPassword:
           type: string
           readOnly: true
-    Theme:
+    TestInfo:
+      description: Integration Testing Information
       type: object
       properties:
-        backgroundImage:
-          readOnly: true
-          type: string
-        emailTemplateTouchPointVariant:
-          $ref: '#/components/schemas/EmailTemplateTouchPointVariant'
-        endUserDashboardTouchPointVariant:
-          $ref: '#/components/schemas/EndUserDashboardTouchPointVariant'
-        errorPageTouchPointVariant:
-          $ref: '#/components/schemas/ErrorPageTouchPointVariant'
-        loadingPageTouchPointVariant:
-          $ref: '#/components/schemas/LoadingPageTouchPointVariant'
-        primaryColorContrastHex:
+        escalationSupportContact:
           type: string
-        primaryColorHex:
-          type: string
-        secondaryColorContrastHex:
-          type: string
-        secondaryColorHex:
-          type: string
-        signInPageTouchPointVariant:
-          $ref: '#/components/schemas/SignInPageTouchPointVariant'
-        _links:
-          $ref: '#/components/schemas/LinksSelf'
+          maxLength: 255
+          description: An email for Okta to contact your company about your integration. This email isn't shared with customers.
+          example: strawberry.support@example.com
+        oidcTestConfiguration:
+          type: object
+          description: OIDC test details
+          properties:
+            idp:
+              type: boolean
+              description: Read only.<br>Indicates if your integration supports IdP-initiated sign-in flows. If [`sso.oidc.initiateLoginUri`](/openapi/okta-management/management/tag/YourOinIntegrations/#tag/YourOinIntegrations/operation/createSubmission!path=sso/oidc/initiateLoginUri&t=request) is specified, this property is set to `true`. If [`sso.oidc.initiateLoginUri`](/openapi/okta-management/management/tag/YourOinIntegrations/#tag/YourOinIntegrations/operation/createSubmission!path=sso/oidc/initiateLoginUri&t=request) isn't set for the integration submission, this property is set to `false`
+              readOnly: true
+            sp:
+              type: boolean
+              description: Read only.<br>Indicates if your integration supports SP-initiated sign-in flows and is always set to `true` for OIDC SSO
+              readOnly: true
+            jit:
+              type: boolean
+              description: Indicates if your integration supports Just-In-Time (JIT) provisioning
+            spInitiateUrl:
+              type: string
+              format: uri
+              maxLength: 512
+              description: URL for SP-initiated sign-in flows (required if `sp = true`)
+              example: https://test.example.com/strawberry/oidc/sp-init
+          required:
+            - spInitiateUrl
+        samlTestConfiguration:
+          type: object
+          description: SAML test details
+          properties:
+            idp:
+              type: boolean
+              description: Indicates if your integration supports IdP-initiated sign-in
+            sp:
+              type: boolean
+              description: Indicates if your integration supports SP-initiated sign-in
+            jit:
+              type: boolean
+              description: Indicates if your integration supports Just-In-Time (JIT) provisioning
+            spInitiateUrl:
+              type: string
+              format: uri
+              maxLength: 512
+              description: URL for SP-initiated sign-in flows (required if `sp = true`)
+              example: https://test.example.com/strawberry/saml/sp-init
+            spInitiateDescription:
+              type: string
+              maxLength: 2048
+              description: Instructions on how to sign in to your app using the SP-initiated flow (required if `sp = true`)
+              example: Go to your app URL from a browser and enter your username
+          required:
+            - spInitiateUrl
+        testAccount:
+          type: object
+          description: An account on a test instance of your app with admin privileges. A test admin account is required by Okta for integration testing. During OIN QA testing, an Okta analyst uses this admin account to configure your app for the various test case flows.
+          properties:
+            url:
+              type: string
+              format: uri
+              maxLength: 512
+              description: The sign-in URL to a test instance of your app
+              example: https://example.com/strawberry/login
+            username:
+              type: string
+              maxLength: 255
+              description: The username for your app admin account
+              example: test@example.com
+            password:
+              type: string
+              maxLength: 255
+              description: The password for your app admin account
+              example: sUperP@ssw0rd
+            instructions:
+              type: string
+              maxLength: 2048
+              description: Additional instructions to test the app integration, including instructions for obtaining test accounts
+              example: Go to your app URL from a browser and enter your credentials
+          required:
+            - url
+            - username
+            - password
+      required:
+        - escalationSupportContact
     ThemeResponse:
       type: object
       properties:
@@ -31069,16 +45652,26 @@ components:
           type: string
         primaryColorContrastHex:
           type: string
+          description: Primary color contrast hex code
         primaryColorHex:
           type: string
+          description: Primary color hex code
         secondaryColorContrastHex:
           type: string
+          description: Secondary color contrast hex code
         secondaryColorHex:
           type: string
+          description: Secondary color hex code
         signInPageTouchPointVariant:
           $ref: '#/components/schemas/SignInPageTouchPointVariant'
         _links:
           $ref: '#/components/schemas/LinksSelf'
+    ThirdPartyAdminSetting:
+      description: The third-party admin setting
+      type: object
+      properties:
+        thirdPartyAdmin:
+          type: boolean
     ThreatInsightConfiguration:
       type: object
       properties:
@@ -31122,105 +45715,206 @@ components:
     TimeDuration:
       description: A time duration specified as an [ISO-8601 duration](https://en.wikipedia.org/wiki/ISO_8601#Durations).
       type: string
-      pattern: ^P(?!$)(\d+Y)?(\d+M)?(\d+W)?(\d+D)?(T(?=\d)(\d+H)?(\d+M)?(\d+S)?)?$
+      pattern: ^P(?:$)(\d+Y)?(\d+M)?(\d+W)?(\d+D)?(T(?:\d)(\d+H)?(\d+M)?(\d+S)?)?$
     TokenAuthorizationServerPolicyRuleAction:
       type: object
       properties:
         accessTokenLifetimeMinutes:
           type: integer
+          description: Lifetime of the access token in minutes. The minimum is five minutes. The maximum is one day.
         inlineHook:
           $ref: '#/components/schemas/TokenAuthorizationServerPolicyRuleActionInlineHook'
         refreshTokenLifetimeMinutes:
           type: integer
+          description: Lifetime of the refresh token is the minimum access token lifetime.
         refreshTokenWindowMinutes:
           type: integer
+          description: Timeframe when the refresh token is valid. The minimum is 10 minutes. The maximum is five years (2,628,000 minutes).
     TokenAuthorizationServerPolicyRuleActionInlineHook:
       type: object
       properties:
         id:
           type: string
           readOnly: false
-    TokenUserFactor:
-      allOf:
-        - $ref: '#/components/schemas/UserFactor'
-        - type: object
-          properties:
-            profile:
-              $ref: '#/components/schemas/TokenUserFactorProfile'
-    TokenUserFactorProfile:
+    TokenDeliveryMode:
+      type: string
+      enum:
+        - poll
+    TokenResponse:
       type: object
       properties:
-        credentialId:
+        access_token:
+          type: string
+          description: An access token.
+        device_secret:
+          type: string
+          description: An opaque device secret. This is returned if the `device_sso` scope is granted.
+        expires_in:
+          type: integer
+          description: The expiration time of the access token in seconds.
+        id_token:
           type: string
-    TotpUserFactor:
+          description: An ID token. This is returned if the `openid` scope is granted.
+        issued_token_type:
+          $ref: '#/components/schemas/TokenType'
+        refresh_token:
+          type: string
+          description: An opaque refresh token. This is returned if the `offline_access` scope is granted.
+        scope:
+          type: string
+          description: The scopes contained in the access token.
+        token_type:
+          $ref: '#/components/schemas/TokenResponseTokenType'
+    TokenResponseTokenType:
+      description: The token type in a `/token` response. The value is generally `Bearer` except for a few instances of token exchange.
+      type: string
+      enum:
+        - Bearer
+        - N_A
+    TokenType:
+      description: The type of token for token exchange.
+      type: string
+      enum:
+        - urn:ietf:params:oauth:token-type:access_token
+        - urn:ietf:params:oauth:token-type:id_token
+        - urn:ietf:params:oauth:token-type:jwt
+        - urn:ietf:params:oauth:token-type:refresh_token
+        - urn:ietf:params:oauth:token-type:saml1
+        - urn:ietf:params:oauth:token-type:saml2
+        - urn:okta:oauth:token-type:web_sso_token
+        - urn:x-oath:params:oauth:token-type:device-secret
+    TrendMicroApexOneServiceApplication:
+      title: Trend Micro Apex One Service
+      x-tags:
+        - Application
+      x-okta-defined-as:
+        name: trendmicroapexoneservice
+      example:
+        name: trendmicroapexoneservice
+        label: Sample Trend Micro Apex One as a Service App
+        signOnMode: SAML_2_0
+        settings:
+          app:
+            baseURL: https://acme.trendmicro.com
+      description: |
+        Schema for Trend Micro Apex One as a Service app (key name: `trendmicroapexoneservice`)
+
+        To create a Trend Micro Apex One as a Service app, use the [Create an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication) request with the following parameters in the request body.
+        > **Note:** The Trend Micro Apex One as a Service app only supports `SAML_2_0` sign-on mode.
+      allOf:
+        - $ref: '#/components/schemas/OINApplication'
+        - type: object
+        - required:
+            - name
+            - label
+            - settings
+          properties:
+            name:
+              type: string
+              enum:
+                - trendmicroapexoneservice
+              example: trendmicroapexoneservice
+            signOnMode:
+              enum:
+                - SAML_2_0
+            settings:
+              $ref: '#/components/schemas/TrendMicroApexOneServiceApplicationSettings'
+    TrendMicroApexOneServiceApplicationSettings:
       allOf:
-        - $ref: '#/components/schemas/UserFactor'
+        - $ref: '#/components/schemas/ApplicationSettings'
         - type: object
+        - required:
+            - app
           properties:
-            profile:
-              $ref: '#/components/schemas/TotpUserFactorProfile'
-    TotpUserFactorProfile:
+            app:
+              $ref: '#/components/schemas/TrendMicroApexOneServiceApplicationSettingsApplication'
+            signOn:
+              $ref: '#/components/schemas/OINSaml20ApplicationSettingsSignOn'
+    TrendMicroApexOneServiceApplicationSettingsApplication:
+      description: Trend Micro Apex One as a Service app instance properties
       type: object
       properties:
-        credentialId:
+        baseURL:
           type: string
+          description: Base Trend Micro Apex One Service URL
+      required:
+        - baseURL
     TrustedOrigin:
       type: object
       properties:
         created:
+          description: Timestamp when the Trusted Origin was created
           type: string
           format: date-time
           readOnly: true
         createdBy:
+          description: The ID of the user who created the Trusted Origin
           type: string
         id:
+          description: Unique identifier for the Trusted Origin
           type: string
           readOnly: true
         lastUpdated:
+          description: Timestamp when the Trusted Origin was last updated
           type: string
           format: date-time
           readOnly: true
         lastUpdatedBy:
+          description: The ID of the user who last updated the Trusted Origin
           type: string
         name:
-          type: string
+          $ref: '#/components/schemas/TrustedOriginName'
         origin:
-          type: string
+          $ref: '#/components/schemas/TrustedOriginOrigin'
         scopes:
-          type: array
-          items:
-            $ref: '#/components/schemas/TrustedOriginScope'
+          $ref: '#/components/schemas/TrustedOriginScopes'
         status:
-          type: string
+          $ref: '#/components/schemas/LifecycleStatus'
         _links:
-          $ref: '#/components/schemas/LinksSelf'
+          $ref: '#/components/schemas/LinksSelfAndLifecycle'
+    TrustedOriginName:
+      maximum: 255
+      description: Unique name for the Trusted Origin
+      type: string
+    TrustedOriginOrigin:
+      maximum: 255
+      description: Unique origin URL for the Trusted Origin. The supported schemes for this attribute are HTTP, HTTPS, FTP, Ionic 2, and Capacitor.
+      type: string
     TrustedOriginScope:
       type: object
       properties:
         allowedOktaApps:
           type: array
+          description: The allowed Okta apps for the Trusted Origin scope
           items:
             $ref: '#/components/schemas/IframeEmbedScopeAllowedApps'
         type:
           $ref: '#/components/schemas/TrustedOriginScopeType'
     TrustedOriginScopeType:
+      description: |
+        The scope type. Supported values: When you use `IFRAME_EMBED` as the scope type, leave the allowedOktaApps property 
+        empty to allow iFrame embedding of only Okta sign-in pages. Include `OKTA_ENDUSER` as a value for the allowedOktaApps 
+        property to allow iFrame embedding of both Okta sign-in pages and the Okta End-User Dashboard.
       type: string
       enum:
         - CORS
         - IFRAME_EMBED
         - REDIRECT
-    U2fUserFactor:
-      allOf:
-        - $ref: '#/components/schemas/UserFactor'
-        - type: object
-          properties:
-            profile:
-              $ref: '#/components/schemas/U2fUserFactorProfile'
-    U2fUserFactorProfile:
+    TrustedOriginScopes:
+      maximum: 3
+      description: Array of Scope types that this Trusted Origin is used for
+      items:
+        $ref: '#/components/schemas/TrustedOriginScope'
+      type: array
+    TrustedOriginWrite:
       type: object
       properties:
-        credentialId:
-          type: string
+        name:
+          $ref: '#/components/schemas/TrustedOriginName'
+        origin:
+          $ref: '#/components/schemas/TrustedOriginOrigin'
+        scopes:
+          $ref: '#/components/schemas/TrustedOriginScopes'
     UIElement:
       description: Specifies the configuration of an input field on an enrollment form
       type: object
@@ -31264,8 +45958,7 @@ components:
           description: Specifies the button label for the `Submit` button at the bottom of the enrollment form.
           default: Submit
         elements:
-          allOf:
-            $ref: '#/components/schemas/UIElement'
+          $ref: '#/components/schemas/UIElement'
         label:
           type: string
           description: Specifies the label at the top of the enrollment form under the logo.
@@ -31324,13 +46017,65 @@ components:
       required:
         - label
         - description
+    UpdateRealmAssignmentRequest:
+      type: object
+      properties:
+        actions:
+          $ref: '#/components/schemas/Actions'
+        conditions:
+          $ref: '#/components/schemas/Conditions'
+        name:
+          type: string
+        priority:
+          type: integer
+    UpdateRealmRequest:
+      type: object
+      properties:
+        profile:
+          $ref: '#/components/schemas/RealmProfile'
+    UpdateThemeRequest:
+      type: object
+      properties:
+        emailTemplateTouchPointVariant:
+          $ref: '#/components/schemas/EmailTemplateTouchPointVariant'
+        endUserDashboardTouchPointVariant:
+          $ref: '#/components/schemas/EndUserDashboardTouchPointVariant'
+        errorPageTouchPointVariant:
+          $ref: '#/components/schemas/ErrorPageTouchPointVariant'
+        loadingPageTouchPointVariant:
+          $ref: '#/components/schemas/LoadingPageTouchPointVariant'
+        primaryColorContrastHex:
+          type: string
+          description: Primary color contrast hex code
+          default: null
+        primaryColorHex:
+          type: string
+          description: Primary color hex code
+          default: null
+        secondaryColorContrastHex:
+          type: string
+          description: Secondary color contrast hex code
+          default: null
+        secondaryColorHex:
+          type: string
+          description: Secondary color hex code
+          default: null
+        signInPageTouchPointVariant:
+          $ref: '#/components/schemas/SignInPageTouchPointVariant'
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+      required:
+        - primaryColorHex
+        - secondaryColorHex
+        - signInPageTouchPointVariant
+        - endUserDashboardTouchPointVariant
+        - errorPageTouchPointVariant
+        - emailTemplateTouchPointVariant
     UpdateUISchema:
       description: The updated request body properties
       type: object
       properties:
         uiSchema:
-          type: object
-          description: Updated schema property expressions (Okta object or App Instance object)
           $ref: '#/components/schemas/UISchemaObject'
     UpdateUserRequest:
       type: object
@@ -31341,39 +46086,46 @@ components:
           $ref: '#/components/schemas/UserProfile'
         realmId:
           type: string
-          description: The ID of the realm in which the user is residing
+          description: <div class="x-lifecycle-container"><x-lifecycle class="ea"></x-lifecycle></div>The ID of the Realm in which the user is residing
           example: guo1bfiNtSnZYILxO0g4
           x-okta-lifecycle:
-            features:
-              - UD_REALMS
+            lifecycle: EA
+            isGenerallyAvailable: false
+            SKUs: []
     User:
       type: object
       properties:
         activated:
           type: string
+          description: The timestamp when the user status transitioned to `ACTIVE`
           format: date-time
           readOnly: true
           nullable: true
         created:
           type: string
+          description: The timestamp when the user was created
           format: date-time
           readOnly: true
         credentials:
           $ref: '#/components/schemas/UserCredentials'
         id:
           type: string
+          description: The unique key for the user
           readOnly: true
         lastLogin:
           type: string
+          description: The timestamp of the last login
           format: date-time
           readOnly: true
           nullable: true
         lastUpdated:
           type: string
+          description: The timestamp when the user was last updated
           format: date-time
           readOnly: true
         passwordChanged:
           type: string
+          description: The timestamp when the user's password was last updated
           format: date-time
           readOnly: true
           nullable: true
@@ -31381,31 +46133,119 @@ components:
           $ref: '#/components/schemas/UserProfile'
         realmId:
           type: string
-          description: The ID of the realm in which the user is residing
+          description: <div class="x-lifecycle-container"><x-lifecycle class="ea"></x-lifecycle></div>The ID of the Realm in which the user is residing
           example: guo1bfiNtSnZYILxO0g4
           x-okta-lifecycle:
-            features:
-              - UD_REALMS
+            lifecycle: EA
+            isGenerallyAvailable: false
+            SKUs: []
           readOnly: true
         status:
           $ref: '#/components/schemas/UserStatus'
         statusChanged:
           type: string
+          description: The timestamp when the status of the user last changed
           format: date-time
           readOnly: true
           nullable: true
         transitioningToStatus:
-          $ref: '#/components/schemas/UserStatus'
+          type: string
+          description: The target status of an in-progress asynchronous status transition. This property is only returned if the user's state is transitioning.
+          readOnly: true
+          nullable: true
+          enum:
+            - ACTIVE
+            - DEPROVISIONED
+            - PROVISIONED
         type:
-          $ref: '#/components/schemas/UserType'
+          type: object
+          description: |-
+            The user type that determines the schema for the user's profile. The `type` property is a map that identifies
+            the [User Types](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/UserType/#tag/UserType)).
+            Currently it contains a single element, `id`. It can be specified when creating a new user, and may be updated by an administrator on a full replace of an existing user (but not a partial update).
+          properties:
+            id:
+              type: string
+              description: The ID of the user type
         _embedded:
           type: object
+          description: If specified, includes embedded resources related to the user
           additionalProperties:
             type: object
             properties: {}
           readOnly: true
         _links:
-          $ref: '#/components/schemas/LinksSelf'
+          description: |-
+            Specifies link relations (see [Web Linking](https://datatracker.ietf.org/doc/html/rfc8288) available for the current status of a user.
+            The Links object is used for dynamic discovery of related resources, lifecycle operations, and credential operations. The Links object is read-only.
+
+            For an individual user result, the Links object contains a full set of link relations available for that user as determined by your policies.
+            For a collection of users, the Links object contains only the `self` link. Operations that return a collection of Users include List Users and List Group Members.
+          allOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - type: object
+              properties:
+                self:
+                  description: URL to the individual user
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+                activate:
+                  description: URL to activate the user
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+                resetPassword:
+                  description: URL to reset the user's password
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+                resetFactors:
+                  description: URL to reset the user's factors
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+                expirePassword:
+                  description: URL to expire the user's password
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+                forgotPassword:
+                  description: URL to initiate a forgot password operation
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+                changeRecoveryQuestion:
+                  description: URL to change the user's recovery question
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+                deactivate:
+                  description: URL to deactivate a user
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+                reactivate:
+                  description: URL to reactivate the user
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+                changePassword:
+                  description: URL to change the user's password
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+                schema:
+                  description: URL to the user's profile schema
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+                suspend:
+                  description: URL to suspend the user
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+                unsuspend:
+                  description: URL to unsuspend the user
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+                unlock:
+                  description: URL to unlock the locked-out user
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+                type:
+                  description: URL to the user type
+                  allOf:
+                    - $ref: '#/components/schemas/HrefObject'
+            - readOnly: true
     UserActivationToken:
       type: object
       properties:
@@ -31416,14 +46256,25 @@ components:
           type: string
           readOnly: true
     UserBlock:
+      description: The description of the access block
       type: object
       properties:
         appliesTo:
           type: string
           readOnly: true
+          description: The devices that the block applies to
+          enum:
+            - ANY_DEVICES
+            - UNKNOWN_DEVICES
+          x-enumDescriptions:
+            ANY_DEVICES: The account is blocked for all devices
+            UNKNOWN_DEVICES: The account is only blocked for unknown devices
         type:
           type: string
           readOnly: true
+          description: Type of access block
+          enum:
+            - DEVICE_BASED
     UserCondition:
       description: Specifies a set of Users to be included or excluded
       type: object
@@ -31451,27 +46302,37 @@ components:
       type: object
       properties:
         created:
+          description: Timestamp when the Factor was enrolled
           type: string
           format: date-time
+          example: '2022-08-25T00:31:00.000Z'
           readOnly: true
         factorType:
-          $ref: '#/components/schemas/FactorType'
+          $ref: '#/components/schemas/UserFactorType'
         id:
+          description: ID of the Factor
           type: string
+          example: caf8m6jbcvUH8mAep1d7
           readOnly: true
         lastUpdated:
+          description: Timestamp when the Factor was last updated
           type: string
           format: date-time
+          example: '2022-08-25T00:31:00.000Z'
           readOnly: true
         profile:
           type: object
-          description: Factor-specific attributes
+          description: Specific attributes related to the Factor
         provider:
-          $ref: '#/components/schemas/FactorProvider'
+          description: Provider for the Factor
+          type: string
         status:
-          $ref: '#/components/schemas/FactorStatus'
-        verify:
-          $ref: '#/components/schemas/VerifyFactorRequest'
+          $ref: '#/components/schemas/UserFactorStatus'
+        vendorName:
+          description: Name of the Factor vendor. This is usually the same as the provider except for On-Prem MFA where it depends on administrator settings.
+          type: string
+          example: OKTA
+          readOnly: true
         _embedded:
           type: object
           additionalProperties:
@@ -31479,26 +46340,794 @@ components:
             properties: {}
           readOnly: true
         _links:
-          $ref: '#/components/schemas/LinksSelf'
+          type: object
       discriminator:
         propertyName: factorType
         mapping:
-          call: '#/components/schemas/CallUserFactor'
-          email: '#/components/schemas/EmailUserFactor'
-          push: '#/components/schemas/PushUserFactor'
-          question: '#/components/schemas/SecurityQuestionUserFactor'
-          sms: '#/components/schemas/SmsUserFactor'
-          token: '#/components/schemas/TokenUserFactor'
-          token:hardware: '#/components/schemas/HardwareUserFactor'
-          token:hotp: '#/components/schemas/CustomHotpUserFactor'
-          token:software:totp: '#/components/schemas/TotpUserFactor'
-          u2f: '#/components/schemas/U2fUserFactor'
-          web: '#/components/schemas/WebUserFactor'
-          webauthn: '#/components/schemas/WebAuthnUserFactor'
-          hotp: '#/components/schemas/CustomHotpUserFactor'
-    UserIdentifierConditionEvaluatorPattern:
+          call: '#/components/schemas/UserFactorCall'
+          email: '#/components/schemas/UserFactorEmail'
+          push: '#/components/schemas/UserFactorPush'
+          question: '#/components/schemas/UserFactorSecurityQuestion'
+          sms: '#/components/schemas/UserFactorSMS'
+          token: '#/components/schemas/UserFactorToken'
+          token:hardware: '#/components/schemas/UserFactorHardware'
+          token:hotp: '#/components/schemas/UserFactorCustomHOTP'
+          token:software:totp: '#/components/schemas/UserFactorTOTP'
+          u2f: '#/components/schemas/UserFactorU2F'
+          web: '#/components/schemas/UserFactorWeb'
+          webauthn: '#/components/schemas/UserFactorWebAuthn'
+          hotp: '#/components/schemas/UserFactorCustomHOTP'
+    UserFactorActivatePush:
+      description: Activation requests have a short lifetime and expire if activation isn't completed before the indicated timestamp. If the activation expires, use the returned `activate` link to restart the process.
+      type: object
+      properties:
+        expiresAt:
+          description: Timestamp when the Factor verification attempt expires
+          type: string
+          format: date-time
+          example: '2022-08-25T00:31:00.000Z'
+          readOnly: true
+        factorResult:
+          $ref: '#/components/schemas/UserFactorActivatePushResponse'
+          readOnly: true
+    UserFactorActivatePushResponse:
+      description: Result of a Factor verification
+      type: string
+      enum:
+        - CANCELLED
+        - ERROR
+        - TIMEOUT
+        - WAITING
+    UserFactorActivateRequest:
+      oneOf:
+        - title: call
+          description: Attempts to activate a `call` Factor with the specified passcode.
+          properties:
+            passCode:
+              $ref: '#/components/schemas/UserFactorPassCode'
+        - title: email
+          description: Attempts to activate a `email` Factor with the specified passcode.
+          properties:
+            passCode:
+              $ref: '#/components/schemas/UserFactorPassCode'
+        - title: push
+          type: object
+          nullable: true
+          description: |-
+            Sends an asynchronous push notification to the device for approval by the user. You must poll the transaction to determine the state of the activation. See [Retrieve a Factor transaction status](./#tag/UserFactor/operation/getFactorTransactionStatus).
+
+            No request body is required for `push` Factors.
+
+            Activations have a short lifetime of several minutes and return a `TIMEOUT` if not completed before the timestamp specified in the `expiresAt` param. Use the published activate link to restart the activation process if the activation expires.
+        - title: sms
+          description: Attempts to activate a `sms` Factor with the specified passcode.
+          properties:
+            passCode:
+              $ref: '#/components/schemas/UserFactorPassCode'
+        - title: token:software:totp
+          description: Attempts to activate a `token:software:totp` Factor with the specified passcode.
+          properties:
+            passCode:
+              $ref: '#/components/schemas/UserFactorPassCode'
+        - title: u2f
+          description: Activates a `u2f` Factor with the specified client and registration information from the U2F token
+          properties:
+            clientData:
+              type: string
+              description: Base64-encoded client data from the U2F token
+              example: eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZmluaXNoRW5yb2xsbWVudCIsImNoYWxsZW5nZSI6IlhxR0h0RTBoUkxuVEoxYUF5U1oyIiwib3JpZ2luIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6MzAwMCIsImNpZF9wdWJrZXkiOiJ1bnVzZWQifQ
+            registrationData:
+              type: string
+              description: Base64-encoded registration data from the U2F token
+              example: BQTEMUyOM8h1TiZG4DL-RdMr-tYgTYSf62Y52AmwEFTiSYWIRVO5L-MwWdRJOthmV3J3JrqpmGfmFb820-awx1YIQFlTvkMhxItHlpkzahEqicpw7SIH9yMfTn2kaDcC6JaLKPfV5ds0vzuxF1JJj3gCM01bRC-HWI4nCVgc-zaaoRgwggEcMIHDoAMCAQICCwD52fCSMoNczORdMAoGCCqGSM49BAMCMBUxEzARBgNVBAMTClUyRiBJc3N1ZXIwGhcLMDAwMTAxMDAwMFoXCzAwMDEwMTAwMDBaMBUxEzARBgNVBAMTClUyRiBEZXZpY2UwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQFKJupuUgPQcRHUphaW5JPfLvkkwlEwlHKk_ntSp7MS4aTHJyGnpziqncrjiTC_oUVtb-wN-y_t_IMIjueGkhxMAoGCCqGSM49BAMCA0gAMEUCIQDBo6aOLxanIUYnBX9iu3KMngPnobpi0EZSTkVtLC8_cwIgC1945RGqGBKfbyNtkhMifZK05n7fU-gW37Bdnci5D94wRQIhAJv3VvclbRkHAQhaUR8rr8qFTg9iF-GtHoXU95vWaQdyAiAbEr-440U4dQAZF-Sj8G2fxgh5DkgkkWpyUHZhz7N9ew
+        - title: webauthn
+          description: Activates a `webauthn` Factor with the specified attestation and registration information from the WebAuthn authenticator
+          properties:
+            attestation:
+              type: string
+              description: Base64-encoded attestation from the WebAuthn authenticator
+              example: o2NmbXRmcGFja2VkZ2F0dFN0bXSiY2FsZyZjc2lnWEgwRgIhAMvf2+dzXlHZN1um38Y8aFzrKvX0k5dt/hnDu9lahbR4AiEAuwtMg3IoaElWMp00QrP/+3Po/6LwXfmYQVfsnsQ+da1oYXV0aERhdGFYxkgb9OHGifjS2dG03qLRqvXrDIRyfGAuc+GzF1z20/eVRV2wvl6tzgACNbzGCmSLCyXx8FUDAEIBvWNHOcE3QDUkDP/HB1kRbrIOoZ1dR874ZaGbMuvaSVHVWN2kfNiO4D+HlAzUEFaqlNi5FPqKw+mF8f0XwdpEBlClAQIDJiABIVgg0a6oo3W0JdYPu6+eBrbr0WyB3uJLI3ODVgDfQnpgafgiWCB4fFo/5iiVrFhB8pNH2tbBtKewyAHuDkRolcCnVaCcmQ==
+            clientData:
+              type: string
+              description: Base64-encoded client data from the WebAuthn authenticator
+              example: eyJjaGFsbGVuZ2UiOiJVSk5wYW9sVWt0dF9vcEZPNXJMYyIsIm9yaWdpbiI6Imh0dHBzOi8vcmFpbi5va3RhMS5jb20iLCJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIn0
+      type: object
+    UserFactorActivateResponse:
+      type: object
+      properties:
+        factorType:
+          description: Type of the Factor
+          type: string
+          enum:
+            - call
+            - email
+            - sms
+            - push
+            - token:software:totp
+            - u2f
+            - webauthn
+        _links:
+          allOf:
+            - $ref: '#/components/schemas/LinksSelf'
+            - $ref: '#/components/schemas/LinksUser'
+            - $ref: '#/components/schemas/LinksVerify'
+      discriminator:
+        propertyName: factorType
+        mapping:
+          call: '#/components/schemas/UserFactorCall'
+          email: '#/components/schemas/UserFactorEmail'
+          sms: '#/components/schemas/UserFactorSMS'
+          push: '#/components/schemas/UserFactorActivatePush'
+          token:software:totp: '#/components/schemas/UserFactorTOTP'
+          u2f: '#/components/schemas/UserFactorU2F'
+          webauthn: '#/components/schemas/UserFactorWebAuthn'
+    UserFactorCall:
+      title: call
+      allOf:
+        - $ref: '#/components/schemas/UserFactor'
+        - type: object
+          properties:
+            factorType:
+              example: call
+            profile:
+              $ref: '#/components/schemas/UserFactorCallProfile'
+            provider:
+              enum:
+                - OKTA
+    UserFactorCallProfile:
+      type: object
+      properties:
+        phoneExtension:
+          description: Extension of the associated `phoneNumber`
+          type: string
+          example: 1234
+          nullable: true
+          maxLength: 15
+        phoneNumber:
+          description: Phone number of the Factor. You should format phone numbers to use the [E.164 standard](https://www.itu.int/rec/T-REC-E.164/).
+          example: '+15554151337'
+          type: string
+          pattern: ^\+[1-9]\d{1,14}$
+          maxLength: 15
+    UserFactorCustomHOTP:
+      title: token:hotp
+      allOf:
+        - $ref: '#/components/schemas/UserFactor'
+        - type: object
+          properties:
+            factorProfileId:
+              description: ID of an existing Custom TOTP Factor profile. To create this, see [Custom TOTP Factor](https://help.okta.com/okta_help.htm?id=ext-mfa-totp).
+              type: string
+            factorType:
+              example: token:hotp
+            profile:
+              $ref: '#/components/schemas/UserFactorCustomHOTPProfile'
+            provider:
+              enum:
+                - CUSTOM
+    UserFactorCustomHOTPProfile:
+      type: object
+      properties:
+        sharedSecret:
+          description: Unique secret key used to generate the OTP
+          type: string
+          example: 484f97be3213b117e3a20438e291540a
+    UserFactorEmail:
+      title: email
+      allOf:
+        - $ref: '#/components/schemas/UserFactor'
+        - type: object
+          properties:
+            factorType:
+              example: email
+            profile:
+              $ref: '#/components/schemas/UserFactorEmailProfile'
+            provider:
+              enum:
+                - OKTA
+    UserFactorEmailProfile:
+      type: object
+      properties:
+        email:
+          description: Email address of the user. Must be either the primary or secondary email address associated with the Okta user account.
+          maxLength: 100
+          example: z.cool@example.com
+          type: string
+    UserFactorHardware:
+      title: token:hardware
+      allOf:
+        - $ref: '#/components/schemas/UserFactor'
+        - type: object
+          properties:
+            factorType:
+              example: token:hardware
+            profile:
+              $ref: '#/components/schemas/UserFactorHardwareProfile'
+            provider:
+              enum:
+                - YUBICO
+            verify:
+              type: object
+              properties:
+                passCode:
+                  description: OTP for the current time window
+                  type: string
+                  example: cccccceukngdfgkukfctkcvfidnetljjiknckkcjulji
+    UserFactorHardwareProfile:
+      type: object
+      properties:
+        credentialId:
+          description: ID for the Factor credential
+          example: dade.murphy@example.com
+          type: string
+    UserFactorLinks:
+      allOf:
+        - $ref: '#/components/schemas/LinksActivate'
+        - $ref: '#/components/schemas/LinksCancel'
+        - $ref: '#/components/schemas/LinksDeactivate'
+        - $ref: '#/components/schemas/LinksEnroll'
+        - $ref: '#/components/schemas/LinksFactor'
+        - $ref: '#/components/schemas/LinksPoll'
+        - $ref: '#/components/schemas/LinksQrcode'
+        - $ref: '#/components/schemas/LinksQuestions'
+        - $ref: '#/components/schemas/LinksResend'
+        - $ref: '#/components/schemas/LinksSend'
+        - $ref: '#/components/schemas/LinksSelf'
+        - $ref: '#/components/schemas/LinksUser'
+        - $ref: '#/components/schemas/LinksVerify'
+      readOnly: true
+    UserFactorPassCode:
+      description: OTP for the current time window
+      example: 1234567890
+      type: string
+    UserFactorProvider:
+      description: Provider for the Factor
+      type: string
+      enum:
+        - CUSTOM
+        - DUO
+        - FIDO
+        - GOOGLE
+        - OKTA
+        - RSA
+        - SYMANTEC
+        - YUBICO
+    UserFactorPush:
+      title: push
+      allOf:
+        - $ref: '#/components/schemas/UserFactor'
+        - type: object
+          properties:
+            expiresAt:
+              description: Timestamp when the Factor verification attempt expires
+              type: string
+              format: date-time
+              example: '2022-08-25T00:31:00.000Z'
+              readOnly: true
+            factorResult:
+              $ref: '#/components/schemas/UserFactorResultType'
+            factorType:
+              example: push
+            profile:
+              $ref: '#/components/schemas/UserFactorPushProfile'
+            provider:
+              enum:
+                - OKTA
+    UserFactorPushProfile:
+      type: object
+      properties:
+        credentialId:
+          description: ID for the Factor credential
+          example: dade.murphy@example.com
+          type: string
+        deviceToken:
+          description: Token used to identify the device
+          example: fwf7ku6bsiSCieh6y1d7
+          type: string
+        deviceType:
+          description: Type of device
+          example: SmartPhone_IPhone
+          type: string
+        name:
+          description: Name of the device
+          example: My Phone
+          type: string
+        platform:
+          description: OS version of the associated device
+          example: IOS
+          type: string
+        version:
+          description: Installed version of Okta Verify
+          example: '9.0'
+          type: string
+    UserFactorPushTransaction:
+      type: object
+      properties:
+        factorResult:
+          description: Result of the verification transaction
+          type: string
+          enum:
+            - WAITING
+            - SUCCESS
+            - REJECTED
+            - TIMEOUT
+      discriminator:
+        propertyName: factorResult
+        mapping:
+          WAITING: '#/components/schemas/UserFactorPushTransactionWaiting'
+          SUCCESS: '#/components/schemas/UserFactorPushTransaction'
+          REJECTED: '#/components/schemas/UserFactorPushTransactionRejected'
+          TIMEOUT: '#/components/schemas/UserFactorPushTransactionTimeout'
+    UserFactorPushTransactionRejected:
+      allOf:
+        - $ref: '#/components/schemas/UserFactorPushTransaction'
+        - type: object
+          properties:
+            profile:
+              type: object
+              properties:
+                credentialId:
+                  description: ID for the Factor credential
+                  example: dade.murphy@example.com
+                  type: string
+            _links:
+              allOf:
+                - $ref: '#/components/schemas/LinksVerify'
+                - $ref: '#/components/schemas/UserFactor'
+    UserFactorPushTransactionSuccess:
+      $ref: '#/components/schemas/UserFactorPushTransaction'
+    UserFactorPushTransactionTimeout:
+      allOf:
+        - $ref: '#/components/schemas/UserFactorPushTransaction'
+        - type: object
+          properties:
+            profile:
+              type: object
+              properties:
+                credentialId:
+                  description: ID for the Factor credential
+                  example: dade.murphy@example.com
+                  type: string
+            _links:
+              allOf:
+                - $ref: '#/components/schemas/LinksVerify'
+                - $ref: '#/components/schemas/UserFactor'
+    UserFactorPushTransactionWaiting:
+      allOf:
+        - $ref: '#/components/schemas/UserFactorPushTransaction'
+        - type: object
+          properties:
+            profile:
+              type: object
+              properties:
+                credentialId:
+                  description: ID for the Factor credential
+                  example: dade.murphy@example.com
+                  type: string
+            _links:
+              allOf:
+                - $ref: '#/components/schemas/LinksPoll'
+                - $ref: '#/components/schemas/LinksCancel'
+    UserFactorResultType:
+      description: Result of a Factor verification attempt
+      type: string
+      enum:
+        - CANCELLED
+        - CHALLENGE
+        - ERROR
+        - FAILED
+        - PASSCODE_REPLAYED
+        - REJECTED
+        - SUCCESS
+        - TIMEOUT
+        - TIME_WINDOW_EXCEEDED
+        - WAITING
+      readOnly: true
+    UserFactorSMS:
+      title: sms
+      allOf:
+        - $ref: '#/components/schemas/UserFactor'
+        - type: object
+          properties:
+            factorType:
+              example: sms
+            profile:
+              $ref: '#/components/schemas/UserFactorSMSProfile'
+            provider:
+              enum:
+                - OKTA
+    UserFactorSMSProfile:
+      type: object
+      properties:
+        phoneNumber:
+          description: Phone number of the Factor. You should format phone numbers to use the [E.164 standard](https://www.itu.int/rec/T-REC-E.164/).
+          example: '+15554151337'
+          type: string
+          pattern: ^\+[1-9]\d{1,14}$
+          maxLength: 15
+    UserFactorSecurityQuestion:
+      title: question
+      allOf:
+        - $ref: '#/components/schemas/UserFactor'
+        - type: object
+          properties:
+            factorType:
+              example: question
+            profile:
+              $ref: '#/components/schemas/UserFactorSecurityQuestionProfile'
+            provider:
+              enum:
+                - OKTA
+    UserFactorSecurityQuestionProfile:
+      type: object
+      properties:
+        answer:
+          description: Answer to the question
+          minLength: 4
+          type: string
+          writeOnly: true
+        question:
+          description: Unique key for the question
+          example: disliked_food
+          enum:
+            - disliked_food
+            - name_of_first_plush_toy
+            - first_award
+            - favorite_security_question
+            - favorite_toy
+            - first_computer_game
+            - favorite_movie_quote
+            - first_sports_team_mascot
+            - first_music_purchase
+            - favorite_art_piece
+            - grandmother_favorite_desert
+            - first_thing_cooked
+            - childhood_dream_job
+            - first_kiss_location
+            - place_where_significant_other_was_met
+            - favorite_vacation_location
+            - new_years_two_thousand
+            - favorite_speaker_actor
+            - favorite_book_movie_character
+            - favorite_sports_player
+          type: string
+        questionText:
+          description: Human-readable text displayed to the user
+          example: What is the food you least liked as a child?
+          type: string
+          readOnly: true
+    UserFactorSignatureData:
+      description: Base64-encoded signature data from the WebAuthn authenticator
+      type: string
+    UserFactorStatus:
+      example: ACTIVE
+      description: Status of the Factor
+      type: string
+      enum:
+        - ACTIVE
+        - DISABLED
+        - ENROLLED
+        - EXPIRED
+        - INACTIVE
+        - NOT_SETUP
+        - PENDING_ACTIVATION
+      readOnly: true
+    UserFactorSupported:
+      type: object
+      properties:
+        enrollment:
+          type: string
+          description: Indicates if the Factor is required for the specified user
+          example: OPTIONAL
+          enum:
+            - OPTIONAL
+            - REQUIRED
+        factorType:
+          $ref: '#/components/schemas/UserFactorType'
+        provider:
+          $ref: '#/components/schemas/UserFactorProvider'
+        status:
+          $ref: '#/components/schemas/UserFactorStatus'
+        vendorName:
+          description: Name of the Factor vendor. This is usually the same as the provider except for On-Prem MFA where it depends on administrator settings.
+          type: string
+          example: OKTA
+          readOnly: true
+        _embedded:
+          type: object
+          description: Embedded resources related to the Factor
+          additionalProperties:
+            type: object
+            properties: {}
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/UserFactorLinks'
+    UserFactorTOTP:
+      title: token:software:totp
+      allOf:
+        - $ref: '#/components/schemas/UserFactor'
+        - type: object
+          properties:
+            factorType:
+              example: token:software:totp
+            profile:
+              $ref: '#/components/schemas/UserFactorTOTPProfile'
+            provider:
+              enum:
+                - OKTA
+                - GOOGLE
+    UserFactorTOTPProfile:
+      type: object
+      properties:
+        credentialId:
+          description: ID for the Factor credential
+          example: dade.murphy@example.com
+          type: string
+    UserFactorToken:
+      title: token
+      allOf:
+        - $ref: '#/components/schemas/UserFactor'
+        - type: object
+          properties:
+            factorType:
+              example: token
+            profile:
+              $ref: '#/components/schemas/UserFactorTokenProfile'
+            provider:
+              enum:
+                - RSA
+                - SYMANTEC
+            verify:
+              oneOf:
+                - $ref: '#/components/schemas/UserFactorTokenVerifyRSA'
+                - $ref: '#/components/schemas/UserFactorTokenVerifySymantec'
+    UserFactorTokenProfile:
+      type: object
+      properties:
+        credentialId:
+          description: ID for the Factor credential
+          example: dade.murphy@example.com
+          type: string
+    UserFactorTokenVerifyRSA:
+      title: RSA SecurID
+      type: object
+      properties:
+        passCode:
+          description: OTP for the current time window
+          type: string
+          example: 5275875498
+    UserFactorTokenVerifySymantec:
+      title: Symantec VIP
+      type: object
+      properties:
+        nextPassCode:
+          description: OTP for the next time window
+          type: integer
+          example: 3956685498
+        passCode:
+          description: OTP for the current time window
+          type: string
+          example: 5275875498
+    UserFactorType:
+      description: Type of Factor
+      type: string
+      enum:
+        - call
+        - email
+        - push
+        - question
+        - signed_nonce
+        - sms
+        - token
+        - token:hardware
+        - token:hotp
+        - token:software:totp
+        - u2f
+        - web
+        - webauthn
+    UserFactorU2F:
+      title: u2f
+      allOf:
+        - $ref: '#/components/schemas/UserFactor'
+        - type: object
+          properties:
+            factorType:
+              example: u2f
+            profile:
+              $ref: '#/components/schemas/UserFactorU2FProfile'
+            provider:
+              enum:
+                - FIDO
+    UserFactorU2FProfile:
+      type: object
+      properties:
+        credentialId:
+          description: ID for the Factor credential
+          example: dade.murphy@example.com
+          type: string
+    UserFactorVerifyRequest:
+      oneOf:
+        - title: call
+          description: Verifies an OTP sent by a `call` Factor challenge. If you omit `passCode` in the request, a new OTP is sent to the phone.
+          properties:
+            passCode:
+              $ref: '#/components/schemas/UserFactorPassCode'
+        - title: sms
+          description: Verifies an OTP sent by a `sms` Factor challenge. If you omit `passCode` in the request, a new OTP is sent to the phone.
+          properties:
+            passCode:
+              $ref: '#/components/schemas/UserFactorPassCode'
+        - title: push
+          type: object
+          nullable: true
+          description: Sends an asynchronous push notification to the device for approval by the user. You must poll the transaction to determine the state of the verification. See [Retrieve a Factor transaction status](./#tag/UserFactor/operation/getFactorTransactionStatus).
+        - title: email
+          description: Verifies an OTP sent by a `email` Factor challenge. If you omit `passCode` in the request, a new OTP is sent to the phone.
+          properties:
+            passCode:
+              $ref: '#/components/schemas/UserFactorPassCode'
+        - title: question
+          description: Verifies an answer to a `question` Factor
+          properties:
+            answer:
+              description: Answer to the question
+              minLength: 4
+              type: string
+              writeOnly: true
+        - title: token:software:totp
+          description: Verifies an OTP for a `token:software:totp` Factor
+          properties:
+            passCode:
+              $ref: '#/components/schemas/UserFactorPassCode'
+        - title: token:hotp
+          description: Verifies an OTP for a `token:hotp` Factor
+          properties:
+            passCode:
+              $ref: '#/components/schemas/UserFactorPassCode'
+        - title: token:hardware
+          description: Verifies an OTP for a `token:hardware` Factor
+          properties:
+            passCode:
+              $ref: '#/components/schemas/UserFactorPassCode'
+        - title: token
+          description: Verifies an OTP for a `token` Factor
+          properties:
+            passCode:
+              $ref: '#/components/schemas/UserFactorPassCode'
+        - title: u2f
+          description: Verifies a `u2f` Factor challenge by posting a signed assertion using the challenge `nonce`
+          properties:
+            clientData:
+              type: string
+              description: Base64-encoded client data from the U2F token
+              example: eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZmluaXNoRW5yb2xsbWVudCIsImNoYWxsZW5nZSI6IlhxR0h0RTBoUkxuVEoxYUF5U1oyIiwib3JpZ2luIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6MzAwMCIsImNpZF9wdWJrZXkiOiJ1bnVzZWQifQ
+            signatureData:
+              description: Base64-encoded signature data from the U2F token
+        - title: webauthn
+          description: Verifies a `webauthn` Factor challenge by posting a signed assertion using the challenge `nonce`
+          properties:
+            authenticatorData:
+              description: Base64-encoded authenticator data from the WebAuthn authenticator
+              type: string
+            clientData:
+              type: string
+              description: Base64-encoded client data from the WebAuthn authenticator
+              example: eyJjaGFsbGVuZ2UiOiJVSk5wYW9sVWt0dF9vcEZPNXJMYyIsIm9yaWdpbiI6Imh0dHBzOi8vcmFpbi5va3RhMS5jb20iLCJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIn0
+            signatureData:
+              type: string
+              description: Base64-encoded signature data from the WebAuthn authenticator
+    UserFactorVerifyResponse:
+      type: object
+      properties:
+        expiresAt:
+          description: Timestamp when the verification expires
+          type: string
+          format: date-time
+          example: '2022-08-25T00:31:00.000Z'
+          readOnly: true
+        factorMessage:
+          description: Optional display message for Factor verification
+          type: string
+          readOnly: true
+          nullable: true
+        factorResult:
+          $ref: '#/components/schemas/UserFactorVerifyResult'
+          readOnly: true
+        _embedded:
+          type: object
+          additionalProperties:
+            type: object
+            properties: {}
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/UserFactorLinks'
+    UserFactorVerifyResult:
+      description: Result of a Factor verification
+      type: string
+      enum:
+        - CHALLENGE
+        - ERROR
+        - EXPIRED
+        - FAILED
+        - PASSCODE_REPLAYED
+        - REJECTED
+        - SUCCESS
+        - TIMEOUT
+        - TIME_WINDOW_EXCEEDED
+        - WAITING
+      x-enumDescriptions:
+        CANCELED: User canceled the verification
+        CHALLENGE: Okta issued a verification challenge
+        ERROR: Verification encountered an unexpected server error
+        EXPIRED: User didn't complete the verification within the allowed time window
+        FAILED: Verification failed
+        PASSCODE_REPLAYED: User previously verified the Factor within the same time window. Another verification is required during another time window.
+        REJECTED: User rejected the verification
+        SUCCESS: User completed the verification
+        TIMEOUT: Okta didn't complete the verification within the allowed time window
+        TIME_WINDOW_EXCEEDED: User completed the verification outside of the allowed time window. Another verification is required.
+        WAITING: Verification is in progress
+    UserFactorWeb:
+      title: web
+      allOf:
+        - $ref: '#/components/schemas/UserFactor'
+        - type: object
+          properties:
+            factorType:
+              example: web
+            profile:
+              $ref: '#/components/schemas/UserFactorWebProfile'
+            provider:
+              enum:
+                - DUO
+    UserFactorWebAuthn:
+      title: webauthn
+      allOf:
+        - $ref: '#/components/schemas/UserFactor'
+        - type: object
+          properties:
+            factorType:
+              example: webauthn
+            profile:
+              $ref: '#/components/schemas/UserFactorWebAuthnProfile'
+            provider:
+              enum:
+                - FIDO
+    UserFactorWebAuthnProfile:
+      type: object
+      properties:
+        authenticatorName:
+          description: Human-readable name of the authenticator
+          example: MacBook Touch ID
+          type: string
+        credentialId:
+          description: ID for the Factor credential
+          example: AHoOEhwvYiMv6SSwLp7KYRNttXtg_kYgQoQiEIWPFH_T3Ztp5Vj3bQ5H0LypIFR8ka8kfiCJ3I5qVpxrsd6JTMWKcE3xNh_U2QVF0Kwlan8Fiw
+          type: string
+    UserFactorWebProfile:
       type: object
+      properties:
+        credentialId:
+          description: ID for the Factor credential
+          example: dade.murphy@example.com
+          type: string
+    UserGetSingleton:
+      allOf:
+        - $ref: '#/components/schemas/User'
+        - type: object
+          properties:
+            _embedded:
+              type: object
+              description: The embedded resources related to the object if the `expand` query parameter is specified
+              properties:
+                blocks:
+                  type: array
+                  description: A list of access block details for the user account
+                  items:
+                    $ref: '#/components/schemas/UserBlock'
+    UserIdentifierConditionEvaluatorPattern:
       description: Used in the User Identifier Condition object. Specifies the details of the patterns to match against.
+      type: object
       properties:
         matchType:
           $ref: '#/components/schemas/UserIdentifierMatchType'
@@ -31506,8 +47135,8 @@ components:
           type: string
           description: The regex expression of a simple match string
     UserIdentifierMatchType:
-      type: string
       description: The type of pattern. For regex, use `EXPRESSION`.
+      type: string
       enum:
         - CONTAINS
         - EQUALS
@@ -31548,21 +47177,25 @@ components:
         preventBruteForceLockoutFromUnknownDevices:
           type: boolean
           description: Prevents brute-force lockout from unknown devices for the password authenticator.
+          default: false
     UserNextLogin:
       type: string
       enum:
         - changePassword
     UserPolicyRuleCondition:
+      description: Specifies a set of Users to be included or excluded
       type: object
       properties:
         exclude:
           type: array
+          description: Users to be excluded
           items:
             type: string
         inactivity:
           $ref: '#/components/schemas/InactivityPolicyRuleCondition'
         include:
           type: array
+          description: Users to be included
           items:
             type: string
         lifecycleExpiration:
@@ -31572,101 +47205,171 @@ components:
         userLifecycleAttribute:
           $ref: '#/components/schemas/UserLifecycleAttributePolicyRuleCondition'
     UserProfile:
-      additionalProperties: true # TODO: revisit
+      additionalProperties: true
+      description: |-
+        Specifies the default and custom profile properties for a user.
+
+        The default user profile is based on the [System for Cross-domain Identity Management: Core Schema](https://datatracker.ietf.org/doc/html/rfc7643).
+        The only permitted customizations of the default profile are to update permissions, change whether the `firstName` and `lastName` properties are nullable, and 
+        specify a [pattern](https://developer.okta.com/docs/reference/api/schemas/#login-pattern-validation) for `login`. You can use the Profile Editor in the administrator UI
+        or the [Schemas API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/UISchema/#tag/UISchema) to make schema modifications.
+
+        You can extend user profiles with custom properties. You must first add the custom property to the user profile schema before you reference it.
+        You can use the Profile Editor in the Admin console or the [Schemas API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/UISchema/#tag/UISchema) to manage schema extensions.
+
+        Custom attributes may contain HTML tags. It's the client's responsibility to escape or encode this data before displaying it. Use [best-practices](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html) to prevent cross-site scripting.
       type: object
       properties:
         city:
           type: string
+          description: The city or locality of the user's address (`locality`)
           maxLength: 128
           nullable: true
         costCenter:
           type: string
+          description: Name of the cost center assigned to a user
+          nullable: true
         countryCode:
+          description: The country name component of the user's address (`country`)
           type: string
           maxLength: 2
           nullable: true
         department:
           type: string
+          description: Name of the user's department
         displayName:
           type: string
+          description: Name of the user suitable for display to end users
+          nullable: true
         division:
           type: string
+          description: Name of the user's division
+          nullable: true
         email:
           type: string
+          description: The primary email address of the user. For validation, see [RFC 5322 Section 3.2.3](https://datatracker.ietf.org/doc/html/rfc5322#section-3.2.3).
           format: email
           minLength: 5
           maxLength: 100
         employeeNumber:
+          description: The organization or company assigned unique identifier for the user
           type: string
         firstName:
           type: string
+          description: Given name of the user (`givenName`)
           minLength: 1
           maxLength: 50
           nullable: true
         honorificPrefix:
           type: string
+          description: Honorific prefix(es) of the user, or title in most Western languages
+          nullable: true
         honorificSuffix:
           type: string
+          description: Honorific suffix(es) of the user
+          nullable: true
         lastName:
           type: string
+          description: The family name of the user (`familyName`)
           minLength: 1
           maxLength: 50
           nullable: true
         locale:
-          $ref: '#/components/schemas/Language'
+          type: string
+          description: |-
+            The user's default location for purposes of localizing items such as currency, date time format, numerical representations, and so on.
+            A locale value is a concatenation of the ISO 639-1 two-letter language code, an underscore, and the ISO 3166-1 two-letter country code. For example, en_US specifies the language English and country US. This value is `en_US` by default.
         login:
           type: string
+          description: The unique identifier for the user (`username`). For validation, see [Login pattern validation](https://developer.okta.com/docs/reference/api/schemas/#login-pattern-validation). See also [Okta login](https://developer.okta.com/docs/reference/api/users/#okta-login).
           maxLength: 100
+          minLength: 5
         manager:
           type: string
+          description: The `displayName` of the user's manager
+          nullable: true
         managerId:
           type: string
+          description: The `id` of the user's manager
+          nullable: true
         middleName:
           type: string
+          description: The middle name of the user
+          nullable: true
         mobilePhone:
           type: string
+          description: The mobile phone number of the user
           maxLength: 100
+          minLength: 0
           nullable: true
         nickName:
           type: string
+          description: The casual way to address the user in real life
+          nullable: true
         organization:
           type: string
+          description: Name of the the user's organization
+          nullable: true
         postalAddress:
           type: string
+          description: Mailing address component of the user's address
           maxLength: 4096
           nullable: true
         preferredLanguage:
           type: string
+          description: The user's preferred written or spoken language
+          nullable: true
         primaryPhone:
           type: string
+          description: The primary phone number of the user such as a home number
           maxLength: 100
+          minLength: 0
           nullable: true
         profileUrl:
           type: string
+          description: The URL of the user's online profile. For example, a web page. See [URL](https://datatracker.ietf.org/doc/html/rfc1808).
+          nullable: true
         secondEmail:
           type: string
           format: email
+          description: The secondary email address of the user typically used for account recovery
           minLength: 5
           maxLength: 100
           nullable: true
         state:
           type: string
+          description: The state or region component of the user's address (`region`)
           maxLength: 128
           nullable: true
         streetAddress:
           type: string
+          description: The full street address component of the user's address
           maxLength: 1024
           nullable: true
         timezone:
           type: string
+          description: The user's time zone
+          nullable: true
         title:
           type: string
+          description: The user's title, such as Vice President
+          nullable: true
         userType:
           type: string
+          description: The property used to describe the organization-to-user relationship, such as employee or contractor
+          nullable: true
         zipCode:
           type: string
+          description: The ZIP code or postal code component of the user's address (`postalCode`)
           maxLength: 50
           nullable: true
+    UserProvisioningApplicationFeature:
+      allOf:
+        - $ref: '#/components/schemas/ApplicationFeature'
+        - type: object
+        - properties:
+            capabilities:
+              $ref: '#/components/schemas/CapabilitiesObject'
     UserSchema:
       type: object
       properties:
@@ -31929,6 +47632,7 @@ components:
         type:
           type: string
     UserStatus:
+      description: The current status of the user
       type: string
       enum:
         - ACTIVE
@@ -31939,6 +47643,7 @@ components:
         - RECOVERY
         - STAGED
         - SUSPENDED
+      readOnly: true
     UserStatusPolicyRuleCondition:
       type: object
       properties:
@@ -31969,7 +47674,7 @@ components:
         id:
           type: string
           description: The unique key for the User Type
-          readOnly: false # This should be editable since it's being used by other models that updates the user type
+          readOnly: true
         lastUpdated:
           type: string
           format: date-time
@@ -32034,7 +47739,7 @@ components:
         - displayName
         - description
     UserVerificationEnum:
-      description: User verification setting
+      description: User verification setting. Possible values `DISCOURAGED` (the authenticator isn't asked to perform user verification, but may do so at its discretion), `PREFERRED` (the client uses an authenticator capable of user verification if possible), or `REQUIRED`(the client uses only an authenticator capable of user verification)
       type: string
       enum:
         - DISCOURAGED
@@ -32053,140 +47758,111 @@ components:
           type: string
         type:
           type: string
-    VerifyFactorRequest:
-      type: object
-      properties:
-        activationToken:
-          type: string
-        answer:
-          type: string
-        attestation:
-          type: string
-        clientData:
-          type: string
-        nextPassCode:
-          type: string
-        passCode:
-          type: string
-        registrationData:
-          type: string
-        stateToken:
-          type: string
-        authenticatorData:
-          type: string
-        signatureData:
-          type: string
-    VerifyUserFactorResponseLinks:
-      type: object
-      properties:
-        self:
-          $ref: '#/components/schemas/HrefObjectSelfLink'
-        poll:
-          $ref: '#/components/schemas/HrefObject'
-        cancel:
-          $ref: '#/components/schemas/HrefObject'
-    VerifyUserFactorResponse:
-      type: object
-      additionalProperties: true
-      properties:
-        expiresAt:
-          type: string
-          format: date-time
-          readOnly: true
-        factorResult:
-          $ref: '#/components/schemas/VerifyUserFactorResult'
-        factorResultMessage:
-          type: string
-        _embedded:
-          type: object
-          additionalProperties:
-            type: object
-            properties: {}
-          readOnly: true
-        _links:
-          $ref: '#/components/schemas/VerifyUserFactorResponseLinks'
-    VerifyUserFactorResult:
-      type: string
-      enum:
-        - CHALLENGE
-        - ERROR
-        - EXPIRED
-        - FAILED
-        - PASSCODE_REPLAYED
-        - REJECTED
-        - SUCCESS
-        - TIMEOUT
-        - TIME_WINDOW_EXCEEDED
-        - WAITING
     Version:
       description: The version specified as a [Semantic Version](https://semver.org/).
       type: string
       pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$
     WebAuthnAttachment:
+      description: Method attachment
       type: string
       enum:
         - ANY
         - BUILT_IN
         - ROAMING
-    WebAuthnUserFactor:
-      allOf:
-        - $ref: '#/components/schemas/UserFactor'
-        - type: object
-          properties:
-            profile:
-              $ref: '#/components/schemas/WebAuthnUserFactorProfile'
-    WebAuthnUserFactorProfile:
+    WebAuthnCredRequest:
+      description: Credential request object for the initialized credential, along with the enrollment and key identifiers to associate with the credential
       type: object
       properties:
-        authenticatorName:
+        authenticatorEnrollmentId:
+          description: ID for a WebAuthn Preregistration Factor in Okta
           type: string
-        credentialId:
+        credRequestJwe:
+          description: Encrypted JWE of credential request for the fulfillment provider
           type: string
-    WebUserFactor:
-      allOf:
-        - $ref: '#/components/schemas/UserFactor'
-        - type: object
-          properties:
-            profile:
-              $ref: '#/components/schemas/WebUserFactorProfile'
-    WebUserFactorProfile:
+        keyId:
+          description: ID for the Okta response key-pair used to encrypt and decrypt credential requests and responses
+          type: string
+    WebAuthnCredResponse:
+      description: Credential response object for enrolled credential details, along with enrollment and key identifiers to associate the credential
       type: object
       properties:
-        credentialId:
+        authenticatorEnrollmentId:
+          description: ID for a WebAuthn Preregistration Factor in Okta
+          type: string
+        credResponseJWE:
+          description: Encrypted JWE of credential response from the fulfillment provider
+          type: string
+    WebAuthnPreregistrationFactor:
+      description: User Factor variant used for WebAuthn Preregistration Factors
+      type: object
+      properties:
+        created:
+          description: Timestamp indicating when the Factor was enrolled
+          type: string
+          format: date-time
+          readOnly: true
+        factorType:
+          $ref: '#/components/schemas/UserFactorType'
+        id:
+          description: ID of the Factor
+          type: string
+          readOnly: true
+        lastUpdated:
+          description: Timestamp indicating when the Factor was last updated
+          type: string
+          format: date-time
+          readOnly: true
+        profile:
+          type: object
+          description: Specific attributes related to the Factor
+        provider:
+          $ref: '#/components/schemas/UserFactorProvider'
+        status:
+          $ref: '#/components/schemas/UserFactorStatus'
+        vendorName:
+          description: Name of the Factor vendor. This is usually the same as the provider.
           type: string
+          example: OKTA
+          readOnly: true
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
     WellKnownAppAuthenticatorConfiguration:
       type: object
       properties:
         appAuthenticatorEnrollEndpoint:
           type: string
+          description: The authenticator enrollment endpoint
         authenticatorId:
           type: string
           description: The unique identifier of the app authenticator
         createdDate:
           type: string
+          description: Timestamp when the Authenticator was created
           format: date-time
         key:
-          type: string
+          $ref: '#/components/schemas/AuthenticatorKeyEnum'
         lastUpdated:
           type: string
+          description: Timestamp when the Authenticator was last modified
           format: date-time
         name:
           type: string
           description: The authenticator display name
         orgId:
           type: string
+          description: The `id` of the Okta Org
         settings:
           type: object
           properties:
             userVerification:
-              type: string
-              $ref: '#/components/schemas/UserVerificationEnum'
+              $ref: '#/components/schemas/CustomAppUserVerificationEnum'
         supportedMethods:
           type: array
           items:
             $ref: '#/components/schemas/SupportedMethods'
         type:
           type: string
+          description: The type of Authenticator
           enum:
             - app
     WellKnownOrgMetadata:
@@ -32216,6 +47892,39 @@ components:
         omEnabled:
           type: boolean
           description: Whether the legacy Okta Mobile application is enabled for the org
+    WellKnownSSFMetadata:
+      title: Shared Signals Framework Metadata
+      description: Metadata about Okta as a transmitter and relevant information for configuration.
+      type: object
+      properties:
+        configuration_endpoint:
+          type: string
+          format: uri
+          description: The URL of the SSF Stream configuration endpoint
+          example: https://{yourOktaDomain}/api/v1/ssf/stream
+        delivery_methods_supported:
+          type: array
+          items:
+            type: string
+            format: uri
+          description: An array of supported SET delivery methods
+          example:
+            - https://schemas.openid.net/secevent/risc/delivery-method/push
+            - urn:ietf:rfc:8935
+        issuer:
+          type: string
+          description: The issuer used in Security Event Tokens. This value is set as `iss` in the claim.
+          example: https://{yourOktaDomain}
+        jwks_uri:
+          type: string
+          description: The URL of the JSON Web Key Set (JWKS) that contains the signing keys for validating the signatures of Security Event Tokens (SETs)
+          format: uri
+          example: https://{yourOktaDomain}/oauth2/v1/keys
+    WidgetGeneration:
+      type: string
+      enum:
+        - G2
+        - G3
     WsFederationApplication:
       x-okta-defined-as:
         name: template_wsfed
@@ -32227,9 +47936,14 @@ components:
               $ref: '#/components/schemas/ApplicationCredentials'
             name:
               type: string
-              default: template_wsfed
+              description: '`template_wsfed` is the key name for a WS-Federated app instance with a SAML 2.0 token'
+              enum:
+                - template_wsfed
             settings:
               $ref: '#/components/schemas/WsFederationApplicationSettings'
+          required:
+            - name
+            - settings
     WsFederationApplicationSettings:
       allOf:
         - $ref: '#/components/schemas/ApplicationSettings'
@@ -32264,6 +47978,127 @@ components:
           type: boolean
         wReplyURL:
           type: string
+    ZoomUsApplication:
+      title: Zoom
+      x-tags:
+        - Application
+      x-okta-defined-as:
+        name: zoomus
+      example:
+        name: zoomus
+        label: Sample Zoom App
+        signOnMode: SAML_2_0
+        settings:
+          app:
+            subDomain: my-zoom-subdomain
+      description: |
+        Schema for the Zoom app (key name: `zoomus`)
+
+        To create a Zoom app, use the [Create an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication) request with the following parameters in the request body.
+        > **Note:** The Zoom app only supports `SAML_2_0` sign-on mode.
+      allOf:
+        - $ref: '#/components/schemas/OINApplication'
+        - type: object
+        - required:
+            - name
+            - label
+            - settings
+          properties:
+            name:
+              type: string
+              enum:
+                - zoomus
+              example: zoomus
+            signOnMode:
+              enum:
+                - SAML_2_0
+            settings:
+              $ref: '#/components/schemas/ZoomUsApplicationSettings'
+    ZoomUsApplicationSettings:
+      allOf:
+        - $ref: '#/components/schemas/ApplicationSettings'
+        - type: object
+        - required:
+            - app
+          properties:
+            app:
+              $ref: '#/components/schemas/ZoomUsApplicationSettingsApplication'
+            signOn:
+              $ref: '#/components/schemas/OINSaml20ApplicationSettingsSignOn'
+    ZoomUsApplicationSettingsApplication:
+      description: Zoom app instance properties
+      type: object
+      properties:
+        subDomain:
+          type: string
+          description: Your Zoom subdomain
+      required:
+        - subDomain
+    ZscalerbyzApplication:
+      title: Zscaler 2.0
+      x-tags:
+        - Application
+      x-okta-defined-as:
+        name: zscalerbyz
+      example:
+        name: zscalerbyz
+        label: Sample Zscaler 2.0 App
+        signOnMode: SAML_2_0
+      description: |
+        Schema for the Zscaler 2.0 app (key name: `zscalerbyz`)
+
+        To create a Zscaler 2.0 app, use the [Create an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication) request with the following parameters in the request body.
+        > **Note:** The Zscaler 2.0 app only supports `BROWSER_PLUGIN` and `SAML_2_0` sign-on modes.
+      allOf:
+        - $ref: '#/components/schemas/OINApplication'
+        - type: object
+        - required:
+            - name
+            - label
+            - settings
+          properties:
+            name:
+              type: string
+              enum:
+                - zscalerbyz
+              example: zscalerbyz
+            signOnMode:
+              enum:
+                - BROWSER_PLUGIN
+                - SAML_2_0
+            settings:
+              $ref: '#/components/schemas/ZscalerbyzApplicationSettings'
+    ZscalerbyzApplicationSettings:
+      allOf:
+        - $ref: '#/components/schemas/ApplicationSettings'
+        - type: object
+        - required:
+            - app
+          properties:
+            app:
+              $ref: '#/components/schemas/ZscalerbyzApplicationSettingsApplication'
+            signOn:
+              $ref: '#/components/schemas/OINSaml20ApplicationSettingsSignOn'
+    ZscalerbyzApplicationSettingsApplication:
+      description: Zscaler app instance properties
+      type: object
+      properties:
+        siteDomain:
+          type: string
+          description: Your Zscaler domain
+    appLink:
+      type: object
+      properties:
+        login:
+          $ref: '#/components/schemas/HrefObjectAppLink'
+        logo:
+          $ref: '#/components/schemas/HrefObjectLogoLink'
+      readOnly: true
+    createdProperty:
+      description: Timestamp when the object was created
+      format: date-time
+      type: string
+      readOnly: true
     enabledPagesType:
       title: enabledPages
       type: string
@@ -32275,6 +48110,11 @@ components:
         SIGN_IN: User sign-in page
         SSPR: Self-service Password Recovery page
         SSR: Self-service Registration page
+    lastUpdatedProperty:
+      format: date-time
+      description: Timestamp when the object was last updated
+      type: string
+      readOnly: true
     postAPIServiceIntegrationInstance:
       allOf:
         - $ref: '#/components/schemas/APIServiceIntegrationInstance'
@@ -32301,6 +48141,94 @@ components:
       required:
         - type
         - grantedScopes
+    profile:
+      description: Specific profile properties for the privileged account
+      additionalProperties:
+        type: object
+        properties: {}
+      type: object
+      readOnly: true
+    subject:
+      nullable: false
+      type: object
+      properties:
+        format:
+          type: string
+          description: The user identifier
+          nullable: false
+          writeOnly: true
+          enum:
+            - opaque
+        id:
+          type: string
+          description: ID of the user
+          writeOnly: true
+          nullable: false
+    userLink:
+      type: object
+      properties:
+        user:
+          $ref: '#/components/schemas/HrefObjectUserLink'
+    schemas-JsonWebKey:
+      description: A [JSON Web Key (JWK)](https://tools.ietf.org/html/rfc7517) is a JSON representation of a cryptographic key. Okta can use these keys to verify the signature of a JWT when provided for the `private_key_jwt` client authentication method or for a signed authorize request object. Okta supports both RSA and Elliptic Curve (EC) keys.
+      type: object
+      properties:
+        alg:
+          $ref: '#/components/schemas/SigningAlgorithm'
+        kid:
+          type: string
+          description: The unique identifier of the key
+        kty:
+          $ref: '#/components/schemas/JsonWebKeyType'
+        status:
+          $ref: '#/components/schemas/JsonWebKeyStatus'
+        use:
+          $ref: '#/components/schemas/JsonWebKeyUse'
+      discriminator:
+        propertyName: kty
+        mapping:
+          EC: '#/components/schemas/JsonWebKeyEC'
+          RSA: '#/components/schemas/JsonWebKeyRsa'
+    JsonWebKeyEC:
+      allOf:
+        - $ref: '#/components/schemas/schemas-JsonWebKey'
+        - type: object
+          properties:
+            x:
+              type: string
+              description: The public x coordinate for the elliptic curve point
+            'y':
+              type: string
+              description: The public y coordinate for the elliptic curve point
+    JsonWebKeyRsa:
+      allOf:
+        - $ref: '#/components/schemas/schemas-JsonWebKey'
+        - type: object
+          properties:
+            e:
+              type: string
+              description: The key exponent of a RSA key
+            'n':
+              type: string
+              description: The modulus of the RSA key
+    JsonWebKeyType:
+      description: The type of public key
+      type: string
+      enum:
+        - EC
+        - RSA
+    JsonWebKeyStatus:
+      description: The status of the public key
+      type: string
+      enum:
+        - ACTIVE
+        - INACTIVE
+    JsonWebKeyUse:
+      description: The intended use of the public key
+      type: string
+      enum:
+        - enc
+        - sig
   securitySchemes:
     apiToken:
       description: 'Pass the API token as the Authorization header value prefixed with SSWS: `Authorization: SSWS {API Token}`'
@@ -32315,87 +48243,100 @@ components:
           authorizationUrl: /oauth2/v1/authorize
           tokenUrl: /oauth2/v1/token
           scopes:
-            okta.agentPools.manage: Allows the app to create and manage agent pools in your Okta organization.
-            okta.agentPools.read: Allows the app to read agent pools in your Okta organization.
-            okta.apiTokens.manage: Allows the app to manage API Tokens in your Okta organization.
-            okta.apiTokens.read: Allows the app to read API Tokens in your Okta organization.
-            okta.appGrants.manage: Allows the app to create and manage grants in your Okta organization.
-            okta.appGrants.read: Allows the app to read grants in your Okta organization.
-            okta.apps.manage: Allows the app to create and manage Apps in your Okta organization.
-            okta.apps.read: Allows the app to read information about Apps in your Okta organization.
-            okta.authenticators.manage: Allows the app to manage all authenticators (e.g. enrollments, reset).
-            okta.authenticators.read: Allows the app to read org authenticators information.
-            okta.authorizationServers.manage: Allows the app to create and manage Authorization Servers in your Okta organization.
-            okta.authorizationServers.read: Allows the app to read information about Authorization Servers in your Okta organization.
-            okta.behaviors.manage: Allows the app to create and manage behavior detection rules in your Okta organization.
-            okta.behaviors.read: Allows the app to read behavior detection rules in your Okta organization.
-            okta.brands.manage: Allows the app to create and manage Brands and Themes in your Okta organization.
-            okta.brands.read: Allows the app to read information about Brands and Themes in your Okta organization.
-            okta.captchas.manage: Allows the app to create and manage CAPTCHAs in your Okta organization.
-            okta.captchas.read: Allows the app to read information about CAPTCHAs in your Okta organization.
-            okta.deviceAssurance.manage: Allows the app to manage device assurances.
-            okta.deviceAssurance.read: Allows the app to read device assurances.
-            okta.devices.manage: Allows the app to manage device status transitions and delete a device.
-            okta.devices.read: Allows the app to read the existing device's profile and search devices.
-            okta.domains.manage: Allows the app to manage custom Domains for your Okta organization.
-            okta.domains.read: Allows the app to read information about custom Domains for your Okta organization.
-            okta.emailDomains.manage: Allows the app to manage Email Domains for your Okta organization.
-            okta.emailDomains.read: Allows the app to read information about Email Domains for your Okta organization.
-            okta.emailServers.manage: Allows the app to manage Email Servers for your Okta organization.
-            okta.emailServers.read: Allows the app to read information about Email Servers for your Okta organization.
-            okta.eventHooks.manage: Allows the app to create and manage Event Hooks in your Okta organization.
-            okta.eventHooks.read: Allows the app to read information about Event Hooks in your Okta organization.
-            okta.features.manage: Allows the app to create and manage Features in your Okta organization.
-            okta.features.read: Allows the app to read information about Features in your Okta organization.
-            okta.groups.manage: Allows the app to manage existing groups in your Okta organization.
-            okta.groups.read: Allows the app to read information about groups and their members in your Okta organization.
+            okta.agentPools.manage: Allows the app to create and manage agent pools in your Okta organization
+            okta.agentPools.read: Allows the app to read agent pools in your Okta organization
+            okta.apiTokens.manage: Allows the app to manage API Tokens in your Okta organization
+            okta.apiTokens.read: Allows the app to read API Tokens in your Okta organization
+            okta.appGrants.manage: Allows the app to create and manage grants in your Okta organization
+            okta.appGrants.read: Allows the app to read grants in your Okta organization
+            okta.apps.manage: Allows the app to create and manage Apps in your Okta organization
+            okta.apps.read: Allows the app to read information about Apps in your Okta organization
+            okta.authenticators.manage: Allows the app to manage all authenticators. For example, enrollments or resets.
+            okta.authenticators.read: Allows the app to read org authenticators information
+            okta.authorizationServers.manage: Allows the app to create and manage Authorization Servers in your Okta organization
+            okta.authorizationServers.read: Allows the app to read information about Authorization Servers in your Okta organization
+            okta.behaviors.manage: Allows the app to create and manage behavior detection rules in your Okta organization
+            okta.behaviors.read: Allows the app to read behavior detection rules in your Okta organization
+            okta.brands.manage: Allows the app to create and manage Brands and Themes in your Okta organization
+            okta.brands.read: Allows the app to read information about Brands and Themes in your Okta organization
+            okta.captchas.manage: Allows the app to create and manage CAPTCHAs in your Okta organization
+            okta.captchas.read: Allows the app to read information about CAPTCHAs in your Okta organization
+            okta.deviceAssurance.manage: Allows the app to manage device assurances
+            okta.deviceAssurance.read: Allows the app to read device assurances
+            okta.devices.manage: Allows the app to manage device status transitions and delete a device
+            okta.devices.read: Allows the app to read the existing device's profile and search devices
+            okta.directories.groups.manage: Allows the app to manage AD/LDAP Groups for your Okta organization
+            okta.domains.manage: Allows the app to manage custom Domains for your Okta organization
+            okta.domains.read: Allows the app to read information about custom Domains for your Okta organization
+            okta.emailDomains.manage: Allows the app to manage Email Domains for your Okta organization
+            okta.emailDomains.read: Allows the app to read information about Email Domains for your Okta organization
+            okta.emailServers.manage: Allows the app to manage Email Servers for your Okta organization
+            okta.emailServers.read: Allows the app to read information about Email Servers for your Okta organization
+            okta.eventHooks.manage: Allows the app to create and manage Event Hooks in your Okta organization
+            okta.eventHooks.read: Allows the app to read information about Event Hooks in your Okta organization
+            okta.features.manage: Allows the app to create and manage Features in your Okta organization
+            okta.features.read: Allows the app to read information about Features in your Okta organization
+            okta.groups.manage: Allows the app to manage existing groups in your Okta organization
+            okta.groups.read: Allows the app to read information about groups and their members in your Okta organization
             okta.identitySources.manage: Allows the custom identity sources to manage user entities in your Okta organization
             okta.identitySources.read: Allows to read session information for custom identity sources in your Okta organization
-            okta.idps.manage: Allows the app to create and manage Identity Providers in your Okta organization.
-            okta.idps.read: Allows the app to read information about Identity Providers in your Okta organization.
-            okta.inlineHooks.manage: Allows the app to create and manage Inline Hooks in your Okta organization.
-            okta.inlineHooks.read: Allows the app to read information about Inline Hooks in your Okta organization.
-            okta.linkedObjects.manage: Allows the app to manage linked object definitions in your Okta organization.
-            okta.linkedObjects.read: Allows the app to read linked object definitions in your Okta organization.
-            okta.logStreams.manage: Allows the app to create and manage log streams in your Okta organization.
-            okta.logStreams.read: Allows the app to read information about log streams in your Okta organization.
-            okta.logs.read: Allows the app to read information about System Log entries in your Okta organization.
-            okta.networkZones.manage: Allows the app to create and manage Network Zones in your Okta organization.
-            okta.networkZones.read: Allows the app to read Network Zones in your Okta organization.
-            okta.oauthIntegrations.manage: Allows the app to create and manage API service Integration instances in your Okta organization.
-            okta.oauthIntegrations.read: Allows the app to read API service Integration instances in your Okta organization.
-            okta.orgs.manage: Allows the app to manage organization-specific details for your Okta organization.
-            okta.orgs.read: Allows the app to read organization-specific details about your Okta organization.
-            okta.policies.manage: Allows the app to manage policies in your Okta organization.
-            okta.policies.read: Allows the app to read information about policies in your Okta organization.
-            okta.principalRateLimits.manage: Allows the app to create and manage Principal Rate Limits in your Okta organization.
-            okta.principalRateLimits.read: Allows the app to read information about Principal Rate Limits in your Okta organization.
-            okta.profileMappings.manage: Allows the app to manage user profile mappings in your Okta organization.
-            okta.profileMappings.read: Allows the app to read user profile mappings in your Okta organization.
-            okta.pushProviders.manage: Allows the app to create and manage push notification providers such as APNs and FCM.
-            okta.pushProviders.read: Allows the app to read push notification providers such as APNs and FCM.
-            okta.rateLimits.manage: Allows the app to create and manage rate limits in your Okta organization.
-            okta.rateLimits.read: Allows the app to read information about rate limits in your Okta organization.
-            okta.realms.manage: Allows the app to create new realms and to manage their details.
-            okta.realms.read: Allows the app to read the existing realms and their details.
-            okta.riskEvents.manage: Allows the app to publish risk events to your Okta organization.
-            okta.riskProviders.manage: Allows the app to create and manage risk provider integrations in your Okta organization.
-            okta.riskProviders.read: Allows the app to read all risk provider integrations in your Okta organization.
-            okta.roles.manage: Allows the app to manage administrative role assignments for users in your Okta organization.
-            okta.roles.read: Allows the app to read administrative role assignments for users in your Okta organization.
-            okta.schemas.manage: Allows the app to create and manage Schemas in your Okta organization.
-            okta.schemas.read: Allows the app to read information about Schemas in your Okta organization.
-            okta.sessions.manage: Allows the app to manage all sessions in your Okta organization.
-            okta.sessions.read: Allows the app to read all sessions in your Okta organization.
-            okta.templates.manage: Allows the app to manage all custom templates in your Okta organization.
-            okta.templates.read: Allows the app to read all custom templates in your Okta organization.
-            okta.threatInsights.manage: Allows the app to manage all ThreatInsight configurations in your Okta organization.
-            okta.threatInsights.read: Allows the app to read all ThreatInsight configurations in your Okta organization.
-            okta.trustedOrigins.manage: Allows the app to manage all Trusted Origins in your Okta organization.
-            okta.trustedOrigins.read: Allows the app to read all Trusted Origins in your Okta organization.
-            okta.uischemas.manage: Allows the app to manage all the UI Schemas in your Okta organization.
-            okta.uischemas.read: Allows the app to read all the UI Schemas in your Okta organization.
-            okta.userTypes.manage: Allows the app to manage user types in your Okta organization.
-            okta.userTypes.read: Allows the app to read user types in your Okta organization.
-            okta.users.manage: Allows the app to create new users and to manage all users' profile and credentials information.
-            okta.users.read: Allows the app to read the existing users' profiles and credentials.
+            okta.idps.manage: Allows the app to create and manage Identity Providers in your Okta organization
+            okta.idps.read: Allows the app to read information about Identity Providers in your Okta organization
+            okta.inlineHooks.manage: Allows the app to create and manage Inline Hooks in your Okta organization
+            okta.inlineHooks.read: Allows the app to read information about Inline Hooks in your Okta organization
+            okta.linkedObjects.manage: Allows the app to manage linked object definitions in your Okta organization
+            okta.linkedObjects.read: Allows the app to read linked object definitions in your Okta organization
+            okta.logStreams.manage: Allows the app to create and manage log streams in your Okta organization
+            okta.logStreams.read: Allows the app to read information about log streams in your Okta organization
+            okta.logs.read: Allows the app to read information about System Log entries in your Okta organization
+            okta.manifests.manage: Allows the app to manage OIN submissions in your Okta organization
+            okta.manifests.read: Allows the app to read OIN submissions in your Okta organization
+            okta.networkZones.manage: Allows the app to create and manage Network Zones in your Okta organization
+            okta.networkZones.read: Allows the app to read Network Zones in your Okta organization
+            okta.oauthIntegrations.manage: Allows the app to create and manage API service Integration instances in your Okta organization
+            okta.oauthIntegrations.read: Allows the app to read API service Integration instances in your Okta organization
+            okta.orgs.manage: Allows the app to manage organization-specific details for your Okta organization
+            okta.orgs.read: Allows the app to read organization-specific details about your Okta organization
+            okta.policies.manage: Allows the app to manage policies in your Okta organization
+            okta.policies.read: Allows the app to read information about policies in your Okta organization
+            okta.principalRateLimits.manage: Allows the app to create and manage Principal Rate Limits in your Okta organization
+            okta.principalRateLimits.read: Allows the app to read information about Principal Rate Limits in your Okta organization
+            okta.privilegedResources.manage: Allows the app to create privileged resources and manage their details
+            okta.privilegedResources.read: Allows the app to read the details of existing privileged resources
+            okta.profileMappings.manage: Allows the app to manage user profile mappings in your Okta organization
+            okta.profileMappings.read: Allows the app to read user profile mappings in your Okta organization
+            okta.pushProviders.manage: Allows the app to create and manage push notification providers such as APNs and FCM
+            okta.pushProviders.read: Allows the app to read push notification providers such as APNs and FCM
+            okta.rateLimits.manage: Allows the app to create and manage rate limits in your Okta organization
+            okta.rateLimits.read: Allows the app to read information about rate limits in your Okta organization
+            okta.realmAssignments.manage: Allows a user to manage realm assignments
+            okta.realmAssignments.read: Allows a user to read realm assignments
+            okta.realms.manage: Allows the app to create new realms and to manage their details
+            okta.realms.read: Allows the app to read the existing realms and their details
+            okta.resourceSelectors.manage: Allows the app to manage resource selectors in your Okta org
+            okta.resourceSelectors.read: Allows the app to read resource selectors in your Okta org
+            okta.riskEvents.manage: Allows the app to publish risk events to your Okta organization
+            okta.riskProviders.manage: Allows the app to create and manage risk provider integrations in your Okta organization
+            okta.riskProviders.read: Allows the app to read all risk provider integrations in your Okta organization
+            okta.roles.manage: Allows the app to manage administrative role assignments for users in your Okta organization. Delegated admins with this permission can only manage user credential fields and not the credential values themselves.
+            okta.roles.read: Allows the app to read administrative role assignments for users in your Okta organization. Delegated admins with this permission can only manage user credential fields and not the credential values themselves.
+            okta.schemas.manage: Allows the app to create and manage Schemas in your Okta organization
+            okta.schemas.read: Allows the app to read information about Schemas in your Okta organization
+            okta.securityEventsProviders.manage: Allows the app to create and manage Security Events Providers in your Okta organization
+            okta.securityEventsProviders.read: Allows the app to read information about Security Events Providers in your Okta organization
+            okta.sessions.manage: Allows the app to manage all sessions in your Okta organization
+            okta.sessions.read: Allows the app to read all sessions in your Okta organization
+            okta.templates.manage: Allows the app to manage all custom templates in your Okta organization
+            okta.templates.read: Allows the app to read all custom templates in your Okta organization
+            okta.threatInsights.manage: Allows the app to manage all ThreatInsight configurations in your Okta organization
+            okta.threatInsights.read: Allows the app to read all ThreatInsight configurations in your Okta organization
+            okta.trustedOrigins.manage: Allows the app to manage all Trusted Origins in your Okta organization
+            okta.trustedOrigins.read: Allows the app to read all Trusted Origins in your Okta organization
+            okta.uischemas.manage: Allows the app to manage all the UI Schemas in your Okta organization
+            okta.uischemas.read: Allows the app to read all the UI Schemas in your Okta organization
+            okta.userTypes.manage: Allows the app to manage user types in your Okta organization
+            okta.userTypes.read: Allows the app to read user types in your Okta organization
+            okta.users.manage: Allows the app to create new users and to manage all users' profile and credentials information
+            okta.users.read: Allows the app to read the existing users' profiles and credentials
+            ssf.manage: Allows the app to create and manage Shared Signals Framework (SSF) in your Okta organization
+            ssf.read: Allows the app to read information about Shared Signals Framework (SSF) in your Okta organization
diff --git a/src/Okta.Sdk/Model/AAGUIDGroupObject.cs b/src/Okta.Sdk/Model/AAGUIDGroupObject.cs
new file mode 100644
index 000000000..5b58b36bf
--- /dev/null
+++ b/src/Okta.Sdk/Model/AAGUIDGroupObject.cs
@@ -0,0 +1,133 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// &lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt; The AAGUID Group object supports the Early Access (Self-Service) Allow List for FIDO2 (WebAuthn) Authenticators feature. Enable the feature for your org from the **Settings** &gt; **Features** page in the Admin Console.  This feature has several limitations when enrolling a security key:   - Enrollment is currently unsupported on Firefox.   - Enrollment is currently unsupported on Chrome if User Verification is set to DISCOURAGED and a PIN is set on the security key.   - If prompted during enrollment, users must allow Okta to see the make and model of the security key. 
+    /// </summary>
+    [DataContract(Name = "AAGUIDGroupObject")]
+    
+    public partial class AAGUIDGroupObject : IEquatable<AAGUIDGroupObject>
+    {
+        
+        /// <summary>
+        /// A list of YubiKey hardware FIDO2 Authenticator Attestation Global Unique Identifiers (AAGUIDs). The available [AAGUIDs](https://support.yubico.com/hc/en-us/articles/360016648959-YubiKey-Hardware-FIDO2-AAGUIDs) (opens new window) are provided by the FIDO Alliance Metadata Service.
+        /// </summary>
+        /// <value>A list of YubiKey hardware FIDO2 Authenticator Attestation Global Unique Identifiers (AAGUIDs). The available [AAGUIDs](https://support.yubico.com/hc/en-us/articles/360016648959-YubiKey-Hardware-FIDO2-AAGUIDs) (opens new window) are provided by the FIDO Alliance Metadata Service.</value>
+        [DataMember(Name = "aaguids", EmitDefaultValue = true)]
+        public List<string> Aaguids { get; set; }
+
+        /// <summary>
+        /// A name to identify the group of YubiKey hardware FIDO2 AAGUIDs
+        /// </summary>
+        /// <value>A name to identify the group of YubiKey hardware FIDO2 AAGUIDs</value>
+        [DataMember(Name = "name", EmitDefaultValue = true)]
+        public string Name { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AAGUIDGroupObject {\n");
+            sb.Append("  Aaguids: ").Append(Aaguids).Append("\n");
+            sb.Append("  Name: ").Append(Name).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AAGUIDGroupObject);
+        }
+
+        /// <summary>
+        /// Returns true if AAGUIDGroupObject instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AAGUIDGroupObject to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AAGUIDGroupObject input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Aaguids == input.Aaguids ||
+                    this.Aaguids != null &&
+                    input.Aaguids != null &&
+                    this.Aaguids.SequenceEqual(input.Aaguids)
+                ) && 
+                (
+                    this.Name == input.Name ||
+                    (this.Name != null &&
+                    this.Name.Equals(input.Name))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Aaguids != null)
+                {
+                    hashCode = (hashCode * 59) + this.Aaguids.GetHashCode();
+                }
+                if (this.Name != null)
+                {
+                    hashCode = (hashCode * 59) + this.Name.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/APIServiceIntegrationInstance.cs b/src/Okta.Sdk/Model/APIServiceIntegrationInstance.cs
index be64b3651..48d45c285 100644
--- a/src/Okta.Sdk/Model/APIServiceIntegrationInstance.cs
+++ b/src/Okta.Sdk/Model/APIServiceIntegrationInstance.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/APIServiceIntegrationInstanceSecret.cs b/src/Okta.Sdk/Model/APIServiceIntegrationInstanceSecret.cs
index cbbc28d12..c25f26edc 100644
--- a/src/Okta.Sdk/Model/APIServiceIntegrationInstanceSecret.cs
+++ b/src/Okta.Sdk/Model/APIServiceIntegrationInstanceSecret.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/APIServiceIntegrationLinks.cs b/src/Okta.Sdk/Model/APIServiceIntegrationLinks.cs
index 6216c943e..0c4605237 100644
--- a/src/Okta.Sdk/Model/APIServiceIntegrationLinks.cs
+++ b/src/Okta.Sdk/Model/APIServiceIntegrationLinks.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/APIServiceIntegrationSecretLinks.cs b/src/Okta.Sdk/Model/APIServiceIntegrationSecretLinks.cs
index d05720cf1..2e8f7d2c1 100644
--- a/src/Okta.Sdk/Model/APIServiceIntegrationSecretLinks.cs
+++ b/src/Okta.Sdk/Model/APIServiceIntegrationSecretLinks.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/APNSConfiguration.cs b/src/Okta.Sdk/Model/APNSConfiguration.cs
index ddc0d236a..1c22caa74 100644
--- a/src/Okta.Sdk/Model/APNSConfiguration.cs
+++ b/src/Okta.Sdk/Model/APNSConfiguration.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/APNSPushProvider.cs b/src/Okta.Sdk/Model/APNSPushProvider.cs
index f3bcfcda8..ea0131038 100644
--- a/src/Okta.Sdk/Model/APNSPushProvider.cs
+++ b/src/Okta.Sdk/Model/APNSPushProvider.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AccessPolicy.cs b/src/Okta.Sdk/Model/AccessPolicy.cs
index c27fad156..980493b8c 100644
--- a/src/Okta.Sdk/Model/AccessPolicy.cs
+++ b/src/Okta.Sdk/Model/AccessPolicy.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -33,6 +33,8 @@ namespace Okta.Sdk.Model
     [DataContract(Name = "AccessPolicy")]
     [JsonConverter(typeof(JsonSubtypes), "Type")]
     [JsonSubtypes.KnownSubType(typeof(AccessPolicy), "ACCESS_POLICY")]
+    [JsonSubtypes.KnownSubType(typeof(ContinuousAccessPolicy), "CONTINUOUS_ACCESS")]
+    [JsonSubtypes.KnownSubType(typeof(EntityRiskPolicy), "ENTITY_RISK")]
     [JsonSubtypes.KnownSubType(typeof(IdpDiscoveryPolicy), "IDP_DISCOVERY")]
     [JsonSubtypes.KnownSubType(typeof(MultifactorEnrollmentPolicy), "MFA_ENROLL")]
     [JsonSubtypes.KnownSubType(typeof(OktaSignOnPolicy), "OKTA_SIGN_ON")]
diff --git a/src/Okta.Sdk/Model/AccessPolicyConstraint.cs b/src/Okta.Sdk/Model/AccessPolicyConstraint.cs
index 5d412c719..4dc3265f9 100644
--- a/src/Okta.Sdk/Model/AccessPolicyConstraint.cs
+++ b/src/Okta.Sdk/Model/AccessPolicyConstraint.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -219,30 +219,30 @@ public TypesEnum(string value)
         public List<TypesEnum> Types { get; set; }
         
         /// <summary>
-        /// The duration after which the user must re-authenticate regardless of user activity. This re-authentication interval overrides the Verification Method object&#39;s &#x60;reauthenticateIn&#x60; interval. The supported values use ISO 8601 period format for recurring time intervals (for example, &#x60;PT1H&#x60;).
-        /// </summary>
-        /// <value>The duration after which the user must re-authenticate regardless of user activity. This re-authentication interval overrides the Verification Method object&#39;s &#x60;reauthenticateIn&#x60; interval. The supported values use ISO 8601 period format for recurring time intervals (for example, &#x60;PT1H&#x60;).</value>
-        [DataMember(Name = "reauthenticateIn", EmitDefaultValue = true)]
-        public string ReauthenticateIn { get; set; }
-
-        /// <summary>
-        /// This property specifies the precise authenticator and method for authentication.
+        /// This property specifies the precise authenticator and method for authentication. &lt;x-lifecycle class&#x3D;\&quot;oie\&quot;&gt;&lt;/x-lifecycle&gt;
         /// </summary>
-        /// <value>This property specifies the precise authenticator and method for authentication.</value>
+        /// <value>This property specifies the precise authenticator and method for authentication. &lt;x-lifecycle class&#x3D;\&quot;oie\&quot;&gt;&lt;/x-lifecycle&gt;</value>
         [DataMember(Name = "authenticationMethods", EmitDefaultValue = true)]
         public List<AuthenticationMethodObject> AuthenticationMethods { get; set; }
 
         /// <summary>
-        /// This property specifies the precise authenticator and method to exclude from authentication.
+        /// This property specifies the precise authenticator and method to exclude from authentication. &lt;x-lifecycle class&#x3D;\&quot;oie\&quot;&gt;&lt;/x-lifecycle&gt;
         /// </summary>
-        /// <value>This property specifies the precise authenticator and method to exclude from authentication.</value>
+        /// <value>This property specifies the precise authenticator and method to exclude from authentication. &lt;x-lifecycle class&#x3D;\&quot;oie\&quot;&gt;&lt;/x-lifecycle&gt;</value>
         [DataMember(Name = "excludedAuthenticationMethods", EmitDefaultValue = true)]
         public List<AuthenticationMethodObject> ExcludedAuthenticationMethods { get; set; }
 
         /// <summary>
-        /// This property indicates whether the knowledge or possession factor is required by the assurance. It&#39;s optional in the request, but is always returned in the response. By default, this field is &#x60;true&#x60;. If the knowledge or possession constraint has values for&#x60;excludedAuthenticationMethods&#x60; the &#x60;required&#x60; value is false.
+        /// The duration after which the user must re-authenticate regardless of user activity. This re-authentication interval overrides the Verification Method object&#39;s &#x60;reauthenticateIn&#x60; interval. The supported values use ISO 8601 period format for recurring time intervals (for example, &#x60;PT1H&#x60;).
+        /// </summary>
+        /// <value>The duration after which the user must re-authenticate regardless of user activity. This re-authentication interval overrides the Verification Method object&#39;s &#x60;reauthenticateIn&#x60; interval. The supported values use ISO 8601 period format for recurring time intervals (for example, &#x60;PT1H&#x60;).</value>
+        [DataMember(Name = "reauthenticateIn", EmitDefaultValue = true)]
+        public string ReauthenticateIn { get; set; }
+
+        /// <summary>
+        /// This property indicates whether the knowledge or possession factor is required by the assurance. It&#39;s optional in the request, but is always returned in the response. By default, this field is &#x60;true&#x60;. If the knowledge or possession constraint has values for &#x60;excludedAuthenticationMethods&#x60; the &#x60;required&#x60; value is false. &lt;x-lifecycle class&#x3D;\&quot;oie\&quot;&gt;&lt;/x-lifecycle&gt;
         /// </summary>
-        /// <value>This property indicates whether the knowledge or possession factor is required by the assurance. It&#39;s optional in the request, but is always returned in the response. By default, this field is &#x60;true&#x60;. If the knowledge or possession constraint has values for&#x60;excludedAuthenticationMethods&#x60; the &#x60;required&#x60; value is false.</value>
+        /// <value>This property indicates whether the knowledge or possession factor is required by the assurance. It&#39;s optional in the request, but is always returned in the response. By default, this field is &#x60;true&#x60;. If the knowledge or possession constraint has values for &#x60;excludedAuthenticationMethods&#x60; the &#x60;required&#x60; value is false. &lt;x-lifecycle class&#x3D;\&quot;oie\&quot;&gt;&lt;/x-lifecycle&gt;</value>
         [DataMember(Name = "required", EmitDefaultValue = true)]
         public bool Required { get; set; }
 
@@ -254,12 +254,12 @@ public override string ToString()
         {
             StringBuilder sb = new StringBuilder();
             sb.Append("class AccessPolicyConstraint {\n");
-            sb.Append("  Methods: ").Append(Methods).Append("\n");
-            sb.Append("  ReauthenticateIn: ").Append(ReauthenticateIn).Append("\n");
-            sb.Append("  Types: ").Append(Types).Append("\n");
             sb.Append("  AuthenticationMethods: ").Append(AuthenticationMethods).Append("\n");
             sb.Append("  ExcludedAuthenticationMethods: ").Append(ExcludedAuthenticationMethods).Append("\n");
+            sb.Append("  Methods: ").Append(Methods).Append("\n");
+            sb.Append("  ReauthenticateIn: ").Append(ReauthenticateIn).Append("\n");
             sb.Append("  Required: ").Append(Required).Append("\n");
+            sb.Append("  Types: ").Append(Types).Append("\n");
             sb.Append("}\n");
             return sb.ToString();
         }
@@ -295,19 +295,6 @@ public bool Equals(AccessPolicyConstraint input)
                 return false;
             }
             return 
-                (
-                    this.Methods == input.Methods ||
-                    this.Methods.SequenceEqual(input.Methods)
-                ) && 
-                (
-                    this.ReauthenticateIn == input.ReauthenticateIn ||
-                    (this.ReauthenticateIn != null &&
-                    this.ReauthenticateIn.Equals(input.ReauthenticateIn))
-                ) && 
-                (
-                    this.Types == input.Types ||
-                    this.Types.SequenceEqual(input.Types)
-                ) && 
                 (
                     this.AuthenticationMethods == input.AuthenticationMethods ||
                     this.AuthenticationMethods != null &&
@@ -320,9 +307,22 @@ public bool Equals(AccessPolicyConstraint input)
                     input.ExcludedAuthenticationMethods != null &&
                     this.ExcludedAuthenticationMethods.SequenceEqual(input.ExcludedAuthenticationMethods)
                 ) && 
+                (
+                    this.Methods == input.Methods ||
+                    this.Methods.SequenceEqual(input.Methods)
+                ) && 
+                (
+                    this.ReauthenticateIn == input.ReauthenticateIn ||
+                    (this.ReauthenticateIn != null &&
+                    this.ReauthenticateIn.Equals(input.ReauthenticateIn))
+                ) && 
                 (
                     this.Required == input.Required ||
                     this.Required.Equals(input.Required)
+                ) && 
+                (
+                    this.Types == input.Types ||
+                    this.Types.SequenceEqual(input.Types)
                 );
         }
 
@@ -336,6 +336,14 @@ public override int GetHashCode()
             {
                 int hashCode = 41;
                 
+                if (this.AuthenticationMethods != null)
+                {
+                    hashCode = (hashCode * 59) + this.AuthenticationMethods.GetHashCode();
+                }
+                if (this.ExcludedAuthenticationMethods != null)
+                {
+                    hashCode = (hashCode * 59) + this.ExcludedAuthenticationMethods.GetHashCode();
+                }
                 if (this.Methods != null)
                 {
                     hashCode = (hashCode * 59) + this.Methods.GetHashCode();
@@ -344,19 +352,11 @@ public override int GetHashCode()
                 {
                     hashCode = (hashCode * 59) + this.ReauthenticateIn.GetHashCode();
                 }
+                hashCode = (hashCode * 59) + this.Required.GetHashCode();
                 if (this.Types != null)
                 {
                     hashCode = (hashCode * 59) + this.Types.GetHashCode();
                 }
-                if (this.AuthenticationMethods != null)
-                {
-                    hashCode = (hashCode * 59) + this.AuthenticationMethods.GetHashCode();
-                }
-                if (this.ExcludedAuthenticationMethods != null)
-                {
-                    hashCode = (hashCode * 59) + this.ExcludedAuthenticationMethods.GetHashCode();
-                }
-                hashCode = (hashCode * 59) + this.Required.GetHashCode();
                 return hashCode;
             }
         }
diff --git a/src/Okta.Sdk/Model/AccessPolicyConstraints.cs b/src/Okta.Sdk/Model/AccessPolicyConstraints.cs
index 118f4dc75..c3f1a4e50 100644
--- a/src/Okta.Sdk/Model/AccessPolicyConstraints.cs
+++ b/src/Okta.Sdk/Model/AccessPolicyConstraints.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AccessPolicyRule.cs b/src/Okta.Sdk/Model/AccessPolicyRule.cs
index c6a18447b..964a12428 100644
--- a/src/Okta.Sdk/Model/AccessPolicyRule.cs
+++ b/src/Okta.Sdk/Model/AccessPolicyRule.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -33,6 +33,8 @@ namespace Okta.Sdk.Model
     [DataContract(Name = "AccessPolicyRule")]
     [JsonConverter(typeof(JsonSubtypes), "Type")]
     [JsonSubtypes.KnownSubType(typeof(AccessPolicyRule), "ACCESS_POLICY")]
+    [JsonSubtypes.KnownSubType(typeof(ContinuousAccessPolicyRule), "CONTINUOUS_ACCESS")]
+    [JsonSubtypes.KnownSubType(typeof(EntityRiskPolicyRule), "ENTITY_RISK")]
     [JsonSubtypes.KnownSubType(typeof(IdpDiscoveryPolicyRule), "IDP_DISCOVERY")]
     [JsonSubtypes.KnownSubType(typeof(PasswordPolicyRule), "PASSWORD")]
     [JsonSubtypes.KnownSubType(typeof(ProfileEnrollmentPolicyRule), "PROFILE_ENROLLMENT")]
diff --git a/src/Okta.Sdk/Model/AccessPolicyRuleActions.cs b/src/Okta.Sdk/Model/AccessPolicyRuleActions.cs
index 01748038b..70b7d4b51 100644
--- a/src/Okta.Sdk/Model/AccessPolicyRuleActions.cs
+++ b/src/Okta.Sdk/Model/AccessPolicyRuleActions.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AccessPolicyRuleApplicationSignOn.cs b/src/Okta.Sdk/Model/AccessPolicyRuleApplicationSignOn.cs
index 8db914b13..7eb2054f2 100644
--- a/src/Okta.Sdk/Model/AccessPolicyRuleApplicationSignOn.cs
+++ b/src/Okta.Sdk/Model/AccessPolicyRuleApplicationSignOn.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AccessPolicyRuleConditions.cs b/src/Okta.Sdk/Model/AccessPolicyRuleConditions.cs
index 8946ba427..3632589d6 100644
--- a/src/Okta.Sdk/Model/AccessPolicyRuleConditions.cs
+++ b/src/Okta.Sdk/Model/AccessPolicyRuleConditions.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AccessPolicyRuleCustomCondition.cs b/src/Okta.Sdk/Model/AccessPolicyRuleCustomCondition.cs
index 4aec6e819..19ebb4fc4 100644
--- a/src/Okta.Sdk/Model/AccessPolicyRuleCustomCondition.cs
+++ b/src/Okta.Sdk/Model/AccessPolicyRuleCustomCondition.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AcsEndpoint.cs b/src/Okta.Sdk/Model/AcsEndpoint.cs
index 55696042b..07bab3100 100644
--- a/src/Okta.Sdk/Model/AcsEndpoint.cs
+++ b/src/Okta.Sdk/Model/AcsEndpoint.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/Actions.cs b/src/Okta.Sdk/Model/Actions.cs
new file mode 100644
index 000000000..8b6488bfd
--- /dev/null
+++ b/src/Okta.Sdk/Model/Actions.cs
@@ -0,0 +1,114 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Actions
+    /// </summary>
+    [DataContract(Name = "Actions")]
+    
+    public partial class Actions : IEquatable<Actions>
+    {
+        
+        /// <summary>
+        /// Gets or Sets AssignUserToRealm
+        /// </summary>
+        [DataMember(Name = "assignUserToRealm", EmitDefaultValue = true)]
+        public AssignUserToRealm AssignUserToRealm { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class Actions {\n");
+            sb.Append("  AssignUserToRealm: ").Append(AssignUserToRealm).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as Actions);
+        }
+
+        /// <summary>
+        /// Returns true if Actions instances are equal
+        /// </summary>
+        /// <param name="input">Instance of Actions to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(Actions input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.AssignUserToRealm == input.AssignUserToRealm ||
+                    (this.AssignUserToRealm != null &&
+                    this.AssignUserToRealm.Equals(input.AssignUserToRealm))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.AssignUserToRealm != null)
+                {
+                    hashCode = (hashCode * 59) + this.AssignUserToRealm.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AdminConsoleSettings.cs b/src/Okta.Sdk/Model/AdminConsoleSettings.cs
new file mode 100644
index 000000000..44ece5770
--- /dev/null
+++ b/src/Okta.Sdk/Model/AdminConsoleSettings.cs
@@ -0,0 +1,124 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Settings specific to the Okta Admin Console
+    /// </summary>
+    [DataContract(Name = "AdminConsoleSettings")]
+    
+    public partial class AdminConsoleSettings : IEquatable<AdminConsoleSettings>
+    {
+        
+        /// <summary>
+        /// The maximum idle time before the Okta Admin Console session expires. Must be no more than 12 hours.
+        /// </summary>
+        /// <value>The maximum idle time before the Okta Admin Console session expires. Must be no more than 12 hours.</value>
+        [DataMember(Name = "sessionIdleTimeoutMinutes", EmitDefaultValue = true)]
+        public int SessionIdleTimeoutMinutes { get; set; }
+
+        /// <summary>
+        /// The absolute maximum session lifetime of the Okta Admin Console. Must be no more than 7 days.
+        /// </summary>
+        /// <value>The absolute maximum session lifetime of the Okta Admin Console. Must be no more than 7 days.</value>
+        [DataMember(Name = "sessionMaxLifetimeMinutes", EmitDefaultValue = true)]
+        public int SessionMaxLifetimeMinutes { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AdminConsoleSettings {\n");
+            sb.Append("  SessionIdleTimeoutMinutes: ").Append(SessionIdleTimeoutMinutes).Append("\n");
+            sb.Append("  SessionMaxLifetimeMinutes: ").Append(SessionMaxLifetimeMinutes).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AdminConsoleSettings);
+        }
+
+        /// <summary>
+        /// Returns true if AdminConsoleSettings instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AdminConsoleSettings to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AdminConsoleSettings input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.SessionIdleTimeoutMinutes == input.SessionIdleTimeoutMinutes ||
+                    this.SessionIdleTimeoutMinutes.Equals(input.SessionIdleTimeoutMinutes)
+                ) && 
+                (
+                    this.SessionMaxLifetimeMinutes == input.SessionMaxLifetimeMinutes ||
+                    this.SessionMaxLifetimeMinutes.Equals(input.SessionMaxLifetimeMinutes)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                hashCode = (hashCode * 59) + this.SessionIdleTimeoutMinutes.GetHashCode();
+                hashCode = (hashCode * 59) + this.SessionMaxLifetimeMinutes.GetHashCode();
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/Agent.cs b/src/Okta.Sdk/Model/Agent.cs
index 4a22bf8e3..387a0ce96 100644
--- a/src/Okta.Sdk/Model/Agent.cs
+++ b/src/Okta.Sdk/Model/Agent.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AgentAction.cs b/src/Okta.Sdk/Model/AgentAction.cs
new file mode 100644
index 000000000..3a427a090
--- /dev/null
+++ b/src/Okta.Sdk/Model/AgentAction.cs
@@ -0,0 +1,131 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Details about the AD Group membership update
+    /// </summary>
+    [DataContract(Name = "AgentAction")]
+    
+    public partial class AgentAction : IEquatable<AgentAction>
+    {
+        
+        /// <summary>
+        /// ID of the AD group to update
+        /// </summary>
+        /// <value>ID of the AD group to update</value>
+        [DataMember(Name = "id", EmitDefaultValue = true)]
+        public string Id { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Parameters
+        /// </summary>
+        [DataMember(Name = "parameters", EmitDefaultValue = true)]
+        public Parameters Parameters { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AgentAction {\n");
+            sb.Append("  Id: ").Append(Id).Append("\n");
+            sb.Append("  Parameters: ").Append(Parameters).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AgentAction);
+        }
+
+        /// <summary>
+        /// Returns true if AgentAction instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AgentAction to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AgentAction input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Id == input.Id ||
+                    (this.Id != null &&
+                    this.Id.Equals(input.Id))
+                ) && 
+                (
+                    this.Parameters == input.Parameters ||
+                    (this.Parameters != null &&
+                    this.Parameters.Equals(input.Parameters))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Id != null)
+                {
+                    hashCode = (hashCode * 59) + this.Id.GetHashCode();
+                }
+                if (this.Parameters != null)
+                {
+                    hashCode = (hashCode * 59) + this.Parameters.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AgentPool.cs b/src/Okta.Sdk/Model/AgentPool.cs
index 04b52dd04..d207d8bdb 100644
--- a/src/Okta.Sdk/Model/AgentPool.cs
+++ b/src/Okta.Sdk/Model/AgentPool.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AgentPoolUpdate.cs b/src/Okta.Sdk/Model/AgentPoolUpdate.cs
index 487d36de7..cc5e7f4eb 100644
--- a/src/Okta.Sdk/Model/AgentPoolUpdate.cs
+++ b/src/Okta.Sdk/Model/AgentPoolUpdate.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AgentPoolUpdateSetting.cs b/src/Okta.Sdk/Model/AgentPoolUpdateSetting.cs
index 58c4dfaee..4e88f72af 100644
--- a/src/Okta.Sdk/Model/AgentPoolUpdateSetting.cs
+++ b/src/Okta.Sdk/Model/AgentPoolUpdateSetting.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AgentType.cs b/src/Okta.Sdk/Model/AgentType.cs
index 536082dd1..2d6527243 100644
--- a/src/Okta.Sdk/Model/AgentType.cs
+++ b/src/Okta.Sdk/Model/AgentType.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AgentUpdateInstanceStatus.cs b/src/Okta.Sdk/Model/AgentUpdateInstanceStatus.cs
index 043bf6113..bc20ea0ec 100644
--- a/src/Okta.Sdk/Model/AgentUpdateInstanceStatus.cs
+++ b/src/Okta.Sdk/Model/AgentUpdateInstanceStatus.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AgentUpdateJobStatus.cs b/src/Okta.Sdk/Model/AgentUpdateJobStatus.cs
index e23f99d7e..338de3cb7 100644
--- a/src/Okta.Sdk/Model/AgentUpdateJobStatus.cs
+++ b/src/Okta.Sdk/Model/AgentUpdateJobStatus.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AllowedForEnum.cs b/src/Okta.Sdk/Model/AllowedForEnum.cs
index e6de7fe41..ba184468d 100644
--- a/src/Okta.Sdk/Model/AllowedForEnum.cs
+++ b/src/Okta.Sdk/Model/AllowedForEnum.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -26,8 +26,9 @@
 namespace Okta.Sdk.Model
 {
     /// <summary>
-    /// Defines AllowedForEnum
+    /// The allowed types of uses for the Authenticator
     /// </summary>
+    /// <value>The allowed types of uses for the Authenticator</value>
     [JsonConverter(typeof(StringEnumSerializingConverter))]
     public sealed class AllowedForEnum : StringEnum
     {
diff --git a/src/Okta.Sdk/Model/ApiToken.cs b/src/Okta.Sdk/Model/ApiToken.cs
index 777462713..7351dd92d 100644
--- a/src/Okta.Sdk/Model/ApiToken.cs
+++ b/src/Okta.Sdk/Model/ApiToken.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -115,6 +115,12 @@ public bool ShouldSerializeLastUpdated()
         [DataMember(Name = "name", EmitDefaultValue = true)]
         public string Name { get; set; }
 
+        /// <summary>
+        /// Gets or Sets Network
+        /// </summary>
+        [DataMember(Name = "network", EmitDefaultValue = true)]
+        public ApiTokenNetwork Network { get; set; }
+
         /// <summary>
         /// A time duration specified as an [ISO-8601 duration](https://en.wikipedia.org/wiki/ISO_8601#Durations).
         /// </summary>
@@ -148,6 +154,7 @@ public override string ToString()
             sb.Append("  Id: ").Append(Id).Append("\n");
             sb.Append("  LastUpdated: ").Append(LastUpdated).Append("\n");
             sb.Append("  Name: ").Append(Name).Append("\n");
+            sb.Append("  Network: ").Append(Network).Append("\n");
             sb.Append("  TokenWindow: ").Append(TokenWindow).Append("\n");
             sb.Append("  UserId: ").Append(UserId).Append("\n");
             sb.Append("  Link: ").Append(Link).Append("\n");
@@ -216,6 +223,11 @@ public bool Equals(ApiToken input)
                     (this.Name != null &&
                     this.Name.Equals(input.Name))
                 ) && 
+                (
+                    this.Network == input.Network ||
+                    (this.Network != null &&
+                    this.Network.Equals(input.Network))
+                ) && 
                 (
                     this.TokenWindow == input.TokenWindow ||
                     (this.TokenWindow != null &&
@@ -267,6 +279,10 @@ public override int GetHashCode()
                 {
                     hashCode = (hashCode * 59) + this.Name.GetHashCode();
                 }
+                if (this.Network != null)
+                {
+                    hashCode = (hashCode * 59) + this.Network.GetHashCode();
+                }
                 if (this.TokenWindow != null)
                 {
                     hashCode = (hashCode * 59) + this.TokenWindow.GetHashCode();
diff --git a/src/Okta.Sdk/Model/ApiTokenNetwork.cs b/src/Okta.Sdk/Model/ApiTokenNetwork.cs
new file mode 100644
index 000000000..8a3ed8fd1
--- /dev/null
+++ b/src/Okta.Sdk/Model/ApiTokenNetwork.cs
@@ -0,0 +1,151 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// The Network Condition of the API Token
+    /// </summary>
+    [DataContract(Name = "ApiToken_network")]
+    
+    public partial class ApiTokenNetwork : IEquatable<ApiTokenNetwork>
+    {
+        
+        /// <summary>
+        /// The connection type of the Network Condition
+        /// </summary>
+        /// <value>The connection type of the Network Condition</value>
+        [DataMember(Name = "connection", EmitDefaultValue = true)]
+        public string Connection { get; set; }
+
+        /// <summary>
+        /// List of included IP network zones
+        /// </summary>
+        /// <value>List of included IP network zones</value>
+        [DataMember(Name = "include", EmitDefaultValue = true)]
+        public List<string> Include { get; set; }
+
+        /// <summary>
+        /// List of excluded IP network zones
+        /// </summary>
+        /// <value>List of excluded IP network zones</value>
+        [DataMember(Name = "exclude", EmitDefaultValue = true)]
+        public List<string> Exclude { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class ApiTokenNetwork {\n");
+            sb.Append("  Connection: ").Append(Connection).Append("\n");
+            sb.Append("  Include: ").Append(Include).Append("\n");
+            sb.Append("  Exclude: ").Append(Exclude).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as ApiTokenNetwork);
+        }
+
+        /// <summary>
+        /// Returns true if ApiTokenNetwork instances are equal
+        /// </summary>
+        /// <param name="input">Instance of ApiTokenNetwork to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(ApiTokenNetwork input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Connection == input.Connection ||
+                    (this.Connection != null &&
+                    this.Connection.Equals(input.Connection))
+                ) && 
+                (
+                    this.Include == input.Include ||
+                    this.Include != null &&
+                    input.Include != null &&
+                    this.Include.SequenceEqual(input.Include)
+                ) && 
+                (
+                    this.Exclude == input.Exclude ||
+                    this.Exclude != null &&
+                    input.Exclude != null &&
+                    this.Exclude.SequenceEqual(input.Exclude)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Connection != null)
+                {
+                    hashCode = (hashCode * 59) + this.Connection.GetHashCode();
+                }
+                if (this.Include != null)
+                {
+                    hashCode = (hashCode * 59) + this.Include.GetHashCode();
+                }
+                if (this.Exclude != null)
+                {
+                    hashCode = (hashCode * 59) + this.Exclude.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/ApiTokenUpdate.cs b/src/Okta.Sdk/Model/ApiTokenUpdate.cs
new file mode 100644
index 000000000..2be381c0c
--- /dev/null
+++ b/src/Okta.Sdk/Model/ApiTokenUpdate.cs
@@ -0,0 +1,198 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// An API Token Update Object for an Okta user. This token is NOT scoped any further and can be used for any API that the user has permissions to call.
+    /// </summary>
+    [DataContract(Name = "ApiTokenUpdate")]
+    
+    public partial class ApiTokenUpdate : IEquatable<ApiTokenUpdate>
+    {
+        
+        /// <summary>
+        /// The client name associated with the API Token
+        /// </summary>
+        /// <value>The client name associated with the API Token</value>
+        [DataMember(Name = "clientName", EmitDefaultValue = true)]
+        public string ClientName { get; private set; }
+
+        /// <summary>
+        /// Returns false as ClientName should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeClientName()
+        {
+            return false;
+        }
+        /// <summary>
+        /// The creation date of the API Token
+        /// </summary>
+        /// <value>The creation date of the API Token</value>
+        [DataMember(Name = "created", EmitDefaultValue = true)]
+        public DateTimeOffset Created { get; private set; }
+
+        /// <summary>
+        /// Returns false as Created should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeCreated()
+        {
+            return false;
+        }
+        /// <summary>
+        /// The name associated with the API Token
+        /// </summary>
+        /// <value>The name associated with the API Token</value>
+        [DataMember(Name = "name", EmitDefaultValue = true)]
+        public string Name { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Network
+        /// </summary>
+        [DataMember(Name = "network", EmitDefaultValue = true)]
+        public ApiTokenNetwork Network { get; set; }
+
+        /// <summary>
+        /// The userId of the user who created the API Token
+        /// </summary>
+        /// <value>The userId of the user who created the API Token</value>
+        [DataMember(Name = "userId", EmitDefaultValue = true)]
+        public string UserId { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class ApiTokenUpdate {\n");
+            sb.Append("  ClientName: ").Append(ClientName).Append("\n");
+            sb.Append("  Created: ").Append(Created).Append("\n");
+            sb.Append("  Name: ").Append(Name).Append("\n");
+            sb.Append("  Network: ").Append(Network).Append("\n");
+            sb.Append("  UserId: ").Append(UserId).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as ApiTokenUpdate);
+        }
+
+        /// <summary>
+        /// Returns true if ApiTokenUpdate instances are equal
+        /// </summary>
+        /// <param name="input">Instance of ApiTokenUpdate to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(ApiTokenUpdate input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.ClientName == input.ClientName ||
+                    (this.ClientName != null &&
+                    this.ClientName.Equals(input.ClientName))
+                ) && 
+                (
+                    this.Created == input.Created ||
+                    (this.Created != null &&
+                    this.Created.Equals(input.Created))
+                ) && 
+                (
+                    this.Name == input.Name ||
+                    (this.Name != null &&
+                    this.Name.Equals(input.Name))
+                ) && 
+                (
+                    this.Network == input.Network ||
+                    (this.Network != null &&
+                    this.Network.Equals(input.Network))
+                ) && 
+                (
+                    this.UserId == input.UserId ||
+                    (this.UserId != null &&
+                    this.UserId.Equals(input.UserId))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.ClientName != null)
+                {
+                    hashCode = (hashCode * 59) + this.ClientName.GetHashCode();
+                }
+                if (this.Created != null)
+                {
+                    hashCode = (hashCode * 59) + this.Created.GetHashCode();
+                }
+                if (this.Name != null)
+                {
+                    hashCode = (hashCode * 59) + this.Name.GetHashCode();
+                }
+                if (this.Network != null)
+                {
+                    hashCode = (hashCode * 59) + this.Network.GetHashCode();
+                }
+                if (this.UserId != null)
+                {
+                    hashCode = (hashCode * 59) + this.UserId.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AppAccountContainerDetails.cs b/src/Okta.Sdk/Model/AppAccountContainerDetails.cs
new file mode 100644
index 000000000..1ac799bc9
--- /dev/null
+++ b/src/Okta.Sdk/Model/AppAccountContainerDetails.cs
@@ -0,0 +1,253 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Container details for resource type APP_ACCOUNT
+    /// </summary>
+    [DataContract(Name = "AppAccountContainerDetails")]
+    
+    public partial class AppAccountContainerDetails : IEquatable<AppAccountContainerDetails>
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="AppAccountContainerDetails" /> class.
+        /// </summary>
+        [JsonConstructorAttribute]
+        public AppAccountContainerDetails() { }
+        
+        /// <summary>
+        /// The application name
+        /// </summary>
+        /// <value>The application name</value>
+        [DataMember(Name = "appName", EmitDefaultValue = true)]
+        public string AppName { get; private set; }
+
+        /// <summary>
+        /// Returns false as AppName should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeAppName()
+        {
+            return false;
+        }
+        /// <summary>
+        /// The application ID associated with the privileged account
+        /// </summary>
+        /// <value>The application ID associated with the privileged account</value>
+        [DataMember(Name = "containerId", EmitDefaultValue = true)]
+        public string ContainerId { get; set; }
+
+        /// <summary>
+        /// Human-readable name of the container that owns the privileged resource
+        /// </summary>
+        /// <value>Human-readable name of the container that owns the privileged resource</value>
+        [DataMember(Name = "displayName", EmitDefaultValue = true)]
+        public string DisplayName { get; private set; }
+
+        /// <summary>
+        /// Returns false as DisplayName should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeDisplayName()
+        {
+            return false;
+        }
+        /// <summary>
+        /// The application global ID
+        /// </summary>
+        /// <value>The application global ID</value>
+        [DataMember(Name = "globalAppId", EmitDefaultValue = true)]
+        public string GlobalAppId { get; private set; }
+
+        /// <summary>
+        /// Returns false as GlobalAppId should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeGlobalAppId()
+        {
+            return false;
+        }
+        /// <summary>
+        /// Indicates if the application supports password push
+        /// </summary>
+        /// <value>Indicates if the application supports password push</value>
+        [DataMember(Name = "passwordPushSupported", EmitDefaultValue = true)]
+        public bool PasswordPushSupported { get; private set; }
+
+        /// <summary>
+        /// Returns false as PasswordPushSupported should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializePasswordPushSupported()
+        {
+            return false;
+        }
+        /// <summary>
+        /// Indicates if provisioning is enabled for this application
+        /// </summary>
+        /// <value>Indicates if provisioning is enabled for this application</value>
+        [DataMember(Name = "provisioningEnabled", EmitDefaultValue = true)]
+        public bool ProvisioningEnabled { get; private set; }
+
+        /// <summary>
+        /// Returns false as ProvisioningEnabled should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeProvisioningEnabled()
+        {
+            return false;
+        }
+        /// <summary>
+        /// Gets or Sets Links
+        /// </summary>
+        [DataMember(Name = "_links", EmitDefaultValue = true)]
+        public AppLink Links { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AppAccountContainerDetails {\n");
+            sb.Append("  AppName: ").Append(AppName).Append("\n");
+            sb.Append("  ContainerId: ").Append(ContainerId).Append("\n");
+            sb.Append("  DisplayName: ").Append(DisplayName).Append("\n");
+            sb.Append("  GlobalAppId: ").Append(GlobalAppId).Append("\n");
+            sb.Append("  PasswordPushSupported: ").Append(PasswordPushSupported).Append("\n");
+            sb.Append("  ProvisioningEnabled: ").Append(ProvisioningEnabled).Append("\n");
+            sb.Append("  Links: ").Append(Links).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AppAccountContainerDetails);
+        }
+
+        /// <summary>
+        /// Returns true if AppAccountContainerDetails instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AppAccountContainerDetails to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AppAccountContainerDetails input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.AppName == input.AppName ||
+                    (this.AppName != null &&
+                    this.AppName.Equals(input.AppName))
+                ) && 
+                (
+                    this.ContainerId == input.ContainerId ||
+                    (this.ContainerId != null &&
+                    this.ContainerId.Equals(input.ContainerId))
+                ) && 
+                (
+                    this.DisplayName == input.DisplayName ||
+                    (this.DisplayName != null &&
+                    this.DisplayName.Equals(input.DisplayName))
+                ) && 
+                (
+                    this.GlobalAppId == input.GlobalAppId ||
+                    (this.GlobalAppId != null &&
+                    this.GlobalAppId.Equals(input.GlobalAppId))
+                ) && 
+                (
+                    this.PasswordPushSupported == input.PasswordPushSupported ||
+                    this.PasswordPushSupported.Equals(input.PasswordPushSupported)
+                ) && 
+                (
+                    this.ProvisioningEnabled == input.ProvisioningEnabled ||
+                    this.ProvisioningEnabled.Equals(input.ProvisioningEnabled)
+                ) && 
+                (
+                    this.Links == input.Links ||
+                    (this.Links != null &&
+                    this.Links.Equals(input.Links))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.AppName != null)
+                {
+                    hashCode = (hashCode * 59) + this.AppName.GetHashCode();
+                }
+                if (this.ContainerId != null)
+                {
+                    hashCode = (hashCode * 59) + this.ContainerId.GetHashCode();
+                }
+                if (this.DisplayName != null)
+                {
+                    hashCode = (hashCode * 59) + this.DisplayName.GetHashCode();
+                }
+                if (this.GlobalAppId != null)
+                {
+                    hashCode = (hashCode * 59) + this.GlobalAppId.GetHashCode();
+                }
+                hashCode = (hashCode * 59) + this.PasswordPushSupported.GetHashCode();
+                hashCode = (hashCode * 59) + this.ProvisioningEnabled.GetHashCode();
+                if (this.Links != null)
+                {
+                    hashCode = (hashCode * 59) + this.Links.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AppAndInstanceConditionEvaluatorAppOrInstance.cs b/src/Okta.Sdk/Model/AppAndInstanceConditionEvaluatorAppOrInstance.cs
index 984bc3ac2..5d2781e86 100644
--- a/src/Okta.Sdk/Model/AppAndInstanceConditionEvaluatorAppOrInstance.cs
+++ b/src/Okta.Sdk/Model/AppAndInstanceConditionEvaluatorAppOrInstance.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AppAndInstancePolicyRuleCondition.cs b/src/Okta.Sdk/Model/AppAndInstancePolicyRuleCondition.cs
index 350a4bee8..e589d6be1 100644
--- a/src/Okta.Sdk/Model/AppAndInstancePolicyRuleCondition.cs
+++ b/src/Okta.Sdk/Model/AppAndInstancePolicyRuleCondition.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AppAndInstanceType.cs b/src/Okta.Sdk/Model/AppAndInstanceType.cs
index dfe86a1b1..3caaeeba0 100644
--- a/src/Okta.Sdk/Model/AppAndInstanceType.cs
+++ b/src/Okta.Sdk/Model/AppAndInstanceType.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -26,8 +26,9 @@
 namespace Okta.Sdk.Model
 {
     /// <summary>
-    /// Defines AppAndInstanceType
+    /// Type of app
     /// </summary>
+    /// <value>Type of app</value>
     [JsonConverter(typeof(StringEnumSerializingConverter))]
     public sealed class AppAndInstanceType : StringEnum
     {
diff --git a/src/Okta.Sdk/Model/AppCustomHrefObject.cs b/src/Okta.Sdk/Model/AppCustomHrefObject.cs
new file mode 100644
index 000000000..35ffe08ff
--- /dev/null
+++ b/src/Okta.Sdk/Model/AppCustomHrefObject.cs
@@ -0,0 +1,170 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AppCustomHrefObject
+    /// </summary>
+    [DataContract(Name = "AppCustomHrefObject")]
+    
+    public partial class AppCustomHrefObject : IEquatable<AppCustomHrefObject>
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="AppCustomHrefObject" /> class.
+        /// </summary>
+        [JsonConstructorAttribute]
+        public AppCustomHrefObject() { }
+        
+        /// <summary>
+        /// Gets or Sets Hints
+        /// </summary>
+        [DataMember(Name = "hints", EmitDefaultValue = true)]
+        public AppCustomHrefObjectHints Hints { get; set; }
+
+        /// <summary>
+        /// Link URI
+        /// </summary>
+        /// <value>Link URI</value>
+        [DataMember(Name = "href", EmitDefaultValue = true)]
+        public string Href { get; set; }
+
+        /// <summary>
+        /// Link name
+        /// </summary>
+        /// <value>Link name</value>
+        [DataMember(Name = "title", EmitDefaultValue = true)]
+        public string Title { get; set; }
+
+        /// <summary>
+        /// The media type of the link. If omitted, it is implicitly &#x60;application/json&#x60;.
+        /// </summary>
+        /// <value>The media type of the link. If omitted, it is implicitly &#x60;application/json&#x60;.</value>
+        [DataMember(Name = "type", EmitDefaultValue = true)]
+        public string Type { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AppCustomHrefObject {\n");
+            sb.Append("  Hints: ").Append(Hints).Append("\n");
+            sb.Append("  Href: ").Append(Href).Append("\n");
+            sb.Append("  Title: ").Append(Title).Append("\n");
+            sb.Append("  Type: ").Append(Type).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AppCustomHrefObject);
+        }
+
+        /// <summary>
+        /// Returns true if AppCustomHrefObject instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AppCustomHrefObject to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AppCustomHrefObject input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Hints == input.Hints ||
+                    (this.Hints != null &&
+                    this.Hints.Equals(input.Hints))
+                ) && 
+                (
+                    this.Href == input.Href ||
+                    (this.Href != null &&
+                    this.Href.Equals(input.Href))
+                ) && 
+                (
+                    this.Title == input.Title ||
+                    (this.Title != null &&
+                    this.Title.Equals(input.Title))
+                ) && 
+                (
+                    this.Type == input.Type ||
+                    (this.Type != null &&
+                    this.Type.Equals(input.Type))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Hints != null)
+                {
+                    hashCode = (hashCode * 59) + this.Hints.GetHashCode();
+                }
+                if (this.Href != null)
+                {
+                    hashCode = (hashCode * 59) + this.Href.GetHashCode();
+                }
+                if (this.Title != null)
+                {
+                    hashCode = (hashCode * 59) + this.Title.GetHashCode();
+                }
+                if (this.Type != null)
+                {
+                    hashCode = (hashCode * 59) + this.Type.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AppCustomHrefObjectHints.cs b/src/Okta.Sdk/Model/AppCustomHrefObjectHints.cs
new file mode 100644
index 000000000..8d553a966
--- /dev/null
+++ b/src/Okta.Sdk/Model/AppCustomHrefObjectHints.cs
@@ -0,0 +1,115 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Describes allowed HTTP verbs for the &#x60;href&#x60;
+    /// </summary>
+    [DataContract(Name = "AppCustomHrefObject_hints")]
+    
+    public partial class AppCustomHrefObjectHints : IEquatable<AppCustomHrefObjectHints>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Allow
+        /// </summary>
+        [DataMember(Name = "allow", EmitDefaultValue = true)]
+        public List<string> Allow { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AppCustomHrefObjectHints {\n");
+            sb.Append("  Allow: ").Append(Allow).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AppCustomHrefObjectHints);
+        }
+
+        /// <summary>
+        /// Returns true if AppCustomHrefObjectHints instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AppCustomHrefObjectHints to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AppCustomHrefObjectHints input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Allow == input.Allow ||
+                    this.Allow != null &&
+                    input.Allow != null &&
+                    this.Allow.SequenceEqual(input.Allow)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Allow != null)
+                {
+                    hashCode = (hashCode * 59) + this.Allow.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AppInstancePolicyRuleCondition.cs b/src/Okta.Sdk/Model/AppInstancePolicyRuleCondition.cs
index 067c76ab9..550fc0ba3 100644
--- a/src/Okta.Sdk/Model/AppInstancePolicyRuleCondition.cs
+++ b/src/Okta.Sdk/Model/AppInstancePolicyRuleCondition.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AppLink.cs b/src/Okta.Sdk/Model/AppLink.cs
index 7c7392e2f..f503244fd 100644
--- a/src/Okta.Sdk/Model/AppLink.cs
+++ b/src/Okta.Sdk/Model/AppLink.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -29,151 +29,23 @@ namespace Okta.Sdk.Model
     /// Template: ModelGeneric
     /// AppLink
     /// </summary>
-    [DataContract(Name = "AppLink")]
+    [DataContract(Name = "appLink")]
     
     public partial class AppLink : IEquatable<AppLink>
     {
         
         /// <summary>
-        /// Gets or Sets AppAssignmentId
+        /// Gets or Sets Login
         /// </summary>
-        [DataMember(Name = "appAssignmentId", EmitDefaultValue = true)]
-        public string AppAssignmentId { get; private set; }
+        [DataMember(Name = "login", EmitDefaultValue = true)]
+        public HrefObjectAppLink Login { get; set; }
 
         /// <summary>
-        /// Returns false as AppAssignmentId should not be serialized given that it's read-only.
+        /// Gets or Sets Logo
         /// </summary>
-        /// <returns>false (boolean)</returns>
-        public bool ShouldSerializeAppAssignmentId()
-        {
-            return false;
-        }
-        /// <summary>
-        /// Gets or Sets AppInstanceId
-        /// </summary>
-        [DataMember(Name = "appInstanceId", EmitDefaultValue = true)]
-        public string AppInstanceId { get; private set; }
-
-        /// <summary>
-        /// Returns false as AppInstanceId should not be serialized given that it's read-only.
-        /// </summary>
-        /// <returns>false (boolean)</returns>
-        public bool ShouldSerializeAppInstanceId()
-        {
-            return false;
-        }
-        /// <summary>
-        /// Gets or Sets AppName
-        /// </summary>
-        [DataMember(Name = "appName", EmitDefaultValue = true)]
-        public string AppName { get; private set; }
-
-        /// <summary>
-        /// Returns false as AppName should not be serialized given that it's read-only.
-        /// </summary>
-        /// <returns>false (boolean)</returns>
-        public bool ShouldSerializeAppName()
-        {
-            return false;
-        }
-        /// <summary>
-        /// Gets or Sets CredentialsSetup
-        /// </summary>
-        [DataMember(Name = "credentialsSetup", EmitDefaultValue = true)]
-        public bool CredentialsSetup { get; private set; }
-
-        /// <summary>
-        /// Returns false as CredentialsSetup should not be serialized given that it's read-only.
-        /// </summary>
-        /// <returns>false (boolean)</returns>
-        public bool ShouldSerializeCredentialsSetup()
-        {
-            return false;
-        }
-        /// <summary>
-        /// Gets or Sets Hidden
-        /// </summary>
-        [DataMember(Name = "hidden", EmitDefaultValue = true)]
-        public bool Hidden { get; private set; }
-
-        /// <summary>
-        /// Returns false as Hidden should not be serialized given that it's read-only.
-        /// </summary>
-        /// <returns>false (boolean)</returns>
-        public bool ShouldSerializeHidden()
-        {
-            return false;
-        }
-        /// <summary>
-        /// Gets or Sets Id
-        /// </summary>
-        [DataMember(Name = "id", EmitDefaultValue = true)]
-        public string Id { get; private set; }
-
-        /// <summary>
-        /// Returns false as Id should not be serialized given that it's read-only.
-        /// </summary>
-        /// <returns>false (boolean)</returns>
-        public bool ShouldSerializeId()
-        {
-            return false;
-        }
-        /// <summary>
-        /// Gets or Sets Label
-        /// </summary>
-        [DataMember(Name = "label", EmitDefaultValue = true)]
-        public string Label { get; private set; }
-
-        /// <summary>
-        /// Returns false as Label should not be serialized given that it's read-only.
-        /// </summary>
-        /// <returns>false (boolean)</returns>
-        public bool ShouldSerializeLabel()
-        {
-            return false;
-        }
-        /// <summary>
-        /// Gets or Sets LinkUrl
-        /// </summary>
-        [DataMember(Name = "linkUrl", EmitDefaultValue = true)]
-        public string LinkUrl { get; private set; }
-
-        /// <summary>
-        /// Returns false as LinkUrl should not be serialized given that it's read-only.
-        /// </summary>
-        /// <returns>false (boolean)</returns>
-        public bool ShouldSerializeLinkUrl()
-        {
-            return false;
-        }
-        /// <summary>
-        /// Gets or Sets LogoUrl
-        /// </summary>
-        [DataMember(Name = "logoUrl", EmitDefaultValue = true)]
-        public string LogoUrl { get; private set; }
+        [DataMember(Name = "logo", EmitDefaultValue = true)]
+        public HrefObjectLogoLink Logo { get; set; }
 
-        /// <summary>
-        /// Returns false as LogoUrl should not be serialized given that it's read-only.
-        /// </summary>
-        /// <returns>false (boolean)</returns>
-        public bool ShouldSerializeLogoUrl()
-        {
-            return false;
-        }
-        /// <summary>
-        /// Gets or Sets SortOrder
-        /// </summary>
-        [DataMember(Name = "sortOrder", EmitDefaultValue = true)]
-        public int SortOrder { get; private set; }
-
-        /// <summary>
-        /// Returns false as SortOrder should not be serialized given that it's read-only.
-        /// </summary>
-        /// <returns>false (boolean)</returns>
-        public bool ShouldSerializeSortOrder()
-        {
-            return false;
-        }
         /// <summary>
         /// Returns the string presentation of the object
         /// </summary>
@@ -182,16 +54,8 @@ public override string ToString()
         {
             StringBuilder sb = new StringBuilder();
             sb.Append("class AppLink {\n");
-            sb.Append("  AppAssignmentId: ").Append(AppAssignmentId).Append("\n");
-            sb.Append("  AppInstanceId: ").Append(AppInstanceId).Append("\n");
-            sb.Append("  AppName: ").Append(AppName).Append("\n");
-            sb.Append("  CredentialsSetup: ").Append(CredentialsSetup).Append("\n");
-            sb.Append("  Hidden: ").Append(Hidden).Append("\n");
-            sb.Append("  Id: ").Append(Id).Append("\n");
-            sb.Append("  Label: ").Append(Label).Append("\n");
-            sb.Append("  LinkUrl: ").Append(LinkUrl).Append("\n");
-            sb.Append("  LogoUrl: ").Append(LogoUrl).Append("\n");
-            sb.Append("  SortOrder: ").Append(SortOrder).Append("\n");
+            sb.Append("  Login: ").Append(Login).Append("\n");
+            sb.Append("  Logo: ").Append(Logo).Append("\n");
             sb.Append("}\n");
             return sb.ToString();
         }
@@ -228,51 +92,14 @@ public bool Equals(AppLink input)
             }
             return 
                 (
-                    this.AppAssignmentId == input.AppAssignmentId ||
-                    (this.AppAssignmentId != null &&
-                    this.AppAssignmentId.Equals(input.AppAssignmentId))
-                ) && 
-                (
-                    this.AppInstanceId == input.AppInstanceId ||
-                    (this.AppInstanceId != null &&
-                    this.AppInstanceId.Equals(input.AppInstanceId))
-                ) && 
-                (
-                    this.AppName == input.AppName ||
-                    (this.AppName != null &&
-                    this.AppName.Equals(input.AppName))
+                    this.Login == input.Login ||
+                    (this.Login != null &&
+                    this.Login.Equals(input.Login))
                 ) && 
                 (
-                    this.CredentialsSetup == input.CredentialsSetup ||
-                    this.CredentialsSetup.Equals(input.CredentialsSetup)
-                ) && 
-                (
-                    this.Hidden == input.Hidden ||
-                    this.Hidden.Equals(input.Hidden)
-                ) && 
-                (
-                    this.Id == input.Id ||
-                    (this.Id != null &&
-                    this.Id.Equals(input.Id))
-                ) && 
-                (
-                    this.Label == input.Label ||
-                    (this.Label != null &&
-                    this.Label.Equals(input.Label))
-                ) && 
-                (
-                    this.LinkUrl == input.LinkUrl ||
-                    (this.LinkUrl != null &&
-                    this.LinkUrl.Equals(input.LinkUrl))
-                ) && 
-                (
-                    this.LogoUrl == input.LogoUrl ||
-                    (this.LogoUrl != null &&
-                    this.LogoUrl.Equals(input.LogoUrl))
-                ) && 
-                (
-                    this.SortOrder == input.SortOrder ||
-                    this.SortOrder.Equals(input.SortOrder)
+                    this.Logo == input.Logo ||
+                    (this.Logo != null &&
+                    this.Logo.Equals(input.Logo))
                 );
         }
 
@@ -286,37 +113,14 @@ public override int GetHashCode()
             {
                 int hashCode = 41;
                 
-                if (this.AppAssignmentId != null)
-                {
-                    hashCode = (hashCode * 59) + this.AppAssignmentId.GetHashCode();
-                }
-                if (this.AppInstanceId != null)
-                {
-                    hashCode = (hashCode * 59) + this.AppInstanceId.GetHashCode();
-                }
-                if (this.AppName != null)
-                {
-                    hashCode = (hashCode * 59) + this.AppName.GetHashCode();
-                }
-                hashCode = (hashCode * 59) + this.CredentialsSetup.GetHashCode();
-                hashCode = (hashCode * 59) + this.Hidden.GetHashCode();
-                if (this.Id != null)
-                {
-                    hashCode = (hashCode * 59) + this.Id.GetHashCode();
-                }
-                if (this.Label != null)
-                {
-                    hashCode = (hashCode * 59) + this.Label.GetHashCode();
-                }
-                if (this.LinkUrl != null)
+                if (this.Login != null)
                 {
-                    hashCode = (hashCode * 59) + this.LinkUrl.GetHashCode();
+                    hashCode = (hashCode * 59) + this.Login.GetHashCode();
                 }
-                if (this.LogoUrl != null)
+                if (this.Logo != null)
                 {
-                    hashCode = (hashCode * 59) + this.LogoUrl.GetHashCode();
+                    hashCode = (hashCode * 59) + this.Logo.GetHashCode();
                 }
-                hashCode = (hashCode * 59) + this.SortOrder.GetHashCode();
                 return hashCode;
             }
         }
diff --git a/src/Okta.Sdk/Model/AppUser.cs b/src/Okta.Sdk/Model/AppUser.cs
index 1dcbc922f..8e5693a2e 100644
--- a/src/Okta.Sdk/Model/AppUser.cs
+++ b/src/Okta.Sdk/Model/AppUser.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -27,16 +27,16 @@ namespace Okta.Sdk.Model
 {
     /// <summary>
     /// Template: ModelGeneric
-    /// The App User object defines a user&#39;s app-specific profile and credentials for an app.
+    /// The Application User object defines a user&#39;s app-specific profile and credentials for an app
     /// </summary>
     [DataContract(Name = "AppUser")]
     
     public partial class AppUser : IEquatable<AppUser>
     {
         /// <summary>
-        /// Toggles the assignment between user or group scope
+        /// Indicates if the assignment is direct (&#x60;USER&#x60;) or by group membership (&#x60;GROUP&#x60;).
         /// </summary>
-        /// <value>Toggles the assignment between user or group scope</value>
+        /// <value>Indicates if the assignment is direct (&#x60;USER&#x60;) or by group membership (&#x60;GROUP&#x60;).</value>
         [JsonConverter(typeof(StringEnumSerializingConverter))]
         public sealed class ScopeEnum : StringEnum
         {
@@ -71,9 +71,9 @@ public ScopeEnum(string value)
 
 
         /// <summary>
-        /// Toggles the assignment between user or group scope
+        /// Indicates if the assignment is direct (&#x60;USER&#x60;) or by group membership (&#x60;GROUP&#x60;).
         /// </summary>
-        /// <value>Toggles the assignment between user or group scope</value>
+        /// <value>Indicates if the assignment is direct (&#x60;USER&#x60;) or by group membership (&#x60;GROUP&#x60;).</value>
         [DataMember(Name = "scope", EmitDefaultValue = true)]
         
         public ScopeEnum Scope { get; set; }
@@ -91,27 +91,13 @@ public ScopeEnum(string value)
         [DataMember(Name = "syncState", EmitDefaultValue = true)]
         
         public AppUserSyncState SyncState { get; set; }
-        /// <summary>
-        /// Initializes a new instance of the <see cref="AppUser" /> class.
-        /// </summary>
-        [JsonConstructorAttribute]
-        public AppUser() { }
         
         /// <summary>
-        /// Timestamp when the App User object was created
+        /// Gets or Sets Created
         /// </summary>
-        /// <value>Timestamp when the App User object was created</value>
         [DataMember(Name = "created", EmitDefaultValue = true)]
-        public DateTimeOffset Created { get; private set; }
+        public DateTimeOffset Created { get; set; }
 
-        /// <summary>
-        /// Returns false as Created should not be serialized given that it's read-only.
-        /// </summary>
-        /// <returns>false (boolean)</returns>
-        public bool ShouldSerializeCreated()
-        {
-            return false;
-        }
         /// <summary>
         /// Gets or Sets Credentials
         /// </summary>
@@ -119,9 +105,9 @@ public bool ShouldSerializeCreated()
         public AppUserCredentials Credentials { get; set; }
 
         /// <summary>
-        /// The ID of the user in the target app that&#39;s linked to the Okta App User object. This value is the native app-specific identifier or primary key for the user in the target app.  The &#x60;externalId&#x60; is set during import when the user is confirmed (reconciled) or during provisioning when the user has been successfully created in the target app. This value isn&#39;t populated for SSO app assignments (for example, SAML or SWA) because it isn&#39;t synchronized with a target app.
+        /// The ID of the user in the target app that&#39;s linked to the Okta Application User object. This value is the native app-specific identifier or primary key for the user in the target app.  The &#x60;externalId&#x60; is set during import when the user is confirmed (reconciled) or during provisioning when the user is created in the target app. This value isn&#39;t populated for SSO app assignments (for example, SAML or SWA) because it isn&#39;t synchronized with a target app.
         /// </summary>
-        /// <value>The ID of the user in the target app that&#39;s linked to the Okta App User object. This value is the native app-specific identifier or primary key for the user in the target app.  The &#x60;externalId&#x60; is set during import when the user is confirmed (reconciled) or during provisioning when the user has been successfully created in the target app. This value isn&#39;t populated for SSO app assignments (for example, SAML or SWA) because it isn&#39;t synchronized with a target app.</value>
+        /// <value>The ID of the user in the target app that&#39;s linked to the Okta Application User object. This value is the native app-specific identifier or primary key for the user in the target app.  The &#x60;externalId&#x60; is set during import when the user is confirmed (reconciled) or during provisioning when the user is created in the target app. This value isn&#39;t populated for SSO app assignments (for example, SAML or SWA) because it isn&#39;t synchronized with a target app.</value>
         [DataMember(Name = "externalId", EmitDefaultValue = true)]
         public string ExternalId { get; private set; }
 
@@ -134,9 +120,9 @@ public bool ShouldSerializeExternalId()
             return false;
         }
         /// <summary>
-        /// Unique identifier of the App User object (only required for apps with &#x60;signOnMode&#x60; or authentication schemes that don&#39;t require credentials)
+        /// Unique identifier for the Okta User
         /// </summary>
-        /// <value>Unique identifier of the App User object (only required for apps with &#x60;signOnMode&#x60; or authentication schemes that don&#39;t require credentials)</value>
+        /// <value>Unique identifier for the Okta User</value>
         [DataMember(Name = "id", EmitDefaultValue = true)]
         public string Id { get; set; }
 
@@ -156,24 +142,15 @@ public bool ShouldSerializeLastSync()
             return false;
         }
         /// <summary>
-        /// Timestamp when App User was last updated
+        /// Gets or Sets LastUpdated
         /// </summary>
-        /// <value>Timestamp when App User was last updated</value>
         [DataMember(Name = "lastUpdated", EmitDefaultValue = true)]
-        public DateTimeOffset LastUpdated { get; private set; }
+        public DateTimeOffset LastUpdated { get; set; }
 
         /// <summary>
-        /// Returns false as LastUpdated should not be serialized given that it's read-only.
-        /// </summary>
-        /// <returns>false (boolean)</returns>
-        public bool ShouldSerializeLastUpdated()
-        {
-            return false;
-        }
-        /// <summary>
-        /// Timestamp when the App User password was last changed
+        /// Timestamp when the Application User password was last changed
         /// </summary>
-        /// <value>Timestamp when the App User password was last changed</value>
+        /// <value>Timestamp when the Application User password was last changed</value>
         [DataMember(Name = "passwordChanged", EmitDefaultValue = true)]
         public DateTimeOffset? PasswordChanged { get; private set; }
 
@@ -186,16 +163,16 @@ public bool ShouldSerializePasswordChanged()
             return false;
         }
         /// <summary>
-        /// App user profiles are app-specific and can be customized by the Profile Editor in the Admin Console. SSO apps typically don&#39;t support app user profiles, while apps with user provisioning features have app-specific profiles. Properties that are visible in the Admin Console for an app assignment can also be assigned through the API. Some properties are reference properties that are imported from the target app and can&#39;t be configured.
+        /// Specifies the default and custom profile properties for a user. Properties that are visible in the Admin Console for an app assignment can also be assigned through the API. Some properties are reference properties that are imported from the target app and can&#39;t be configured. See [profile](/openapi/okta-management/management/tag/User/#tag/User/operation/getUser!c&#x3D;200&amp;path&#x3D;profile&amp;t&#x3D;response). 
         /// </summary>
-        /// <value>App user profiles are app-specific and can be customized by the Profile Editor in the Admin Console. SSO apps typically don&#39;t support app user profiles, while apps with user provisioning features have app-specific profiles. Properties that are visible in the Admin Console for an app assignment can also be assigned through the API. Some properties are reference properties that are imported from the target app and can&#39;t be configured.</value>
+        /// <value>Specifies the default and custom profile properties for a user. Properties that are visible in the Admin Console for an app assignment can also be assigned through the API. Some properties are reference properties that are imported from the target app and can&#39;t be configured. See [profile](/openapi/okta-management/management/tag/User/#tag/User/operation/getUser!c&#x3D;200&amp;path&#x3D;profile&amp;t&#x3D;response). </value>
         [DataMember(Name = "profile", EmitDefaultValue = true)]
         public Dictionary<string, Object> Profile { get; set; }
 
         /// <summary>
-        /// Timestamp when the App User status was last changed
+        /// Timestamp when the Application User status was last changed
         /// </summary>
-        /// <value>Timestamp when the App User status was last changed</value>
+        /// <value>Timestamp when the Application User status was last changed</value>
         [DataMember(Name = "statusChanged", EmitDefaultValue = true)]
         public DateTimeOffset StatusChanged { get; private set; }
 
@@ -208,9 +185,9 @@ public bool ShouldSerializeStatusChanged()
             return false;
         }
         /// <summary>
-        /// Embedded resources related to the App User using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification
+        /// Embedded resources related to the Application User using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification
         /// </summary>
-        /// <value>Embedded resources related to the App User using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification</value>
+        /// <value>Embedded resources related to the Application User using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification</value>
         [DataMember(Name = "_embedded", EmitDefaultValue = true)]
         public Dictionary<string, Object> Embedded { get; private set; }
 
diff --git a/src/Okta.Sdk/Model/AppUserAssignRequest.cs b/src/Okta.Sdk/Model/AppUserAssignRequest.cs
new file mode 100644
index 000000000..05a15ecd9
--- /dev/null
+++ b/src/Okta.Sdk/Model/AppUserAssignRequest.cs
@@ -0,0 +1,413 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AppUserAssignRequest
+    /// </summary>
+    [DataContract(Name = "AppUserAssignRequest")]
+    
+    public partial class AppUserAssignRequest : IEquatable<AppUserAssignRequest>
+    {
+        /// <summary>
+        /// Indicates if the assignment is direct (&#x60;USER&#x60;) or by group membership (&#x60;GROUP&#x60;).
+        /// </summary>
+        /// <value>Indicates if the assignment is direct (&#x60;USER&#x60;) or by group membership (&#x60;GROUP&#x60;).</value>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class ScopeEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum USER for value: USER
+            /// </summary>
+            
+            public static ScopeEnum USER = new ScopeEnum("USER");
+
+            /// <summary>
+            /// StringEnum GROUP for value: GROUP
+            /// </summary>
+            
+            public static ScopeEnum GROUP = new ScopeEnum("GROUP");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="ScopeEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator ScopeEnum(string value) => new ScopeEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="Scope"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public ScopeEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// Indicates if the assignment is direct (&#x60;USER&#x60;) or by group membership (&#x60;GROUP&#x60;).
+        /// </summary>
+        /// <value>Indicates if the assignment is direct (&#x60;USER&#x60;) or by group membership (&#x60;GROUP&#x60;).</value>
+        [DataMember(Name = "scope", EmitDefaultValue = true)]
+        
+        public ScopeEnum Scope { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Status
+        /// </summary>
+        [DataMember(Name = "status", EmitDefaultValue = true)]
+        
+        public AppUserStatus Status { get; set; }
+
+        /// <summary>
+        /// Gets or Sets SyncState
+        /// </summary>
+        [DataMember(Name = "syncState", EmitDefaultValue = true)]
+        
+        public AppUserSyncState SyncState { get; set; }
+        /// <summary>
+        /// Initializes a new instance of the <see cref="AppUserAssignRequest" /> class.
+        /// </summary>
+        [JsonConstructorAttribute]
+        public AppUserAssignRequest() { }
+        
+        /// <summary>
+        /// Gets or Sets Created
+        /// </summary>
+        [DataMember(Name = "created", EmitDefaultValue = true)]
+        public DateTimeOffset Created { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Credentials
+        /// </summary>
+        [DataMember(Name = "credentials", EmitDefaultValue = true)]
+        public AppUserCredentials Credentials { get; set; }
+
+        /// <summary>
+        /// The ID of the user in the target app that&#39;s linked to the Okta Application User object. This value is the native app-specific identifier or primary key for the user in the target app.  The &#x60;externalId&#x60; is set during import when the user is confirmed (reconciled) or during provisioning when the user is created in the target app. This value isn&#39;t populated for SSO app assignments (for example, SAML or SWA) because it isn&#39;t synchronized with a target app.
+        /// </summary>
+        /// <value>The ID of the user in the target app that&#39;s linked to the Okta Application User object. This value is the native app-specific identifier or primary key for the user in the target app.  The &#x60;externalId&#x60; is set during import when the user is confirmed (reconciled) or during provisioning when the user is created in the target app. This value isn&#39;t populated for SSO app assignments (for example, SAML or SWA) because it isn&#39;t synchronized with a target app.</value>
+        [DataMember(Name = "externalId", EmitDefaultValue = true)]
+        public string ExternalId { get; private set; }
+
+        /// <summary>
+        /// Returns false as ExternalId should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeExternalId()
+        {
+            return false;
+        }
+        /// <summary>
+        /// Unique identifier for the Okta User
+        /// </summary>
+        /// <value>Unique identifier for the Okta User</value>
+        [DataMember(Name = "id", EmitDefaultValue = true)]
+        public string Id { get; set; }
+
+        /// <summary>
+        /// Timestamp of the last synchronization operation. This value is only updated for apps with the &#x60;IMPORT_PROFILE_UPDATES&#x60; or &#x60;PUSH PROFILE_UPDATES&#x60; feature.
+        /// </summary>
+        /// <value>Timestamp of the last synchronization operation. This value is only updated for apps with the &#x60;IMPORT_PROFILE_UPDATES&#x60; or &#x60;PUSH PROFILE_UPDATES&#x60; feature.</value>
+        [DataMember(Name = "lastSync", EmitDefaultValue = true)]
+        public DateTimeOffset LastSync { get; private set; }
+
+        /// <summary>
+        /// Returns false as LastSync should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeLastSync()
+        {
+            return false;
+        }
+        /// <summary>
+        /// Gets or Sets LastUpdated
+        /// </summary>
+        [DataMember(Name = "lastUpdated", EmitDefaultValue = true)]
+        public DateTimeOffset LastUpdated { get; set; }
+
+        /// <summary>
+        /// Timestamp when the Application User password was last changed
+        /// </summary>
+        /// <value>Timestamp when the Application User password was last changed</value>
+        [DataMember(Name = "passwordChanged", EmitDefaultValue = true)]
+        public DateTimeOffset? PasswordChanged { get; private set; }
+
+        /// <summary>
+        /// Returns false as PasswordChanged should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializePasswordChanged()
+        {
+            return false;
+        }
+        /// <summary>
+        /// Specifies the default and custom profile properties for a user. Properties that are visible in the Admin Console for an app assignment can also be assigned through the API. Some properties are reference properties that are imported from the target app and can&#39;t be configured. See [profile](/openapi/okta-management/management/tag/User/#tag/User/operation/getUser!c&#x3D;200&amp;path&#x3D;profile&amp;t&#x3D;response). 
+        /// </summary>
+        /// <value>Specifies the default and custom profile properties for a user. Properties that are visible in the Admin Console for an app assignment can also be assigned through the API. Some properties are reference properties that are imported from the target app and can&#39;t be configured. See [profile](/openapi/okta-management/management/tag/User/#tag/User/operation/getUser!c&#x3D;200&amp;path&#x3D;profile&amp;t&#x3D;response). </value>
+        [DataMember(Name = "profile", EmitDefaultValue = true)]
+        public Dictionary<string, Object> Profile { get; set; }
+
+        /// <summary>
+        /// Timestamp when the Application User status was last changed
+        /// </summary>
+        /// <value>Timestamp when the Application User status was last changed</value>
+        [DataMember(Name = "statusChanged", EmitDefaultValue = true)]
+        public DateTimeOffset StatusChanged { get; private set; }
+
+        /// <summary>
+        /// Returns false as StatusChanged should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeStatusChanged()
+        {
+            return false;
+        }
+        /// <summary>
+        /// Embedded resources related to the Application User using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification
+        /// </summary>
+        /// <value>Embedded resources related to the Application User using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification</value>
+        [DataMember(Name = "_embedded", EmitDefaultValue = true)]
+        public Dictionary<string, Object> Embedded { get; private set; }
+
+        /// <summary>
+        /// Returns false as Embedded should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeEmbedded()
+        {
+            return false;
+        }
+        /// <summary>
+        /// Gets or Sets Links
+        /// </summary>
+        [DataMember(Name = "_links", EmitDefaultValue = true)]
+        public LinksAppAndUser Links { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AppUserAssignRequest {\n");
+            sb.Append("  Created: ").Append(Created).Append("\n");
+            sb.Append("  Credentials: ").Append(Credentials).Append("\n");
+            sb.Append("  ExternalId: ").Append(ExternalId).Append("\n");
+            sb.Append("  Id: ").Append(Id).Append("\n");
+            sb.Append("  LastSync: ").Append(LastSync).Append("\n");
+            sb.Append("  LastUpdated: ").Append(LastUpdated).Append("\n");
+            sb.Append("  PasswordChanged: ").Append(PasswordChanged).Append("\n");
+            sb.Append("  Profile: ").Append(Profile).Append("\n");
+            sb.Append("  Scope: ").Append(Scope).Append("\n");
+            sb.Append("  Status: ").Append(Status).Append("\n");
+            sb.Append("  StatusChanged: ").Append(StatusChanged).Append("\n");
+            sb.Append("  SyncState: ").Append(SyncState).Append("\n");
+            sb.Append("  Embedded: ").Append(Embedded).Append("\n");
+            sb.Append("  Links: ").Append(Links).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AppUserAssignRequest);
+        }
+
+        /// <summary>
+        /// Returns true if AppUserAssignRequest instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AppUserAssignRequest to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AppUserAssignRequest input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Created == input.Created ||
+                    (this.Created != null &&
+                    this.Created.Equals(input.Created))
+                ) && 
+                (
+                    this.Credentials == input.Credentials ||
+                    (this.Credentials != null &&
+                    this.Credentials.Equals(input.Credentials))
+                ) && 
+                (
+                    this.ExternalId == input.ExternalId ||
+                    (this.ExternalId != null &&
+                    this.ExternalId.Equals(input.ExternalId))
+                ) && 
+                (
+                    this.Id == input.Id ||
+                    (this.Id != null &&
+                    this.Id.Equals(input.Id))
+                ) && 
+                (
+                    this.LastSync == input.LastSync ||
+                    (this.LastSync != null &&
+                    this.LastSync.Equals(input.LastSync))
+                ) && 
+                (
+                    this.LastUpdated == input.LastUpdated ||
+                    (this.LastUpdated != null &&
+                    this.LastUpdated.Equals(input.LastUpdated))
+                ) && 
+                (
+                    this.PasswordChanged == input.PasswordChanged ||
+                    (this.PasswordChanged != null &&
+                    this.PasswordChanged.Equals(input.PasswordChanged))
+                ) && 
+                (
+                    this.Profile == input.Profile ||
+                    this.Profile != null &&
+                    input.Profile != null &&
+                    this.Profile.SequenceEqual(input.Profile)
+                ) && 
+                (
+                    this.Scope == input.Scope ||
+                    this.Scope.Equals(input.Scope)
+                ) && 
+                (
+                    this.Status == input.Status ||
+                    this.Status.Equals(input.Status)
+                ) && 
+                (
+                    this.StatusChanged == input.StatusChanged ||
+                    (this.StatusChanged != null &&
+                    this.StatusChanged.Equals(input.StatusChanged))
+                ) && 
+                (
+                    this.SyncState == input.SyncState ||
+                    this.SyncState.Equals(input.SyncState)
+                ) && 
+                (
+                    this.Embedded == input.Embedded ||
+                    this.Embedded != null &&
+                    input.Embedded != null &&
+                    this.Embedded.SequenceEqual(input.Embedded)
+                ) && 
+                (
+                    this.Links == input.Links ||
+                    (this.Links != null &&
+                    this.Links.Equals(input.Links))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Created != null)
+                {
+                    hashCode = (hashCode * 59) + this.Created.GetHashCode();
+                }
+                if (this.Credentials != null)
+                {
+                    hashCode = (hashCode * 59) + this.Credentials.GetHashCode();
+                }
+                if (this.ExternalId != null)
+                {
+                    hashCode = (hashCode * 59) + this.ExternalId.GetHashCode();
+                }
+                if (this.Id != null)
+                {
+                    hashCode = (hashCode * 59) + this.Id.GetHashCode();
+                }
+                if (this.LastSync != null)
+                {
+                    hashCode = (hashCode * 59) + this.LastSync.GetHashCode();
+                }
+                if (this.LastUpdated != null)
+                {
+                    hashCode = (hashCode * 59) + this.LastUpdated.GetHashCode();
+                }
+                if (this.PasswordChanged != null)
+                {
+                    hashCode = (hashCode * 59) + this.PasswordChanged.GetHashCode();
+                }
+                if (this.Profile != null)
+                {
+                    hashCode = (hashCode * 59) + this.Profile.GetHashCode();
+                }
+                if (this.Scope != null)
+                {
+                    hashCode = (hashCode * 59) + this.Scope.GetHashCode();
+                }
+                if (this.Status != null)
+                {
+                    hashCode = (hashCode * 59) + this.Status.GetHashCode();
+                }
+                if (this.StatusChanged != null)
+                {
+                    hashCode = (hashCode * 59) + this.StatusChanged.GetHashCode();
+                }
+                if (this.SyncState != null)
+                {
+                    hashCode = (hashCode * 59) + this.SyncState.GetHashCode();
+                }
+                if (this.Embedded != null)
+                {
+                    hashCode = (hashCode * 59) + this.Embedded.GetHashCode();
+                }
+                if (this.Links != null)
+                {
+                    hashCode = (hashCode * 59) + this.Links.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AppUserCredentials.cs b/src/Okta.Sdk/Model/AppUserCredentials.cs
index fd6435d10..bd94746e8 100644
--- a/src/Okta.Sdk/Model/AppUserCredentials.cs
+++ b/src/Okta.Sdk/Model/AppUserCredentials.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -27,7 +27,7 @@ namespace Okta.Sdk.Model
 {
     /// <summary>
     /// Template: ModelGeneric
-    /// Specifies a user&#39;s credentials for the app. The authentication scheme of the app determines whether a username or password can be assigned to a user.
+    /// Specifies a user&#39;s credentials for the app. This parameter can be omitted for apps with [sign-on mode](/openapi/okta-management/management/tag/Application/#tag/Application/operation/getApplication!c&#x3D;200&amp;path&#x3D;0/signOnMode&amp;t&#x3D;response) (&#x60;signOnMode&#x60;) or [authentication schemes](/openapi/okta-management/management/tag/Application/#tag/Application/operation/getApplication!c&#x3D;200&amp;path&#x3D;0/credentials/scheme&amp;t&#x3D;response) (&#x60;credentials.scheme&#x60;) that don&#39;t require credentials. 
     /// </summary>
     [DataContract(Name = "AppUserCredentials")]
     
@@ -41,9 +41,9 @@ public partial class AppUserCredentials : IEquatable<AppUserCredentials>
         public AppUserPasswordCredential Password { get; set; }
 
         /// <summary>
-        /// Username for the app
+        /// The user&#39;s username in the app
         /// </summary>
-        /// <value>Username for the app</value>
+        /// <value>The user&#39;s username in the app</value>
         [DataMember(Name = "userName", EmitDefaultValue = true)]
         public string UserName { get; set; }
 
diff --git a/src/Okta.Sdk/Model/AppUserCredentialsRequestPayload.cs b/src/Okta.Sdk/Model/AppUserCredentialsRequestPayload.cs
new file mode 100644
index 000000000..0a0de4699
--- /dev/null
+++ b/src/Okta.Sdk/Model/AppUserCredentialsRequestPayload.cs
@@ -0,0 +1,114 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Updates the assigned user credentials
+    /// </summary>
+    [DataContract(Name = "AppUserCredentialsRequestPayload")]
+    
+    public partial class AppUserCredentialsRequestPayload : IEquatable<AppUserCredentialsRequestPayload>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Credentials
+        /// </summary>
+        [DataMember(Name = "credentials", EmitDefaultValue = true)]
+        public AppUserCredentials Credentials { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AppUserCredentialsRequestPayload {\n");
+            sb.Append("  Credentials: ").Append(Credentials).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AppUserCredentialsRequestPayload);
+        }
+
+        /// <summary>
+        /// Returns true if AppUserCredentialsRequestPayload instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AppUserCredentialsRequestPayload to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AppUserCredentialsRequestPayload input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Credentials == input.Credentials ||
+                    (this.Credentials != null &&
+                    this.Credentials.Equals(input.Credentials))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Credentials != null)
+                {
+                    hashCode = (hashCode * 59) + this.Credentials.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AppUserPasswordCredential.cs b/src/Okta.Sdk/Model/AppUserPasswordCredential.cs
index 9dc0533cc..a229404d3 100644
--- a/src/Okta.Sdk/Model/AppUserPasswordCredential.cs
+++ b/src/Okta.Sdk/Model/AppUserPasswordCredential.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -27,7 +27,7 @@ namespace Okta.Sdk.Model
 {
     /// <summary>
     /// Template: ModelGeneric
-    /// Specifies a password for a user. This is a write-only property. An empty &#x60;password&#x60; object is returned to indicate that a password value exists.
+    /// The user&#39;s password. This is a write-only property. An empty &#x60;password&#x60; object is returned to indicate that a password value exists.
     /// </summary>
     [DataContract(Name = "AppUserPasswordCredential")]
     
diff --git a/src/Okta.Sdk/Model/AppUserProfileRequestPayload.cs b/src/Okta.Sdk/Model/AppUserProfileRequestPayload.cs
new file mode 100644
index 000000000..4f251d38c
--- /dev/null
+++ b/src/Okta.Sdk/Model/AppUserProfileRequestPayload.cs
@@ -0,0 +1,116 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Updates the assigned user profile &gt; **Note:** The Okta API currently doesn&#39;t support entity tags for conditional updates. As long as you&#39;re the only user updating the the user profile, Okta recommends you fetch the most recent profile with [Retrieve an Application User](/openapi/okta-management/management/tag/ApplicationUsers/#tag/ApplicationUsers/operation/getApplicationUser), apply your profile update, and then &#x60;POST&#x60; back the updated profile.
+    /// </summary>
+    [DataContract(Name = "AppUserProfileRequestPayload")]
+    
+    public partial class AppUserProfileRequestPayload : IEquatable<AppUserProfileRequestPayload>
+    {
+        
+        /// <summary>
+        /// Specifies the default and custom profile properties for a user. Properties that are visible in the Admin Console for an app assignment can also be assigned through the API. Some properties are reference properties that are imported from the target app and can&#39;t be configured. See [profile](/openapi/okta-management/management/tag/User/#tag/User/operation/getUser!c&#x3D;200&amp;path&#x3D;profile&amp;t&#x3D;response). 
+        /// </summary>
+        /// <value>Specifies the default and custom profile properties for a user. Properties that are visible in the Admin Console for an app assignment can also be assigned through the API. Some properties are reference properties that are imported from the target app and can&#39;t be configured. See [profile](/openapi/okta-management/management/tag/User/#tag/User/operation/getUser!c&#x3D;200&amp;path&#x3D;profile&amp;t&#x3D;response). </value>
+        [DataMember(Name = "profile", EmitDefaultValue = true)]
+        public Dictionary<string, Object> Profile { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AppUserProfileRequestPayload {\n");
+            sb.Append("  Profile: ").Append(Profile).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AppUserProfileRequestPayload);
+        }
+
+        /// <summary>
+        /// Returns true if AppUserProfileRequestPayload instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AppUserProfileRequestPayload to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AppUserProfileRequestPayload input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Profile == input.Profile ||
+                    this.Profile != null &&
+                    input.Profile != null &&
+                    this.Profile.SequenceEqual(input.Profile)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Profile != null)
+                {
+                    hashCode = (hashCode * 59) + this.Profile.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AppUserStatus.cs b/src/Okta.Sdk/Model/AppUserStatus.cs
index a30b90bb4..183a0ee72 100644
--- a/src/Okta.Sdk/Model/AppUserStatus.cs
+++ b/src/Okta.Sdk/Model/AppUserStatus.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -26,9 +26,9 @@
 namespace Okta.Sdk.Model
 {
     /// <summary>
-    /// Status of an App User
+    /// Status of an Application User
     /// </summary>
-    /// <value>Status of an App User</value>
+    /// <value>Status of an Application User</value>
     [JsonConverter(typeof(StringEnumSerializingConverter))]
     public sealed class AppUserStatus : StringEnum
     {
diff --git a/src/Okta.Sdk/Model/AppUserSyncState.cs b/src/Okta.Sdk/Model/AppUserSyncState.cs
index ba2df3cec..5ae0c59f1 100644
--- a/src/Okta.Sdk/Model/AppUserSyncState.cs
+++ b/src/Okta.Sdk/Model/AppUserSyncState.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -26,9 +26,9 @@
 namespace Okta.Sdk.Model
 {
     /// <summary>
-    /// The synchronization state for the App User. The App User&#39;s &#x60;syncState&#x60; depends on whether the &#x60;PROFILE_MASTERING&#x60; feature is enabled for the app.  &gt; **Note:** User provisioning currently must be configured through the Admin Console.
+    /// The synchronization state for the Application User. The Application User&#39;s &#x60;syncState&#x60; depends on whether the &#x60;PROFILE_MASTERING&#x60; feature is enabled for the app.  &gt; **Note:** User provisioning currently must be configured through the Admin Console.
     /// </summary>
-    /// <value>The synchronization state for the App User. The App User&#39;s &#x60;syncState&#x60; depends on whether the &#x60;PROFILE_MASTERING&#x60; feature is enabled for the app.  &gt; **Note:** User provisioning currently must be configured through the Admin Console.</value>
+    /// <value>The synchronization state for the Application User. The Application User&#39;s &#x60;syncState&#x60; depends on whether the &#x60;PROFILE_MASTERING&#x60; feature is enabled for the app.  &gt; **Note:** User provisioning currently must be configured through the Admin Console.</value>
     [JsonConverter(typeof(StringEnumSerializingConverter))]
     public sealed class AppUserSyncState : StringEnum
     {
diff --git a/src/Okta.Sdk/Model/AppUserUpdateRequest.cs b/src/Okta.Sdk/Model/AppUserUpdateRequest.cs
new file mode 100644
index 000000000..f690007fe
--- /dev/null
+++ b/src/Okta.Sdk/Model/AppUserUpdateRequest.cs
@@ -0,0 +1,285 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+using System.Reflection;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template" ModelOneOf
+    /// AppUserUpdateRequest
+    /// </summary>
+    [JsonConverter(typeof(AppUserUpdateRequestJsonConverter))]
+    [DataContract(Name = "AppUserUpdateRequest")]
+    public partial class AppUserUpdateRequest : AbstractOpenAPISchema, IEquatable<AppUserUpdateRequest>
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="AppUserUpdateRequest" /> class
+        /// with the <see cref="AppUserCredentialsRequestPayload" /> class
+        /// </summary>
+        /// <param name="actualInstance">An instance of AppUserCredentialsRequestPayload.</param>
+        public AppUserUpdateRequest(AppUserCredentialsRequestPayload actualInstance)
+        {
+            this.IsNullable = false;
+            this.SchemaType= "oneOf";
+            this.ActualInstance = actualInstance ?? throw new ArgumentException("Invalid instance found. Must not be null.");
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="AppUserUpdateRequest" /> class
+        /// with the <see cref="AppUserProfileRequestPayload" /> class
+        /// </summary>
+        /// <param name="actualInstance">An instance of AppUserProfileRequestPayload.</param>
+        public AppUserUpdateRequest(AppUserProfileRequestPayload actualInstance)
+        {
+            this.IsNullable = false;
+            this.SchemaType= "oneOf";
+            this.ActualInstance = actualInstance ?? throw new ArgumentException("Invalid instance found. Must not be null.");
+        }
+
+
+        private Object _actualInstance;
+
+        /// <summary>
+        /// Gets or Sets ActualInstance
+        /// </summary>
+        public override Object ActualInstance
+        {
+            get
+            {
+                return _actualInstance;
+            }
+            set
+            {
+                if (value.GetType() == typeof(AppUserCredentialsRequestPayload))
+                {
+                    this._actualInstance = value;
+                }
+                else if (value.GetType() == typeof(AppUserProfileRequestPayload))
+                {
+                    this._actualInstance = value;
+                }
+                else
+                {
+                    throw new ArgumentException("Invalid instance found. Must be the following types: AppUserCredentialsRequestPayload, AppUserProfileRequestPayload");
+                }
+            }
+        }
+
+        /// <summary>
+        /// Get the actual instance of `AppUserCredentialsRequestPayload`. If the actual instance is not `AppUserCredentialsRequestPayload`,
+        /// the InvalidClassException will be thrown
+        /// </summary>
+        /// <returns>An instance of AppUserCredentialsRequestPayload</returns>
+        public AppUserCredentialsRequestPayload GetAppUserCredentialsRequestPayload()
+        {
+            return (AppUserCredentialsRequestPayload)this.ActualInstance;
+        }
+
+        /// <summary>
+        /// Get the actual instance of `AppUserProfileRequestPayload`. If the actual instance is not `AppUserProfileRequestPayload`,
+        /// the InvalidClassException will be thrown
+        /// </summary>
+        /// <returns>An instance of AppUserProfileRequestPayload</returns>
+        public AppUserProfileRequestPayload GetAppUserProfileRequestPayload()
+        {
+            return (AppUserProfileRequestPayload)this.ActualInstance;
+        }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            var sb = new StringBuilder();
+            sb.Append("class AppUserUpdateRequest {\n");
+            sb.Append("  ActualInstance: ").Append(this.ActualInstance).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return JsonConvert.SerializeObject(this.ActualInstance, AppUserUpdateRequest.SerializerSettings);
+        }
+
+        /// <summary>
+        /// Converts the JSON string into an instance of AppUserUpdateRequest
+        /// </summary>
+        /// <param name="jsonString">JSON string</param>
+        /// <returns>An instance of AppUserUpdateRequest</returns>
+        public static AppUserUpdateRequest FromJson(string jsonString)
+        {
+            AppUserUpdateRequest newAppUserUpdateRequest = null;
+
+            if (string.IsNullOrEmpty(jsonString))
+            {
+                return newAppUserUpdateRequest;
+            }
+            int match = 0;
+            List<string> matchedTypes = new List<string>();
+
+            try
+            {
+                // if it does not contains "AdditionalProperties", use SerializerSettings to deserialize
+                if (typeof(AppUserCredentialsRequestPayload).GetProperty("AdditionalProperties") == null)
+                {
+                    newAppUserUpdateRequest = new AppUserUpdateRequest(JsonConvert.DeserializeObject<AppUserCredentialsRequestPayload>(jsonString, AppUserUpdateRequest.SerializerSettings));
+                }
+                else
+                {
+                    newAppUserUpdateRequest = new AppUserUpdateRequest(JsonConvert.DeserializeObject<AppUserCredentialsRequestPayload>(jsonString, AppUserUpdateRequest.AdditionalPropertiesSerializerSettings));
+                }
+                matchedTypes.Add("AppUserCredentialsRequestPayload");
+                match++;
+            }
+            catch (Exception exception)
+            {
+                // deserialization failed, try the next one
+                System.Diagnostics.Debug.WriteLine(string.Format("Failed to deserialize `{0}` into AppUserCredentialsRequestPayload: {1}", jsonString, exception.ToString()));
+            }
+
+            try
+            {
+                // if it does not contains "AdditionalProperties", use SerializerSettings to deserialize
+                if (typeof(AppUserProfileRequestPayload).GetProperty("AdditionalProperties") == null)
+                {
+                    newAppUserUpdateRequest = new AppUserUpdateRequest(JsonConvert.DeserializeObject<AppUserProfileRequestPayload>(jsonString, AppUserUpdateRequest.SerializerSettings));
+                }
+                else
+                {
+                    newAppUserUpdateRequest = new AppUserUpdateRequest(JsonConvert.DeserializeObject<AppUserProfileRequestPayload>(jsonString, AppUserUpdateRequest.AdditionalPropertiesSerializerSettings));
+                }
+                matchedTypes.Add("AppUserProfileRequestPayload");
+                match++;
+            }
+            catch (Exception exception)
+            {
+                // deserialization failed, try the next one
+                System.Diagnostics.Debug.WriteLine(string.Format("Failed to deserialize `{0}` into AppUserProfileRequestPayload: {1}", jsonString, exception.ToString()));
+            }
+
+            if (match == 0)
+            {
+                throw new InvalidDataException("The JSON string `" + jsonString + "` cannot be deserialized into any schema defined.");
+            }
+            else if (match > 1)
+            {
+                throw new InvalidDataException("The JSON string `" + jsonString + "` incorrectly matches more than one schema (should be exactly one match): " + matchedTypes);
+            }
+
+            // deserialization is considered successful at this point if no exception has been thrown.
+            return newAppUserUpdateRequest;
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AppUserUpdateRequest);
+        }
+
+        /// <summary>
+        /// Returns true if AppUserUpdateRequest instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AppUserUpdateRequest to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AppUserUpdateRequest input)
+        {
+            if (input == null)
+                return false;
+
+            return this.ActualInstance.Equals(input.ActualInstance);
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                if (this.ActualInstance != null)
+                    hashCode = hashCode * 59 + this.ActualInstance.GetHashCode();
+                return hashCode;
+            }
+        }
+
+    }
+
+    /// <summary>
+    /// Custom JSON converter for AppUserUpdateRequest
+    /// </summary>
+    public class AppUserUpdateRequestJsonConverter : JsonConverter
+    {
+        /// <summary>
+        /// To write the JSON string
+        /// </summary>
+        /// <param name="writer">JSON writer</param>
+        /// <param name="value">Object to be converted into a JSON string</param>
+        /// <param name="serializer">JSON Serializer</param>
+        public override void WriteJson(JsonWriter writer, object value, JsonSerializer serializer)
+        {
+            writer.WriteRawValue((string)(typeof(AppUserUpdateRequest).GetMethod("ToJson").Invoke(value, null)));
+        }
+
+        /// <summary>
+        /// To convert a JSON string into an object
+        /// </summary>
+        /// <param name="reader">JSON reader</param>
+        /// <param name="objectType">Object type</param>
+        /// <param name="existingValue">Existing value</param>
+        /// <param name="serializer">JSON Serializer</param>
+        /// <returns>The object converted from the JSON string</returns>
+        public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer)
+        {
+            if(reader.TokenType != JsonToken.Null)
+            {
+                return AppUserUpdateRequest.FromJson(JObject.Load(reader).ToString(Formatting.None));
+            }
+            return null;
+        }
+
+        /// <summary>
+        /// Check if the object can be converted
+        /// </summary>
+        /// <param name="objectType">Object type</param>
+        /// <returns>True if the object can be converted</returns>
+        public override bool CanConvert(Type objectType)
+        {
+            return false;
+        }
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/Application.cs b/src/Okta.Sdk/Model/Application.cs
index 93a66aecf..b6f7ccd28 100644
--- a/src/Okta.Sdk/Model/Application.cs
+++ b/src/Okta.Sdk/Model/Application.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -42,9 +42,10 @@ namespace Okta.Sdk.Model
     [JsonSubtypes.KnownSubType(typeof(BrowserPluginApplication), "BrowserPluginApplication")]
     [JsonSubtypes.KnownSubType(typeof(OpenIdConnectApplication), "OPENID_CONNECT")]
     [JsonSubtypes.KnownSubType(typeof(OpenIdConnectApplication), "OpenIdConnectApplication")]
-    [JsonSubtypes.KnownSubType(typeof(SamlApplication), "SAML_1_1")]
+    [JsonSubtypes.KnownSubType(typeof(Saml11Application), "SAML_1_1")]
     [JsonSubtypes.KnownSubType(typeof(SamlApplication), "SAML_2_0")]
     [JsonSubtypes.KnownSubType(typeof(SecurePasswordStoreApplication), "SECURE_PASSWORD_STORE")]
+    [JsonSubtypes.KnownSubType(typeof(Saml11Application), "Saml11Application")]
     [JsonSubtypes.KnownSubType(typeof(SamlApplication), "SamlApplication")]
     [JsonSubtypes.KnownSubType(typeof(SecurePasswordStoreApplication), "SecurePasswordStoreApplication")]
     [JsonSubtypes.KnownSubType(typeof(WsFederationApplication), "WS_FEDERATION")]
@@ -66,6 +67,11 @@ public partial class Application : IEquatable<Application>
         [DataMember(Name = "status", EmitDefaultValue = true)]
         
         public ApplicationLifecycleStatus Status { get; set; }
+        /// <summary>
+        /// Initializes a new instance of the <see cref="Application" /> class.
+        /// </summary>
+        [JsonConstructorAttribute]
+        public Application() { }
         
         /// <summary>
         /// Gets or Sets Accessibility
@@ -74,8 +80,9 @@ public partial class Application : IEquatable<Application>
         public ApplicationAccessibility Accessibility { get; set; }
 
         /// <summary>
-        /// Gets or Sets Created
+        /// Timestamp when the Application object was created
         /// </summary>
+        /// <value>Timestamp when the Application object was created</value>
         [DataMember(Name = "created", EmitDefaultValue = true)]
         public DateTimeOffset Created { get; private set; }
 
@@ -88,14 +95,16 @@ public bool ShouldSerializeCreated()
             return false;
         }
         /// <summary>
-        /// Gets or Sets Features
+        /// Enabled app features
         /// </summary>
+        /// <value>Enabled app features</value>
         [DataMember(Name = "features", EmitDefaultValue = true)]
         public List<string> Features { get; set; }
 
         /// <summary>
-        /// Gets or Sets Id
+        /// Unique ID for the app instance
         /// </summary>
+        /// <value>Unique ID for the app instance</value>
         [DataMember(Name = "id", EmitDefaultValue = true)]
         public string Id { get; private set; }
 
@@ -108,14 +117,16 @@ public bool ShouldSerializeId()
             return false;
         }
         /// <summary>
-        /// Gets or Sets Label
+        /// User-defined display name for app
         /// </summary>
+        /// <value>User-defined display name for app</value>
         [DataMember(Name = "label", EmitDefaultValue = true)]
         public string Label { get; set; }
 
         /// <summary>
-        /// Gets or Sets LastUpdated
+        /// Timestamp when the Application object was last updated
         /// </summary>
+        /// <value>Timestamp when the Application object was last updated</value>
         [DataMember(Name = "lastUpdated", EmitDefaultValue = true)]
         public DateTimeOffset LastUpdated { get; private set; }
 
@@ -134,8 +145,9 @@ public bool ShouldSerializeLastUpdated()
         public ApplicationLicensing Licensing { get; set; }
 
         /// <summary>
-        /// Gets or Sets Profile
+        /// Contains any valid JSON schema for specifying properties that can be referenced from a request (only available to OAuth 2.0 client apps)
         /// </summary>
+        /// <value>Contains any valid JSON schema for specifying properties that can be referenced from a request (only available to OAuth 2.0 client apps)</value>
         [DataMember(Name = "profile", EmitDefaultValue = true)]
         public Dictionary<string, Object> Profile { get; set; }
 
diff --git a/src/Okta.Sdk/Model/ApplicationAccessibility.cs b/src/Okta.Sdk/Model/ApplicationAccessibility.cs
index 9b753996a..92c275a6c 100644
--- a/src/Okta.Sdk/Model/ApplicationAccessibility.cs
+++ b/src/Okta.Sdk/Model/ApplicationAccessibility.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -27,7 +27,7 @@ namespace Okta.Sdk.Model
 {
     /// <summary>
     /// Template: ModelGeneric
-    /// ApplicationAccessibility
+    /// Specifies access settings for the app
     /// </summary>
     [DataContract(Name = "ApplicationAccessibility")]
     
@@ -35,20 +35,23 @@ public partial class ApplicationAccessibility : IEquatable<ApplicationAccessibil
     {
         
         /// <summary>
-        /// Gets or Sets ErrorRedirectUrl
+        /// Custom error page URL for the app
         /// </summary>
+        /// <value>Custom error page URL for the app</value>
         [DataMember(Name = "errorRedirectUrl", EmitDefaultValue = true)]
         public string ErrorRedirectUrl { get; set; }
 
         /// <summary>
-        /// Gets or Sets LoginRedirectUrl
+        /// Custom login page URL for the app
         /// </summary>
+        /// <value>Custom login page URL for the app</value>
         [DataMember(Name = "loginRedirectUrl", EmitDefaultValue = true)]
         public string LoginRedirectUrl { get; set; }
 
         /// <summary>
-        /// Gets or Sets SelfService
+        /// Represents whether the app can be self-assignable by users
         /// </summary>
+        /// <value>Represents whether the app can be self-assignable by users</value>
         [DataMember(Name = "selfService", EmitDefaultValue = true)]
         public bool SelfService { get; set; }
 
diff --git a/src/Okta.Sdk/Model/ApplicationCredentials.cs b/src/Okta.Sdk/Model/ApplicationCredentials.cs
index 55d4a4467..346f3bbff 100644
--- a/src/Okta.Sdk/Model/ApplicationCredentials.cs
+++ b/src/Okta.Sdk/Model/ApplicationCredentials.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -27,7 +27,7 @@ namespace Okta.Sdk.Model
 {
     /// <summary>
     /// Template: ModelGeneric
-    /// ApplicationCredentials
+    /// Credentials for the specified &#x60;signOnMode&#x60;
     /// </summary>
     [DataContract(Name = "ApplicationCredentials")]
     
diff --git a/src/Okta.Sdk/Model/ApplicationCredentialsOAuthClient.cs b/src/Okta.Sdk/Model/ApplicationCredentialsOAuthClient.cs
index b395be21a..2e34654eb 100644
--- a/src/Okta.Sdk/Model/ApplicationCredentialsOAuthClient.cs
+++ b/src/Okta.Sdk/Model/ApplicationCredentialsOAuthClient.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -59,6 +59,13 @@ public partial class ApplicationCredentialsOAuthClient : IEquatable<ApplicationC
         [DataMember(Name = "client_secret", EmitDefaultValue = true)]
         public string ClientSecret { get; set; }
 
+        /// <summary>
+        /// Require Proof Key for Code Exchange (PKCE) for additional verification
+        /// </summary>
+        /// <value>Require Proof Key for Code Exchange (PKCE) for additional verification</value>
+        [DataMember(Name = "pkce_required", EmitDefaultValue = true)]
+        public bool PkceRequired { get; set; }
+
         /// <summary>
         /// Returns the string presentation of the object
         /// </summary>
@@ -70,6 +77,7 @@ public override string ToString()
             sb.Append("  AutoKeyRotation: ").Append(AutoKeyRotation).Append("\n");
             sb.Append("  ClientId: ").Append(ClientId).Append("\n");
             sb.Append("  ClientSecret: ").Append(ClientSecret).Append("\n");
+            sb.Append("  PkceRequired: ").Append(PkceRequired).Append("\n");
             sb.Append("  TokenEndpointAuthMethod: ").Append(TokenEndpointAuthMethod).Append("\n");
             sb.Append("}\n");
             return sb.ToString();
@@ -120,6 +128,10 @@ public bool Equals(ApplicationCredentialsOAuthClient input)
                     (this.ClientSecret != null &&
                     this.ClientSecret.Equals(input.ClientSecret))
                 ) && 
+                (
+                    this.PkceRequired == input.PkceRequired ||
+                    this.PkceRequired.Equals(input.PkceRequired)
+                ) && 
                 (
                     this.TokenEndpointAuthMethod == input.TokenEndpointAuthMethod ||
                     this.TokenEndpointAuthMethod.Equals(input.TokenEndpointAuthMethod)
@@ -145,6 +157,7 @@ public override int GetHashCode()
                 {
                     hashCode = (hashCode * 59) + this.ClientSecret.GetHashCode();
                 }
+                hashCode = (hashCode * 59) + this.PkceRequired.GetHashCode();
                 if (this.TokenEndpointAuthMethod != null)
                 {
                     hashCode = (hashCode * 59) + this.TokenEndpointAuthMethod.GetHashCode();
diff --git a/src/Okta.Sdk/Model/ApplicationCredentialsScheme.cs b/src/Okta.Sdk/Model/ApplicationCredentialsScheme.cs
index e3d269867..2e97068bc 100644
--- a/src/Okta.Sdk/Model/ApplicationCredentialsScheme.cs
+++ b/src/Okta.Sdk/Model/ApplicationCredentialsScheme.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/ApplicationCredentialsSigning.cs b/src/Okta.Sdk/Model/ApplicationCredentialsSigning.cs
index 5e788f0b0..eee7e4101 100644
--- a/src/Okta.Sdk/Model/ApplicationCredentialsSigning.cs
+++ b/src/Okta.Sdk/Model/ApplicationCredentialsSigning.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/ApplicationCredentialsSigningUse.cs b/src/Okta.Sdk/Model/ApplicationCredentialsSigningUse.cs
index 49779ccc5..ab5898258 100644
--- a/src/Okta.Sdk/Model/ApplicationCredentialsSigningUse.cs
+++ b/src/Okta.Sdk/Model/ApplicationCredentialsSigningUse.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/ApplicationCredentialsUsernameTemplate.cs b/src/Okta.Sdk/Model/ApplicationCredentialsUsernameTemplate.cs
index c578a9d78..d5beea86d 100644
--- a/src/Okta.Sdk/Model/ApplicationCredentialsUsernameTemplate.cs
+++ b/src/Okta.Sdk/Model/ApplicationCredentialsUsernameTemplate.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/ApplicationFeature.cs b/src/Okta.Sdk/Model/ApplicationFeature.cs
index be52e938c..91dcde6fd 100644
--- a/src/Okta.Sdk/Model/ApplicationFeature.cs
+++ b/src/Okta.Sdk/Model/ApplicationFeature.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -21,65 +21,31 @@
 using Newtonsoft.Json;
 using Newtonsoft.Json.Converters;
 using Newtonsoft.Json.Linq;
+using JsonSubTypes;
 using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
 
 namespace Okta.Sdk.Model
 {
     /// <summary>
     /// Template: ModelGeneric
-    /// The Feature object is used to configure application feature settings.  The only feature currently supported is &#x60;USER_PROVISIONING&#x60; for the Org2Org application type. 
+    /// The Feature object is used to configure application feature settings. 
     /// </summary>
     [DataContract(Name = "ApplicationFeature")]
+    [JsonConverter(typeof(JsonSubtypes), "Name")]
+    [JsonSubtypes.KnownSubType(typeof(InboundProvisioningApplicationFeature), "INBOUND_PROVISIONING")]
+    [JsonSubtypes.KnownSubType(typeof(InboundProvisioningApplicationFeature), "InboundProvisioningApplicationFeature")]
+    [JsonSubtypes.KnownSubType(typeof(UserProvisioningApplicationFeature), "USER_PROVISIONING")]
+    [JsonSubtypes.KnownSubType(typeof(UserProvisioningApplicationFeature), "UserProvisioningApplicationFeature")]
     
     public partial class ApplicationFeature : IEquatable<ApplicationFeature>
     {
-        /// <summary>
-        /// Identifying name of the feature
-        /// </summary>
-        /// <value>Identifying name of the feature</value>
-        [JsonConverter(typeof(StringEnumSerializingConverter))]
-        public sealed class NameEnum : StringEnum
-        {
-            /// <summary>
-            /// StringEnum USERPROVISIONING for value: USER_PROVISIONING
-            /// </summary>
-            
-            public static NameEnum USERPROVISIONING = new NameEnum("USER_PROVISIONING");
-
-
-            /// <summary>
-            /// Implicit operator declaration to accept and convert a string value as a <see cref="NameEnum"/>
-            /// </summary>
-            /// <param name="value">The value to use</param>
-            public static implicit operator NameEnum(string value) => new NameEnum(value);
-
-            /// <summary>
-            /// Creates a new <see cref="Name"/> instance.
-            /// </summary>
-            /// <param name="value">The value to use.</param>
-            public NameEnum(string value)
-                : base(value)
-            {
-            }
-        }
-
 
         /// <summary>
-        /// Identifying name of the feature
+        /// Gets or Sets Name
         /// </summary>
-        /// <value>Identifying name of the feature</value>
         [DataMember(Name = "name", EmitDefaultValue = true)]
         
-        public NameEnum Name { get; set; }
-
-        /// <summary>
-        /// Returns false as Name should not be serialized given that it's read-only.
-        /// </summary>
-        /// <returns>false (boolean)</returns>
-        public bool ShouldSerializeName()
-        {
-            return false;
-        }
+        public ApplicationFeatureType Name { get; set; }
 
         /// <summary>
         /// Gets or Sets Status
@@ -88,12 +54,6 @@ public bool ShouldSerializeName()
         
         public EnabledStatus Status { get; set; }
         
-        /// <summary>
-        /// Gets or Sets Capabilities
-        /// </summary>
-        [DataMember(Name = "capabilities", EmitDefaultValue = true)]
-        public ApplicationFeatureCapabilities Capabilities { get; set; }
-
         /// <summary>
         /// Description of the feature
         /// </summary>
@@ -123,7 +83,6 @@ public override string ToString()
         {
             StringBuilder sb = new StringBuilder();
             sb.Append("class ApplicationFeature {\n");
-            sb.Append("  Capabilities: ").Append(Capabilities).Append("\n");
             sb.Append("  Description: ").Append(Description).Append("\n");
             sb.Append("  Name: ").Append(Name).Append("\n");
             sb.Append("  Status: ").Append(Status).Append("\n");
@@ -163,11 +122,6 @@ public bool Equals(ApplicationFeature input)
                 return false;
             }
             return 
-                (
-                    this.Capabilities == input.Capabilities ||
-                    (this.Capabilities != null &&
-                    this.Capabilities.Equals(input.Capabilities))
-                ) && 
                 (
                     this.Description == input.Description ||
                     (this.Description != null &&
@@ -198,10 +152,6 @@ public override int GetHashCode()
             {
                 int hashCode = 41;
                 
-                if (this.Capabilities != null)
-                {
-                    hashCode = (hashCode * 59) + this.Capabilities.GetHashCode();
-                }
                 if (this.Description != null)
                 {
                     hashCode = (hashCode * 59) + this.Description.GetHashCode();
diff --git a/src/Okta.Sdk/Model/ApplicationFeatureLinks.cs b/src/Okta.Sdk/Model/ApplicationFeatureLinks.cs
index 1a27f06f1..72062cc8c 100644
--- a/src/Okta.Sdk/Model/ApplicationFeatureLinks.cs
+++ b/src/Okta.Sdk/Model/ApplicationFeatureLinks.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/ApplicationFeatureType.cs b/src/Okta.Sdk/Model/ApplicationFeatureType.cs
new file mode 100644
index 000000000..f57e3addf
--- /dev/null
+++ b/src/Okta.Sdk/Model/ApplicationFeatureType.cs
@@ -0,0 +1,65 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Identifying name of the feature  | Value | Description   | | - -- -- -- -- | - -- -- -- -- -- -- | | USER_PROVISIONING  | Represents the **To App** provisioning feature setting in the Admin Console | | INBOUND_PROVISIONING | Represents the **To Okta** provisioning feature setting in the Admin Console | 
+    /// </summary>
+    /// <value>Identifying name of the feature  | Value | Description   | | - -- -- -- -- | - -- -- -- -- -- -- | | USER_PROVISIONING  | Represents the **To App** provisioning feature setting in the Admin Console | | INBOUND_PROVISIONING | Represents the **To Okta** provisioning feature setting in the Admin Console | </value>
+    [JsonConverter(typeof(StringEnumSerializingConverter))]
+    public sealed class ApplicationFeatureType : StringEnum
+    {
+        /// <summary>
+        /// StringEnum ApplicationFeatureType for value: USER_PROVISIONING
+        /// </summary>
+        public static ApplicationFeatureType USERPROVISIONING = new ApplicationFeatureType("USER_PROVISIONING");
+        /// <summary>
+        /// StringEnum ApplicationFeatureType for value: USER_PROVISIONING
+        /// </summary>
+        public static ApplicationFeatureType USERPROVISIONING = new ApplicationFeatureType("USER_PROVISIONING");
+        /// <summary>
+        /// StringEnum ApplicationFeatureType for value: INBOUND_PROVISIONING
+        /// </summary>
+        public static ApplicationFeatureType INBOUNDPROVISIONING = new ApplicationFeatureType("INBOUND_PROVISIONING");
+
+        /// <summary>
+        /// Implicit operator declaration to accept and convert a string value as a <see cref="ApplicationFeatureType"/>
+        /// </summary>
+        /// <param name="value">The value to use</param>
+        public static implicit operator ApplicationFeatureType(string value) => new ApplicationFeatureType(value);
+
+        /// <summary>
+        /// Creates a new <see cref="ApplicationFeatureType"/> instance.
+        /// </summary>
+        /// <param name="value">The value to use.</param>
+        public ApplicationFeatureType(string value)
+            : base(value)
+        {
+        }
+    }
+
+
+}
diff --git a/src/Okta.Sdk/Model/ApplicationGroupAssignment.cs b/src/Okta.Sdk/Model/ApplicationGroupAssignment.cs
index 06d2c1cdd..73f7e5080 100644
--- a/src/Okta.Sdk/Model/ApplicationGroupAssignment.cs
+++ b/src/Okta.Sdk/Model/ApplicationGroupAssignment.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -27,7 +27,7 @@ namespace Okta.Sdk.Model
 {
     /// <summary>
     /// Template: ModelGeneric
-    /// ApplicationGroupAssignment
+    /// The Application Group object that defines a group of users&#39; app-specific profile and credentials for an app
     /// </summary>
     [DataContract(Name = "ApplicationGroupAssignment")]
     
@@ -35,8 +35,9 @@ public partial class ApplicationGroupAssignment : IEquatable<ApplicationGroupAss
     {
         
         /// <summary>
-        /// Gets or Sets Id
+        /// ID of the [Group](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Group/)
         /// </summary>
+        /// <value>ID of the [Group](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Group/)</value>
         [DataMember(Name = "id", EmitDefaultValue = true)]
         public string Id { get; private set; }
 
@@ -52,31 +53,26 @@ public bool ShouldSerializeId()
         /// Gets or Sets LastUpdated
         /// </summary>
         [DataMember(Name = "lastUpdated", EmitDefaultValue = true)]
-        public DateTimeOffset LastUpdated { get; private set; }
+        public DateTimeOffset LastUpdated { get; set; }
 
         /// <summary>
-        /// Returns false as LastUpdated should not be serialized given that it's read-only.
-        /// </summary>
-        /// <returns>false (boolean)</returns>
-        public bool ShouldSerializeLastUpdated()
-        {
-            return false;
-        }
-        /// <summary>
-        /// Gets or Sets Priority
+        /// Priority assigned to the group. If an app has more than one group assigned to the same user, then the group with the higher priority has its profile applied to the [Application User](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/ApplicationUsers/). If a priority value isn&#39;t specified, then the next highest priority is assigned by default. See [Assign attribute group priority](https://help.okta.com/okta_help.htm?type&#x3D;oie&amp;id&#x3D;ext-usgp-app-group-priority) and the [sample priority use case](https://help.okta.com/okta_help.htm?type&#x3D;oie&amp;id&#x3D;ext-usgp-combine-values-use).
         /// </summary>
+        /// <value>Priority assigned to the group. If an app has more than one group assigned to the same user, then the group with the higher priority has its profile applied to the [Application User](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/ApplicationUsers/). If a priority value isn&#39;t specified, then the next highest priority is assigned by default. See [Assign attribute group priority](https://help.okta.com/okta_help.htm?type&#x3D;oie&amp;id&#x3D;ext-usgp-app-group-priority) and the [sample priority use case](https://help.okta.com/okta_help.htm?type&#x3D;oie&amp;id&#x3D;ext-usgp-combine-values-use).</value>
         [DataMember(Name = "priority", EmitDefaultValue = true)]
         public int Priority { get; set; }
 
         /// <summary>
-        /// Gets or Sets Profile
+        /// Specifies the profile properties applied to [Application Users](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/ApplicationUsers/) that are assigned to the app through group membership.  Some reference properties are imported from the target app and can&#39;t be configured. See [profile](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/getUser!c&#x3D;200&amp;path&#x3D;profile&amp;t&#x3D;response).
         /// </summary>
+        /// <value>Specifies the profile properties applied to [Application Users](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/ApplicationUsers/) that are assigned to the app through group membership.  Some reference properties are imported from the target app and can&#39;t be configured. See [profile](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/getUser!c&#x3D;200&amp;path&#x3D;profile&amp;t&#x3D;response).</value>
         [DataMember(Name = "profile", EmitDefaultValue = true)]
         public Dictionary<string, Object> Profile { get; set; }
 
         /// <summary>
-        /// Gets or Sets Embedded
+        /// Embedded resource related to the Application Group using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. If the &#x60;expand&#x3D;group&#x60; query parameter is specified, then the [Group](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Group/) object is embedded.  If the &#x60;expand&#x3D;metadata&#x60; query parameter is specified, then the group assignment metadata is embedded.
         /// </summary>
+        /// <value>Embedded resource related to the Application Group using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. If the &#x60;expand&#x3D;group&#x60; query parameter is specified, then the [Group](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Group/) object is embedded.  If the &#x60;expand&#x3D;metadata&#x60; query parameter is specified, then the group assignment metadata is embedded.</value>
         [DataMember(Name = "_embedded", EmitDefaultValue = true)]
         public Dictionary<string, Object> Embedded { get; private set; }
 
@@ -92,7 +88,7 @@ public bool ShouldSerializeEmbedded()
         /// Gets or Sets Links
         /// </summary>
         [DataMember(Name = "_links", EmitDefaultValue = true)]
-        public LinksSelf Links { get; set; }
+        public ApplicationGroupAssignmentLinks Links { get; set; }
 
         /// <summary>
         /// Returns the string presentation of the object
diff --git a/src/Okta.Sdk/Model/ApplicationGroupAssignmentLinks.cs b/src/Okta.Sdk/Model/ApplicationGroupAssignmentLinks.cs
new file mode 100644
index 000000000..4c53ac84b
--- /dev/null
+++ b/src/Okta.Sdk/Model/ApplicationGroupAssignmentLinks.cs
@@ -0,0 +1,146 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// ApplicationGroupAssignmentLinks
+    /// </summary>
+    [DataContract(Name = "ApplicationGroupAssignment__links")]
+    
+    public partial class ApplicationGroupAssignmentLinks : IEquatable<ApplicationGroupAssignmentLinks>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Self
+        /// </summary>
+        [DataMember(Name = "self", EmitDefaultValue = true)]
+        public HrefObjectSelfLink Self { get; set; }
+
+        /// <summary>
+        /// Gets or Sets App
+        /// </summary>
+        [DataMember(Name = "app", EmitDefaultValue = true)]
+        public HrefObjectAppLink App { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Group
+        /// </summary>
+        [DataMember(Name = "group", EmitDefaultValue = true)]
+        public HrefObjectGroupLink Group { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class ApplicationGroupAssignmentLinks {\n");
+            sb.Append("  Self: ").Append(Self).Append("\n");
+            sb.Append("  App: ").Append(App).Append("\n");
+            sb.Append("  Group: ").Append(Group).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as ApplicationGroupAssignmentLinks);
+        }
+
+        /// <summary>
+        /// Returns true if ApplicationGroupAssignmentLinks instances are equal
+        /// </summary>
+        /// <param name="input">Instance of ApplicationGroupAssignmentLinks to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(ApplicationGroupAssignmentLinks input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Self == input.Self ||
+                    (this.Self != null &&
+                    this.Self.Equals(input.Self))
+                ) && 
+                (
+                    this.App == input.App ||
+                    (this.App != null &&
+                    this.App.Equals(input.App))
+                ) && 
+                (
+                    this.Group == input.Group ||
+                    (this.Group != null &&
+                    this.Group.Equals(input.Group))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Self != null)
+                {
+                    hashCode = (hashCode * 59) + this.Self.GetHashCode();
+                }
+                if (this.App != null)
+                {
+                    hashCode = (hashCode * 59) + this.App.GetHashCode();
+                }
+                if (this.Group != null)
+                {
+                    hashCode = (hashCode * 59) + this.Group.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/ApplicationLayout.cs b/src/Okta.Sdk/Model/ApplicationLayout.cs
index 65004cf11..dac4704d7 100644
--- a/src/Okta.Sdk/Model/ApplicationLayout.cs
+++ b/src/Okta.Sdk/Model/ApplicationLayout.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/ApplicationLayoutRule.cs b/src/Okta.Sdk/Model/ApplicationLayoutRule.cs
index d64d7aa2c..1ed7d515e 100644
--- a/src/Okta.Sdk/Model/ApplicationLayoutRule.cs
+++ b/src/Okta.Sdk/Model/ApplicationLayoutRule.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/ApplicationLayoutRuleCondition.cs b/src/Okta.Sdk/Model/ApplicationLayoutRuleCondition.cs
index 4a58f0455..49bb45584 100644
--- a/src/Okta.Sdk/Model/ApplicationLayoutRuleCondition.cs
+++ b/src/Okta.Sdk/Model/ApplicationLayoutRuleCondition.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/ApplicationLayouts.cs b/src/Okta.Sdk/Model/ApplicationLayouts.cs
index 760528ea5..6ef51d39f 100644
--- a/src/Okta.Sdk/Model/ApplicationLayouts.cs
+++ b/src/Okta.Sdk/Model/ApplicationLayouts.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/ApplicationLayoutsLinks.cs b/src/Okta.Sdk/Model/ApplicationLayoutsLinks.cs
index 99b4ffe9c..ced572acb 100644
--- a/src/Okta.Sdk/Model/ApplicationLayoutsLinks.cs
+++ b/src/Okta.Sdk/Model/ApplicationLayoutsLinks.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/ApplicationLicensing.cs b/src/Okta.Sdk/Model/ApplicationLicensing.cs
index f44efb1fe..fc52ac470 100644
--- a/src/Okta.Sdk/Model/ApplicationLicensing.cs
+++ b/src/Okta.Sdk/Model/ApplicationLicensing.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -35,8 +35,9 @@ public partial class ApplicationLicensing : IEquatable<ApplicationLicensing>
     {
         
         /// <summary>
-        /// Gets or Sets SeatCount
+        /// Number of licenses purchased for the app
         /// </summary>
+        /// <value>Number of licenses purchased for the app</value>
         [DataMember(Name = "seatCount", EmitDefaultValue = true)]
         public int SeatCount { get; set; }
 
diff --git a/src/Okta.Sdk/Model/ApplicationLifecycleStatus.cs b/src/Okta.Sdk/Model/ApplicationLifecycleStatus.cs
index 413679d74..d5278dde2 100644
--- a/src/Okta.Sdk/Model/ApplicationLifecycleStatus.cs
+++ b/src/Okta.Sdk/Model/ApplicationLifecycleStatus.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -26,8 +26,9 @@
 namespace Okta.Sdk.Model
 {
     /// <summary>
-    /// Defines ApplicationLifecycleStatus
+    /// App instance status
     /// </summary>
+    /// <value>App instance status</value>
     [JsonConverter(typeof(StringEnumSerializingConverter))]
     public sealed class ApplicationLifecycleStatus : StringEnum
     {
diff --git a/src/Okta.Sdk/Model/ApplicationLinks.cs b/src/Okta.Sdk/Model/ApplicationLinks.cs
index 644a8b963..4e3803fe2 100644
--- a/src/Okta.Sdk/Model/ApplicationLinks.cs
+++ b/src/Okta.Sdk/Model/ApplicationLinks.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -27,7 +27,7 @@ namespace Okta.Sdk.Model
 {
     /// <summary>
     /// Template: ModelGeneric
-    /// ApplicationLinks
+    /// Discoverable resources related to the app
     /// </summary>
     [DataContract(Name = "ApplicationLinks")]
     
diff --git a/src/Okta.Sdk/Model/ApplicationSettings.cs b/src/Okta.Sdk/Model/ApplicationSettings.cs
index 90bd2abf7..45b115373 100644
--- a/src/Okta.Sdk/Model/ApplicationSettings.cs
+++ b/src/Okta.Sdk/Model/ApplicationSettings.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -27,7 +27,7 @@ namespace Okta.Sdk.Model
 {
     /// <summary>
     /// Template: ModelGeneric
-    /// ApplicationSettings
+    /// App settings
     /// </summary>
     [DataContract(Name = "ApplicationSettings")]
     
diff --git a/src/Okta.Sdk/Model/ApplicationSettingsNotes.cs b/src/Okta.Sdk/Model/ApplicationSettingsNotes.cs
index bd145c828..2071e86db 100644
--- a/src/Okta.Sdk/Model/ApplicationSettingsNotes.cs
+++ b/src/Okta.Sdk/Model/ApplicationSettingsNotes.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/ApplicationSettingsNotifications.cs b/src/Okta.Sdk/Model/ApplicationSettingsNotifications.cs
index 844896c65..397bfd20f 100644
--- a/src/Okta.Sdk/Model/ApplicationSettingsNotifications.cs
+++ b/src/Okta.Sdk/Model/ApplicationSettingsNotifications.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/ApplicationSettingsNotificationsVpn.cs b/src/Okta.Sdk/Model/ApplicationSettingsNotificationsVpn.cs
index 7330d6f3d..0c5d1d41d 100644
--- a/src/Okta.Sdk/Model/ApplicationSettingsNotificationsVpn.cs
+++ b/src/Okta.Sdk/Model/ApplicationSettingsNotificationsVpn.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/ApplicationSettingsNotificationsVpnNetwork.cs b/src/Okta.Sdk/Model/ApplicationSettingsNotificationsVpnNetwork.cs
index 1f8cb1a98..756e88636 100644
--- a/src/Okta.Sdk/Model/ApplicationSettingsNotificationsVpnNetwork.cs
+++ b/src/Okta.Sdk/Model/ApplicationSettingsNotificationsVpnNetwork.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/ApplicationSignOnMode.cs b/src/Okta.Sdk/Model/ApplicationSignOnMode.cs
index e0038a697..943973e4e 100644
--- a/src/Okta.Sdk/Model/ApplicationSignOnMode.cs
+++ b/src/Okta.Sdk/Model/ApplicationSignOnMode.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -26,8 +26,9 @@
 namespace Okta.Sdk.Model
 {
     /// <summary>
-    /// Defines ApplicationSignOnMode
+    /// Authentication mode for the app
     /// </summary>
+    /// <value>Authentication mode for the app</value>
     [JsonConverter(typeof(StringEnumSerializingConverter))]
     public sealed class ApplicationSignOnMode : StringEnum
     {
diff --git a/src/Okta.Sdk/Model/ApplicationType.cs b/src/Okta.Sdk/Model/ApplicationType.cs
new file mode 100644
index 000000000..8ff425463
--- /dev/null
+++ b/src/Okta.Sdk/Model/ApplicationType.cs
@@ -0,0 +1,69 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// The type of client application. Default value: &#x60;web&#x60;.
+    /// </summary>
+    /// <value>The type of client application. Default value: &#x60;web&#x60;.</value>
+    [JsonConverter(typeof(StringEnumSerializingConverter))]
+    public sealed class ApplicationType : StringEnum
+    {
+        /// <summary>
+        /// StringEnum ApplicationType for value: browser
+        /// </summary>
+        public static ApplicationType Browser = new ApplicationType("browser");
+        /// <summary>
+        /// StringEnum ApplicationType for value: native
+        /// </summary>
+        public static ApplicationType Native = new ApplicationType("native");
+        /// <summary>
+        /// StringEnum ApplicationType for value: service
+        /// </summary>
+        public static ApplicationType Service = new ApplicationType("service");
+        /// <summary>
+        /// StringEnum ApplicationType for value: web
+        /// </summary>
+        public static ApplicationType Web = new ApplicationType("web");
+
+        /// <summary>
+        /// Implicit operator declaration to accept and convert a string value as a <see cref="ApplicationType"/>
+        /// </summary>
+        /// <param name="value">The value to use</param>
+        public static implicit operator ApplicationType(string value) => new ApplicationType(value);
+
+        /// <summary>
+        /// Creates a new <see cref="ApplicationType"/> instance.
+        /// </summary>
+        /// <param name="value">The value to use.</param>
+        public ApplicationType(string value)
+            : base(value)
+        {
+        }
+    }
+
+
+}
diff --git a/src/Okta.Sdk/Model/ApplicationVisibility.cs b/src/Okta.Sdk/Model/ApplicationVisibility.cs
index 977decab5..78493d0ce 100644
--- a/src/Okta.Sdk/Model/ApplicationVisibility.cs
+++ b/src/Okta.Sdk/Model/ApplicationVisibility.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -35,20 +35,23 @@ public partial class ApplicationVisibility : IEquatable<ApplicationVisibility>
     {
         
         /// <summary>
-        /// Gets or Sets AppLinks
+        /// Links or icons that appear on the End-User Dashboard when they&#39;re assigned to the app
         /// </summary>
+        /// <value>Links or icons that appear on the End-User Dashboard when they&#39;re assigned to the app</value>
         [DataMember(Name = "appLinks", EmitDefaultValue = true)]
         public Dictionary<string, bool> AppLinks { get; set; }
 
         /// <summary>
-        /// Gets or Sets AutoLaunch
+        /// Automatically signs in to the app when user signs into Okta
         /// </summary>
+        /// <value>Automatically signs in to the app when user signs into Okta</value>
         [DataMember(Name = "autoLaunch", EmitDefaultValue = true)]
         public bool AutoLaunch { get; set; }
 
         /// <summary>
-        /// Gets or Sets AutoSubmitToolbar
+        /// Automatically sign in when user lands on the sign-in page
         /// </summary>
+        /// <value>Automatically sign in when user lands on the sign-in page</value>
         [DataMember(Name = "autoSubmitToolbar", EmitDefaultValue = true)]
         public bool AutoSubmitToolbar { get; set; }
 
diff --git a/src/Okta.Sdk/Model/ApplicationVisibilityHide.cs b/src/Okta.Sdk/Model/ApplicationVisibilityHide.cs
index c3a92971f..fceb19d7f 100644
--- a/src/Okta.Sdk/Model/ApplicationVisibilityHide.cs
+++ b/src/Okta.Sdk/Model/ApplicationVisibilityHide.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -27,7 +27,7 @@ namespace Okta.Sdk.Model
 {
     /// <summary>
     /// Template: ModelGeneric
-    /// ApplicationVisibilityHide
+    /// Hides the app for specific end-user apps
     /// </summary>
     [DataContract(Name = "ApplicationVisibilityHide")]
     
diff --git a/src/Okta.Sdk/Model/AssignGroupOwnerRequestBody.cs b/src/Okta.Sdk/Model/AssignGroupOwnerRequestBody.cs
index cbc284f87..5afb942c4 100644
--- a/src/Okta.Sdk/Model/AssignGroupOwnerRequestBody.cs
+++ b/src/Okta.Sdk/Model/AssignGroupOwnerRequestBody.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AssignRoleRequest.cs b/src/Okta.Sdk/Model/AssignRoleRequest.cs
index f2fe0ab63..53e944f4d 100644
--- a/src/Okta.Sdk/Model/AssignRoleRequest.cs
+++ b/src/Okta.Sdk/Model/AssignRoleRequest.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AssignRoleToClientRequest.cs b/src/Okta.Sdk/Model/AssignRoleToClientRequest.cs
new file mode 100644
index 000000000..b14b59713
--- /dev/null
+++ b/src/Okta.Sdk/Model/AssignRoleToClientRequest.cs
@@ -0,0 +1,285 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+using System.Reflection;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template" ModelOneOf
+    /// AssignRoleToClientRequest
+    /// </summary>
+    [JsonConverter(typeof(AssignRoleToClientRequestJsonConverter))]
+    [DataContract(Name = "assignRoleToClient_request")]
+    public partial class AssignRoleToClientRequest : AbstractOpenAPISchema, IEquatable<AssignRoleToClientRequest>
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="AssignRoleToClientRequest" /> class
+        /// with the <see cref="StandardRoleAssignmentSchema" /> class
+        /// </summary>
+        /// <param name="actualInstance">An instance of StandardRoleAssignmentSchema.</param>
+        public AssignRoleToClientRequest(StandardRoleAssignmentSchema actualInstance)
+        {
+            this.IsNullable = false;
+            this.SchemaType= "oneOf";
+            this.ActualInstance = actualInstance ?? throw new ArgumentException("Invalid instance found. Must not be null.");
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="AssignRoleToClientRequest" /> class
+        /// with the <see cref="CustomRoleAssignmentSchema" /> class
+        /// </summary>
+        /// <param name="actualInstance">An instance of CustomRoleAssignmentSchema.</param>
+        public AssignRoleToClientRequest(CustomRoleAssignmentSchema actualInstance)
+        {
+            this.IsNullable = false;
+            this.SchemaType= "oneOf";
+            this.ActualInstance = actualInstance ?? throw new ArgumentException("Invalid instance found. Must not be null.");
+        }
+
+
+        private Object _actualInstance;
+
+        /// <summary>
+        /// Gets or Sets ActualInstance
+        /// </summary>
+        public override Object ActualInstance
+        {
+            get
+            {
+                return _actualInstance;
+            }
+            set
+            {
+                if (value.GetType() == typeof(CustomRoleAssignmentSchema))
+                {
+                    this._actualInstance = value;
+                }
+                else if (value.GetType() == typeof(StandardRoleAssignmentSchema))
+                {
+                    this._actualInstance = value;
+                }
+                else
+                {
+                    throw new ArgumentException("Invalid instance found. Must be the following types: CustomRoleAssignmentSchema, StandardRoleAssignmentSchema");
+                }
+            }
+        }
+
+        /// <summary>
+        /// Get the actual instance of `StandardRoleAssignmentSchema`. If the actual instance is not `StandardRoleAssignmentSchema`,
+        /// the InvalidClassException will be thrown
+        /// </summary>
+        /// <returns>An instance of StandardRoleAssignmentSchema</returns>
+        public StandardRoleAssignmentSchema GetStandardRoleAssignmentSchema()
+        {
+            return (StandardRoleAssignmentSchema)this.ActualInstance;
+        }
+
+        /// <summary>
+        /// Get the actual instance of `CustomRoleAssignmentSchema`. If the actual instance is not `CustomRoleAssignmentSchema`,
+        /// the InvalidClassException will be thrown
+        /// </summary>
+        /// <returns>An instance of CustomRoleAssignmentSchema</returns>
+        public CustomRoleAssignmentSchema GetCustomRoleAssignmentSchema()
+        {
+            return (CustomRoleAssignmentSchema)this.ActualInstance;
+        }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            var sb = new StringBuilder();
+            sb.Append("class AssignRoleToClientRequest {\n");
+            sb.Append("  ActualInstance: ").Append(this.ActualInstance).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return JsonConvert.SerializeObject(this.ActualInstance, AssignRoleToClientRequest.SerializerSettings);
+        }
+
+        /// <summary>
+        /// Converts the JSON string into an instance of AssignRoleToClientRequest
+        /// </summary>
+        /// <param name="jsonString">JSON string</param>
+        /// <returns>An instance of AssignRoleToClientRequest</returns>
+        public static AssignRoleToClientRequest FromJson(string jsonString)
+        {
+            AssignRoleToClientRequest newAssignRoleToClientRequest = null;
+
+            if (string.IsNullOrEmpty(jsonString))
+            {
+                return newAssignRoleToClientRequest;
+            }
+            int match = 0;
+            List<string> matchedTypes = new List<string>();
+
+            try
+            {
+                // if it does not contains "AdditionalProperties", use SerializerSettings to deserialize
+                if (typeof(CustomRoleAssignmentSchema).GetProperty("AdditionalProperties") == null)
+                {
+                    newAssignRoleToClientRequest = new AssignRoleToClientRequest(JsonConvert.DeserializeObject<CustomRoleAssignmentSchema>(jsonString, AssignRoleToClientRequest.SerializerSettings));
+                }
+                else
+                {
+                    newAssignRoleToClientRequest = new AssignRoleToClientRequest(JsonConvert.DeserializeObject<CustomRoleAssignmentSchema>(jsonString, AssignRoleToClientRequest.AdditionalPropertiesSerializerSettings));
+                }
+                matchedTypes.Add("CustomRoleAssignmentSchema");
+                match++;
+            }
+            catch (Exception exception)
+            {
+                // deserialization failed, try the next one
+                System.Diagnostics.Debug.WriteLine(string.Format("Failed to deserialize `{0}` into CustomRoleAssignmentSchema: {1}", jsonString, exception.ToString()));
+            }
+
+            try
+            {
+                // if it does not contains "AdditionalProperties", use SerializerSettings to deserialize
+                if (typeof(StandardRoleAssignmentSchema).GetProperty("AdditionalProperties") == null)
+                {
+                    newAssignRoleToClientRequest = new AssignRoleToClientRequest(JsonConvert.DeserializeObject<StandardRoleAssignmentSchema>(jsonString, AssignRoleToClientRequest.SerializerSettings));
+                }
+                else
+                {
+                    newAssignRoleToClientRequest = new AssignRoleToClientRequest(JsonConvert.DeserializeObject<StandardRoleAssignmentSchema>(jsonString, AssignRoleToClientRequest.AdditionalPropertiesSerializerSettings));
+                }
+                matchedTypes.Add("StandardRoleAssignmentSchema");
+                match++;
+            }
+            catch (Exception exception)
+            {
+                // deserialization failed, try the next one
+                System.Diagnostics.Debug.WriteLine(string.Format("Failed to deserialize `{0}` into StandardRoleAssignmentSchema: {1}", jsonString, exception.ToString()));
+            }
+
+            if (match == 0)
+            {
+                throw new InvalidDataException("The JSON string `" + jsonString + "` cannot be deserialized into any schema defined.");
+            }
+            else if (match > 1)
+            {
+                throw new InvalidDataException("The JSON string `" + jsonString + "` incorrectly matches more than one schema (should be exactly one match): " + matchedTypes);
+            }
+
+            // deserialization is considered successful at this point if no exception has been thrown.
+            return newAssignRoleToClientRequest;
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AssignRoleToClientRequest);
+        }
+
+        /// <summary>
+        /// Returns true if AssignRoleToClientRequest instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AssignRoleToClientRequest to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AssignRoleToClientRequest input)
+        {
+            if (input == null)
+                return false;
+
+            return this.ActualInstance.Equals(input.ActualInstance);
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                if (this.ActualInstance != null)
+                    hashCode = hashCode * 59 + this.ActualInstance.GetHashCode();
+                return hashCode;
+            }
+        }
+
+    }
+
+    /// <summary>
+    /// Custom JSON converter for AssignRoleToClientRequest
+    /// </summary>
+    public class AssignRoleToClientRequestJsonConverter : JsonConverter
+    {
+        /// <summary>
+        /// To write the JSON string
+        /// </summary>
+        /// <param name="writer">JSON writer</param>
+        /// <param name="value">Object to be converted into a JSON string</param>
+        /// <param name="serializer">JSON Serializer</param>
+        public override void WriteJson(JsonWriter writer, object value, JsonSerializer serializer)
+        {
+            writer.WriteRawValue((string)(typeof(AssignRoleToClientRequest).GetMethod("ToJson").Invoke(value, null)));
+        }
+
+        /// <summary>
+        /// To convert a JSON string into an object
+        /// </summary>
+        /// <param name="reader">JSON reader</param>
+        /// <param name="objectType">Object type</param>
+        /// <param name="existingValue">Existing value</param>
+        /// <param name="serializer">JSON Serializer</param>
+        /// <returns>The object converted from the JSON string</returns>
+        public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer)
+        {
+            if(reader.TokenType != JsonToken.Null)
+            {
+                return AssignRoleToClientRequest.FromJson(JObject.Load(reader).ToString(Formatting.None));
+            }
+            return null;
+        }
+
+        /// <summary>
+        /// Check if the object can be converted
+        /// </summary>
+        /// <param name="objectType">Object type</param>
+        /// <returns>True if the object can be converted</returns>
+        public override bool CanConvert(Type objectType)
+        {
+            return false;
+        }
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AssignUserToRealm.cs b/src/Okta.Sdk/Model/AssignUserToRealm.cs
new file mode 100644
index 000000000..7f394806c
--- /dev/null
+++ b/src/Okta.Sdk/Model/AssignUserToRealm.cs
@@ -0,0 +1,114 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AssignUserToRealm
+    /// </summary>
+    [DataContract(Name = "AssignUserToRealm")]
+    
+    public partial class AssignUserToRealm : IEquatable<AssignUserToRealm>
+    {
+        
+        /// <summary>
+        /// Gets or Sets RealmId
+        /// </summary>
+        [DataMember(Name = "realmId", EmitDefaultValue = true)]
+        public string RealmId { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AssignUserToRealm {\n");
+            sb.Append("  RealmId: ").Append(RealmId).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AssignUserToRealm);
+        }
+
+        /// <summary>
+        /// Returns true if AssignUserToRealm instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AssignUserToRealm to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AssignUserToRealm input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.RealmId == input.RealmId ||
+                    (this.RealmId != null &&
+                    this.RealmId.Equals(input.RealmId))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.RealmId != null)
+                {
+                    hashCode = (hashCode * 59) + this.RealmId.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AssociatedServerMediated.cs b/src/Okta.Sdk/Model/AssociatedServerMediated.cs
index 881cf796a..14058adba 100644
--- a/src/Okta.Sdk/Model/AssociatedServerMediated.cs
+++ b/src/Okta.Sdk/Model/AssociatedServerMediated.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AttackProtectionAuthenticatorSettings.cs b/src/Okta.Sdk/Model/AttackProtectionAuthenticatorSettings.cs
new file mode 100644
index 000000000..5a37d1a5e
--- /dev/null
+++ b/src/Okta.Sdk/Model/AttackProtectionAuthenticatorSettings.cs
@@ -0,0 +1,111 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AttackProtectionAuthenticatorSettings
+    /// </summary>
+    [DataContract(Name = "AttackProtectionAuthenticatorSettings")]
+    
+    public partial class AttackProtectionAuthenticatorSettings : IEquatable<AttackProtectionAuthenticatorSettings>
+    {
+        
+        /// <summary>
+        /// If true, requires users to verify a possession factor before verifying a knowledge factor when the assurance requires two-factor authentication (2FA).
+        /// </summary>
+        /// <value>If true, requires users to verify a possession factor before verifying a knowledge factor when the assurance requires two-factor authentication (2FA).</value>
+        [DataMember(Name = "verifyKnowledgeSecondWhen2faRequired", EmitDefaultValue = true)]
+        public bool VerifyKnowledgeSecondWhen2faRequired { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AttackProtectionAuthenticatorSettings {\n");
+            sb.Append("  VerifyKnowledgeSecondWhen2faRequired: ").Append(VerifyKnowledgeSecondWhen2faRequired).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AttackProtectionAuthenticatorSettings);
+        }
+
+        /// <summary>
+        /// Returns true if AttackProtectionAuthenticatorSettings instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AttackProtectionAuthenticatorSettings to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AttackProtectionAuthenticatorSettings input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.VerifyKnowledgeSecondWhen2faRequired == input.VerifyKnowledgeSecondWhen2faRequired ||
+                    this.VerifyKnowledgeSecondWhen2faRequired.Equals(input.VerifyKnowledgeSecondWhen2faRequired)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                hashCode = (hashCode * 59) + this.VerifyKnowledgeSecondWhen2faRequired.GetHashCode();
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthServerLinks.cs b/src/Okta.Sdk/Model/AuthServerLinks.cs
new file mode 100644
index 000000000..0de5e0f47
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthServerLinks.cs
@@ -0,0 +1,212 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthServerLinks
+    /// </summary>
+    [DataContract(Name = "AuthServerLinks")]
+    
+    public partial class AuthServerLinks : IEquatable<AuthServerLinks>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Self
+        /// </summary>
+        [DataMember(Name = "self", EmitDefaultValue = true)]
+        public HrefObjectSelfLink Self { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Claims
+        /// </summary>
+        [DataMember(Name = "claims", EmitDefaultValue = true)]
+        public Object Claims { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Deactivate
+        /// </summary>
+        [DataMember(Name = "deactivate", EmitDefaultValue = true)]
+        public HrefObjectDeactivateLink Deactivate { get; set; }
+
+        /// <summary>
+        /// Link to the authorization server metadata
+        /// </summary>
+        /// <value>Link to the authorization server metadata</value>
+        [DataMember(Name = "metadata", EmitDefaultValue = true)]
+        public List<HrefObject> Metadata { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Policies
+        /// </summary>
+        [DataMember(Name = "policies", EmitDefaultValue = true)]
+        public Object Policies { get; set; }
+
+        /// <summary>
+        /// Gets or Sets RotateKey
+        /// </summary>
+        [DataMember(Name = "rotateKey", EmitDefaultValue = true)]
+        public Object RotateKey { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Scopes
+        /// </summary>
+        [DataMember(Name = "scopes", EmitDefaultValue = true)]
+        public Object Scopes { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthServerLinks {\n");
+            sb.Append("  Self: ").Append(Self).Append("\n");
+            sb.Append("  Claims: ").Append(Claims).Append("\n");
+            sb.Append("  Deactivate: ").Append(Deactivate).Append("\n");
+            sb.Append("  Metadata: ").Append(Metadata).Append("\n");
+            sb.Append("  Policies: ").Append(Policies).Append("\n");
+            sb.Append("  RotateKey: ").Append(RotateKey).Append("\n");
+            sb.Append("  Scopes: ").Append(Scopes).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthServerLinks);
+        }
+
+        /// <summary>
+        /// Returns true if AuthServerLinks instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthServerLinks to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthServerLinks input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Self == input.Self ||
+                    (this.Self != null &&
+                    this.Self.Equals(input.Self))
+                ) && 
+                (
+                    this.Claims == input.Claims ||
+                    (this.Claims != null &&
+                    this.Claims.Equals(input.Claims))
+                ) && 
+                (
+                    this.Deactivate == input.Deactivate ||
+                    (this.Deactivate != null &&
+                    this.Deactivate.Equals(input.Deactivate))
+                ) && 
+                (
+                    this.Metadata == input.Metadata ||
+                    this.Metadata != null &&
+                    input.Metadata != null &&
+                    this.Metadata.SequenceEqual(input.Metadata)
+                ) && 
+                (
+                    this.Policies == input.Policies ||
+                    (this.Policies != null &&
+                    this.Policies.Equals(input.Policies))
+                ) && 
+                (
+                    this.RotateKey == input.RotateKey ||
+                    (this.RotateKey != null &&
+                    this.RotateKey.Equals(input.RotateKey))
+                ) && 
+                (
+                    this.Scopes == input.Scopes ||
+                    (this.Scopes != null &&
+                    this.Scopes.Equals(input.Scopes))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Self != null)
+                {
+                    hashCode = (hashCode * 59) + this.Self.GetHashCode();
+                }
+                if (this.Claims != null)
+                {
+                    hashCode = (hashCode * 59) + this.Claims.GetHashCode();
+                }
+                if (this.Deactivate != null)
+                {
+                    hashCode = (hashCode * 59) + this.Deactivate.GetHashCode();
+                }
+                if (this.Metadata != null)
+                {
+                    hashCode = (hashCode * 59) + this.Metadata.GetHashCode();
+                }
+                if (this.Policies != null)
+                {
+                    hashCode = (hashCode * 59) + this.Policies.GetHashCode();
+                }
+                if (this.RotateKey != null)
+                {
+                    hashCode = (hashCode * 59) + this.RotateKey.GetHashCode();
+                }
+                if (this.Scopes != null)
+                {
+                    hashCode = (hashCode * 59) + this.Scopes.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticationMethodObject.cs b/src/Okta.Sdk/Model/AuthenticationMethodObject.cs
index a6815d743..aa5fbab19 100644
--- a/src/Okta.Sdk/Model/AuthenticationMethodObject.cs
+++ b/src/Okta.Sdk/Model/AuthenticationMethodObject.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AuthenticationProvider.cs b/src/Okta.Sdk/Model/AuthenticationProvider.cs
index 4f636b866..2080be246 100644
--- a/src/Okta.Sdk/Model/AuthenticationProvider.cs
+++ b/src/Okta.Sdk/Model/AuthenticationProvider.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -27,7 +27,7 @@ namespace Okta.Sdk.Model
 {
     /// <summary>
     /// Template: ModelGeneric
-    /// AuthenticationProvider
+    /// Specifies the authentication provider that validates the user&#39;s password credential. The user&#39;s current provider  is managed by the Delegated Authentication settings for your organization. The provider object is read-only.
     /// </summary>
     [DataContract(Name = "AuthenticationProvider")]
     
@@ -42,11 +42,20 @@ public partial class AuthenticationProvider : IEquatable<AuthenticationProvider>
         public AuthenticationProviderType Type { get; set; }
         
         /// <summary>
-        /// Gets or Sets Name
+        /// The name of the authentication provider
         /// </summary>
+        /// <value>The name of the authentication provider</value>
         [DataMember(Name = "name", EmitDefaultValue = true)]
-        public string Name { get; set; }
+        public string Name { get; private set; }
 
+        /// <summary>
+        /// Returns false as Name should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeName()
+        {
+            return false;
+        }
         /// <summary>
         /// Returns the string presentation of the object
         /// </summary>
diff --git a/src/Okta.Sdk/Model/AuthenticationProviderType.cs b/src/Okta.Sdk/Model/AuthenticationProviderType.cs
index 1c62b3108..522d36b5f 100644
--- a/src/Okta.Sdk/Model/AuthenticationProviderType.cs
+++ b/src/Okta.Sdk/Model/AuthenticationProviderType.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -26,8 +26,9 @@
 namespace Okta.Sdk.Model
 {
     /// <summary>
-    /// Defines AuthenticationProviderType
+    /// The type of authentication provider
     /// </summary>
+    /// <value>The type of authentication provider</value>
     [JsonConverter(typeof(StringEnumSerializingConverter))]
     public sealed class AuthenticationProviderType : StringEnum
     {
diff --git a/src/Okta.Sdk/Model/AuthenticatorBase.cs b/src/Okta.Sdk/Model/AuthenticatorBase.cs
new file mode 100644
index 000000000..230ef0dda
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorBase.cs
@@ -0,0 +1,287 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using JsonSubTypes;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorBase
+    /// </summary>
+    [DataContract(Name = "AuthenticatorBase")]
+    [JsonConverter(typeof(JsonSubtypes), "Key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyCustomApp), "AuthenticatorKeyCustomApp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyDuo), "AuthenticatorKeyDuo")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyEmail), "AuthenticatorKeyEmail")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyExternalIdp), "AuthenticatorKeyExternalIdp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyGoogleOtp), "AuthenticatorKeyGoogleOtp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOktaVerify), "AuthenticatorKeyOktaVerify")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOnprem), "AuthenticatorKeyOnprem")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPassword), "AuthenticatorKeyPassword")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPhone), "AuthenticatorKeyPhone")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityKey), "AuthenticatorKeySecurityKey")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityQuestion), "AuthenticatorKeySecurityQuestion")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySmartCard), "AuthenticatorKeySmartCard")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySymantecVip), "AuthenticatorKeySymantecVip")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyWebauthn), "AuthenticatorKeyWebauthn")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyYubikey), "AuthenticatorKeyYubikey")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorSimple), "AuthenticatorSimple")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyCustomApp), "custom_app")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyDuo), "duo")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyExternalIdp), "external_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyGoogleOtp), "google_otp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyEmail), "okta_email")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPassword), "okta_password")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOktaVerify), "okta_verify")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOnprem), "onprem_mfa")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPhone), "phone_number")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityKey), "security_key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityQuestion), "security_question")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySmartCard), "smart_card_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySymantecVip), "symantec_vip")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyWebauthn), "webauthn")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyYubikey), "yubikey_token")]
+    
+    public partial class AuthenticatorBase : IEquatable<AuthenticatorBase>
+    {
+
+        /// <summary>
+        /// Gets or Sets Key
+        /// </summary>
+        [DataMember(Name = "key", EmitDefaultValue = true)]
+        
+        public AuthenticatorKeyEnum Key { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Status
+        /// </summary>
+        [DataMember(Name = "status", EmitDefaultValue = true)]
+        
+        public LifecycleStatus Status { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Type
+        /// </summary>
+        [DataMember(Name = "type", EmitDefaultValue = true)]
+        
+        public AuthenticatorType Type { get; set; }
+        
+        /// <summary>
+        /// Timestamp when the Authenticator was created
+        /// </summary>
+        /// <value>Timestamp when the Authenticator was created</value>
+        [DataMember(Name = "created", EmitDefaultValue = true)]
+        public DateTimeOffset Created { get; private set; }
+
+        /// <summary>
+        /// Returns false as Created should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeCreated()
+        {
+            return false;
+        }
+        /// <summary>
+        /// A unique identifier for the Authenticator
+        /// </summary>
+        /// <value>A unique identifier for the Authenticator</value>
+        [DataMember(Name = "id", EmitDefaultValue = true)]
+        public string Id { get; private set; }
+
+        /// <summary>
+        /// Returns false as Id should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeId()
+        {
+            return false;
+        }
+        /// <summary>
+        /// Timestamp when the Authenticator was last modified
+        /// </summary>
+        /// <value>Timestamp when the Authenticator was last modified</value>
+        [DataMember(Name = "lastUpdated", EmitDefaultValue = true)]
+        public DateTimeOffset LastUpdated { get; private set; }
+
+        /// <summary>
+        /// Returns false as LastUpdated should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeLastUpdated()
+        {
+            return false;
+        }
+        /// <summary>
+        /// Display name of the Authenticator
+        /// </summary>
+        /// <value>Display name of the Authenticator</value>
+        [DataMember(Name = "name", EmitDefaultValue = true)]
+        public string Name { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Links
+        /// </summary>
+        [DataMember(Name = "_links", EmitDefaultValue = true)]
+        public AuthenticatorLinks Links { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorBase {\n");
+            sb.Append("  Created: ").Append(Created).Append("\n");
+            sb.Append("  Id: ").Append(Id).Append("\n");
+            sb.Append("  Key: ").Append(Key).Append("\n");
+            sb.Append("  LastUpdated: ").Append(LastUpdated).Append("\n");
+            sb.Append("  Name: ").Append(Name).Append("\n");
+            sb.Append("  Status: ").Append(Status).Append("\n");
+            sb.Append("  Type: ").Append(Type).Append("\n");
+            sb.Append("  Links: ").Append(Links).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorBase);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorBase instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorBase to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorBase input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Created == input.Created ||
+                    (this.Created != null &&
+                    this.Created.Equals(input.Created))
+                ) && 
+                (
+                    this.Id == input.Id ||
+                    (this.Id != null &&
+                    this.Id.Equals(input.Id))
+                ) && 
+                (
+                    this.Key == input.Key ||
+                    this.Key.Equals(input.Key)
+                ) && 
+                (
+                    this.LastUpdated == input.LastUpdated ||
+                    (this.LastUpdated != null &&
+                    this.LastUpdated.Equals(input.LastUpdated))
+                ) && 
+                (
+                    this.Name == input.Name ||
+                    (this.Name != null &&
+                    this.Name.Equals(input.Name))
+                ) && 
+                (
+                    this.Status == input.Status ||
+                    this.Status.Equals(input.Status)
+                ) && 
+                (
+                    this.Type == input.Type ||
+                    this.Type.Equals(input.Type)
+                ) && 
+                (
+                    this.Links == input.Links ||
+                    (this.Links != null &&
+                    this.Links.Equals(input.Links))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Created != null)
+                {
+                    hashCode = (hashCode * 59) + this.Created.GetHashCode();
+                }
+                if (this.Id != null)
+                {
+                    hashCode = (hashCode * 59) + this.Id.GetHashCode();
+                }
+                if (this.Key != null)
+                {
+                    hashCode = (hashCode * 59) + this.Key.GetHashCode();
+                }
+                if (this.LastUpdated != null)
+                {
+                    hashCode = (hashCode * 59) + this.LastUpdated.GetHashCode();
+                }
+                if (this.Name != null)
+                {
+                    hashCode = (hashCode * 59) + this.Name.GetHashCode();
+                }
+                if (this.Status != null)
+                {
+                    hashCode = (hashCode * 59) + this.Status.GetHashCode();
+                }
+                if (this.Type != null)
+                {
+                    hashCode = (hashCode * 59) + this.Type.GetHashCode();
+                }
+                if (this.Links != null)
+                {
+                    hashCode = (hashCode * 59) + this.Links.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorIdentity.cs b/src/Okta.Sdk/Model/AuthenticatorIdentity.cs
index c726f3d95..45183e555 100644
--- a/src/Okta.Sdk/Model/AuthenticatorIdentity.cs
+++ b/src/Okta.Sdk/Model/AuthenticatorIdentity.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeyCustomApp.cs b/src/Okta.Sdk/Model/AuthenticatorKeyCustomApp.cs
new file mode 100644
index 000000000..f2b63b730
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeyCustomApp.cs
@@ -0,0 +1,161 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using JsonSubTypes;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorKeyCustomApp
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeyCustomApp")]
+    [JsonConverter(typeof(JsonSubtypes), "Key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyCustomApp), "custom_app")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyDuo), "duo")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyExternalIdp), "external_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyGoogleOtp), "google_otp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyEmail), "okta_email")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPassword), "okta_password")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOktaVerify), "okta_verify")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOnprem), "onprem_mfa")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPhone), "phone_number")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityKey), "security_key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityQuestion), "security_question")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySmartCard), "smart_card_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySymantecVip), "symantec_vip")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyWebauthn), "webauthn")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyYubikey), "yubikey_token")]
+    
+    public partial class AuthenticatorKeyCustomApp : AuthenticatorSimple, IEquatable<AuthenticatorKeyCustomApp>
+    {
+        
+        /// <summary>
+        /// A value of &#x60;true&#x60; indicates that the administrator accepts the [terms](https://www.okta.com/privacy-policy/)for creating a new authenticator. Okta requires that you accept the terms when creating a new &#x60;custom_app&#x60; authenticator. Other authenticators don&#39;t require this field.
+        /// </summary>
+        /// <value>A value of &#x60;true&#x60; indicates that the administrator accepts the [terms](https://www.okta.com/privacy-policy/)for creating a new authenticator. Okta requires that you accept the terms when creating a new &#x60;custom_app&#x60; authenticator. Other authenticators don&#39;t require this field.</value>
+        [DataMember(Name = "agreeToTerms", EmitDefaultValue = true)]
+        public bool AgreeToTerms { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Provider
+        /// </summary>
+        [DataMember(Name = "provider", EmitDefaultValue = true)]
+        public AuthenticatorKeyCustomAppAllOfProvider Provider { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Settings
+        /// </summary>
+        [DataMember(Name = "settings", EmitDefaultValue = true)]
+        public AuthenticatorKeyCustomAppAllOfSettings Settings { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeyCustomApp {\n");
+            sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
+            sb.Append("  AgreeToTerms: ").Append(AgreeToTerms).Append("\n");
+            sb.Append("  Provider: ").Append(Provider).Append("\n");
+            sb.Append("  Settings: ").Append(Settings).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeyCustomApp);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeyCustomApp instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeyCustomApp to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeyCustomApp input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return base.Equals(input) && 
+                (
+                    this.AgreeToTerms == input.AgreeToTerms ||
+                    this.AgreeToTerms.Equals(input.AgreeToTerms)
+                ) && base.Equals(input) && 
+                (
+                    this.Provider == input.Provider ||
+                    (this.Provider != null &&
+                    this.Provider.Equals(input.Provider))
+                ) && base.Equals(input) && 
+                (
+                    this.Settings == input.Settings ||
+                    (this.Settings != null &&
+                    this.Settings.Equals(input.Settings))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = base.GetHashCode();
+                
+                hashCode = (hashCode * 59) + this.AgreeToTerms.GetHashCode();
+                if (this.Provider != null)
+                {
+                    hashCode = (hashCode * 59) + this.Provider.GetHashCode();
+                }
+                if (this.Settings != null)
+                {
+                    hashCode = (hashCode * 59) + this.Settings.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeyCustomAppAllOfProvider.cs b/src/Okta.Sdk/Model/AuthenticatorKeyCustomAppAllOfProvider.cs
new file mode 100644
index 000000000..958e3d906
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeyCustomAppAllOfProvider.cs
@@ -0,0 +1,161 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorKeyCustomAppAllOfProvider
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeyCustomApp_allOf_provider")]
+    
+    public partial class AuthenticatorKeyCustomAppAllOfProvider : IEquatable<AuthenticatorKeyCustomAppAllOfProvider>
+    {
+        /// <summary>
+        /// Provider type
+        /// </summary>
+        /// <value>Provider type</value>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class TypeEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum PUSH for value: PUSH
+            /// </summary>
+            
+            public static TypeEnum PUSH = new TypeEnum("PUSH");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="TypeEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator TypeEnum(string value) => new TypeEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="Type"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public TypeEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// Provider type
+        /// </summary>
+        /// <value>Provider type</value>
+        [DataMember(Name = "type", EmitDefaultValue = true)]
+        
+        public TypeEnum Type { get; set; }
+        
+        /// <summary>
+        /// Gets or Sets _Configuration
+        /// </summary>
+        [DataMember(Name = "configuration", EmitDefaultValue = true)]
+        public AuthenticatorKeyCustomAppAllOfProviderConfiguration _Configuration { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeyCustomAppAllOfProvider {\n");
+            sb.Append("  Type: ").Append(Type).Append("\n");
+            sb.Append("  _Configuration: ").Append(_Configuration).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeyCustomAppAllOfProvider);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeyCustomAppAllOfProvider instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeyCustomAppAllOfProvider to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeyCustomAppAllOfProvider input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Type == input.Type ||
+                    this.Type.Equals(input.Type)
+                ) && 
+                (
+                    this._Configuration == input._Configuration ||
+                    (this._Configuration != null &&
+                    this._Configuration.Equals(input._Configuration))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Type != null)
+                {
+                    hashCode = (hashCode * 59) + this.Type.GetHashCode();
+                }
+                if (this._Configuration != null)
+                {
+                    hashCode = (hashCode * 59) + this._Configuration.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeyCustomAppAllOfProviderConfiguration.cs b/src/Okta.Sdk/Model/AuthenticatorKeyCustomAppAllOfProviderConfiguration.cs
new file mode 100644
index 000000000..cd1999ddc
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeyCustomAppAllOfProviderConfiguration.cs
@@ -0,0 +1,130 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// The configuration of the provider
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeyCustomApp_allOf_provider_configuration")]
+    
+    public partial class AuthenticatorKeyCustomAppAllOfProviderConfiguration : IEquatable<AuthenticatorKeyCustomAppAllOfProviderConfiguration>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Apns
+        /// </summary>
+        [DataMember(Name = "apns", EmitDefaultValue = true)]
+        public AuthenticatorKeyCustomAppAllOfProviderConfigurationApns Apns { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Fcm
+        /// </summary>
+        [DataMember(Name = "fcm", EmitDefaultValue = true)]
+        public AuthenticatorKeyCustomAppAllOfProviderConfigurationFcm Fcm { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeyCustomAppAllOfProviderConfiguration {\n");
+            sb.Append("  Apns: ").Append(Apns).Append("\n");
+            sb.Append("  Fcm: ").Append(Fcm).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeyCustomAppAllOfProviderConfiguration);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeyCustomAppAllOfProviderConfiguration instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeyCustomAppAllOfProviderConfiguration to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeyCustomAppAllOfProviderConfiguration input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Apns == input.Apns ||
+                    (this.Apns != null &&
+                    this.Apns.Equals(input.Apns))
+                ) && 
+                (
+                    this.Fcm == input.Fcm ||
+                    (this.Fcm != null &&
+                    this.Fcm.Equals(input.Fcm))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Apns != null)
+                {
+                    hashCode = (hashCode * 59) + this.Apns.GetHashCode();
+                }
+                if (this.Fcm != null)
+                {
+                    hashCode = (hashCode * 59) + this.Fcm.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeyCustomAppAllOfProviderConfigurationApns.cs b/src/Okta.Sdk/Model/AuthenticatorKeyCustomAppAllOfProviderConfigurationApns.cs
new file mode 100644
index 000000000..d43fdf78d
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeyCustomAppAllOfProviderConfigurationApns.cs
@@ -0,0 +1,149 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorKeyCustomAppAllOfProviderConfigurationApns
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeyCustomApp_allOf_provider_configuration_apns")]
+    
+    public partial class AuthenticatorKeyCustomAppAllOfProviderConfigurationApns : IEquatable<AuthenticatorKeyCustomAppAllOfProviderConfigurationApns>
+    {
+        
+        /// <summary>
+        /// ID of the APNs (Apple Push Notification Service) [configurations](https://developer.okta.com/docs/reference/api/push-providers/)
+        /// </summary>
+        /// <value>ID of the APNs (Apple Push Notification Service) [configurations](https://developer.okta.com/docs/reference/api/push-providers/)</value>
+        [DataMember(Name = "id", EmitDefaultValue = true)]
+        public string Id { get; set; }
+
+        /// <summary>
+        /// AppBundleId of the APNs (Apple Push Notification Service) [configurations](https://developer.okta.com/docs/reference/api/push-providers/)
+        /// </summary>
+        /// <value>AppBundleId of the APNs (Apple Push Notification Service) [configurations](https://developer.okta.com/docs/reference/api/push-providers/)</value>
+        [DataMember(Name = "appBundleId", EmitDefaultValue = true)]
+        public string AppBundleId { get; set; }
+
+        /// <summary>
+        /// DebugAppBundleId of the APNs (Apple Push Notification Service) [configurations](https://developer.okta.com/docs/reference/api/push-providers/)
+        /// </summary>
+        /// <value>DebugAppBundleId of the APNs (Apple Push Notification Service) [configurations](https://developer.okta.com/docs/reference/api/push-providers/)</value>
+        [DataMember(Name = "debugAppBundleId", EmitDefaultValue = true)]
+        public string DebugAppBundleId { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeyCustomAppAllOfProviderConfigurationApns {\n");
+            sb.Append("  Id: ").Append(Id).Append("\n");
+            sb.Append("  AppBundleId: ").Append(AppBundleId).Append("\n");
+            sb.Append("  DebugAppBundleId: ").Append(DebugAppBundleId).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeyCustomAppAllOfProviderConfigurationApns);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeyCustomAppAllOfProviderConfigurationApns instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeyCustomAppAllOfProviderConfigurationApns to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeyCustomAppAllOfProviderConfigurationApns input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Id == input.Id ||
+                    (this.Id != null &&
+                    this.Id.Equals(input.Id))
+                ) && 
+                (
+                    this.AppBundleId == input.AppBundleId ||
+                    (this.AppBundleId != null &&
+                    this.AppBundleId.Equals(input.AppBundleId))
+                ) && 
+                (
+                    this.DebugAppBundleId == input.DebugAppBundleId ||
+                    (this.DebugAppBundleId != null &&
+                    this.DebugAppBundleId.Equals(input.DebugAppBundleId))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Id != null)
+                {
+                    hashCode = (hashCode * 59) + this.Id.GetHashCode();
+                }
+                if (this.AppBundleId != null)
+                {
+                    hashCode = (hashCode * 59) + this.AppBundleId.GetHashCode();
+                }
+                if (this.DebugAppBundleId != null)
+                {
+                    hashCode = (hashCode * 59) + this.DebugAppBundleId.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeyCustomAppAllOfProviderConfigurationFcm.cs b/src/Okta.Sdk/Model/AuthenticatorKeyCustomAppAllOfProviderConfigurationFcm.cs
new file mode 100644
index 000000000..adcc42f94
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeyCustomAppAllOfProviderConfigurationFcm.cs
@@ -0,0 +1,115 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorKeyCustomAppAllOfProviderConfigurationFcm
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeyCustomApp_allOf_provider_configuration_fcm")]
+    
+    public partial class AuthenticatorKeyCustomAppAllOfProviderConfigurationFcm : IEquatable<AuthenticatorKeyCustomAppAllOfProviderConfigurationFcm>
+    {
+        
+        /// <summary>
+        /// ID of the FCM (Firebase Cloud Messaging Service) [configurations](https://developer.okta.com/docs/reference/api/push-providers/)
+        /// </summary>
+        /// <value>ID of the FCM (Firebase Cloud Messaging Service) [configurations](https://developer.okta.com/docs/reference/api/push-providers/)</value>
+        [DataMember(Name = "id", EmitDefaultValue = true)]
+        public string Id { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeyCustomAppAllOfProviderConfigurationFcm {\n");
+            sb.Append("  Id: ").Append(Id).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeyCustomAppAllOfProviderConfigurationFcm);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeyCustomAppAllOfProviderConfigurationFcm instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeyCustomAppAllOfProviderConfigurationFcm to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeyCustomAppAllOfProviderConfigurationFcm input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Id == input.Id ||
+                    (this.Id != null &&
+                    this.Id.Equals(input.Id))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Id != null)
+                {
+                    hashCode = (hashCode * 59) + this.Id.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeyCustomAppAllOfSettings.cs b/src/Okta.Sdk/Model/AuthenticatorKeyCustomAppAllOfSettings.cs
new file mode 100644
index 000000000..59c76aa08
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeyCustomAppAllOfSettings.cs
@@ -0,0 +1,131 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorKeyCustomAppAllOfSettings
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeyCustomApp_allOf_settings")]
+    
+    public partial class AuthenticatorKeyCustomAppAllOfSettings : IEquatable<AuthenticatorKeyCustomAppAllOfSettings>
+    {
+
+        /// <summary>
+        /// Gets or Sets UserVerification
+        /// </summary>
+        [DataMember(Name = "userVerification", EmitDefaultValue = true)]
+        
+        public CustomAppUserVerificationEnum UserVerification { get; set; }
+        
+        /// <summary>
+        /// The application instance ID. For custom_app, you need to create an OIDC native app using the [Apps API](https://developer.okta.com/docs/reference/api/apps/) with &#x60;Authorization Code&#x60; and &#x60;Refresh Token&#x60; grant types. You can leave both &#x60;Sign-in redirect URIs&#x60; and &#x60;Sign-out redirect URIs&#x60; as the default values.
+        /// </summary>
+        /// <value>The application instance ID. For custom_app, you need to create an OIDC native app using the [Apps API](https://developer.okta.com/docs/reference/api/apps/) with &#x60;Authorization Code&#x60; and &#x60;Refresh Token&#x60; grant types. You can leave both &#x60;Sign-in redirect URIs&#x60; and &#x60;Sign-out redirect URIs&#x60; as the default values.</value>
+        [DataMember(Name = "appInstanceId", EmitDefaultValue = true)]
+        public string AppInstanceId { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeyCustomAppAllOfSettings {\n");
+            sb.Append("  UserVerification: ").Append(UserVerification).Append("\n");
+            sb.Append("  AppInstanceId: ").Append(AppInstanceId).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeyCustomAppAllOfSettings);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeyCustomAppAllOfSettings instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeyCustomAppAllOfSettings to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeyCustomAppAllOfSettings input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.UserVerification == input.UserVerification ||
+                    this.UserVerification.Equals(input.UserVerification)
+                ) && 
+                (
+                    this.AppInstanceId == input.AppInstanceId ||
+                    (this.AppInstanceId != null &&
+                    this.AppInstanceId.Equals(input.AppInstanceId))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.UserVerification != null)
+                {
+                    hashCode = (hashCode * 59) + this.UserVerification.GetHashCode();
+                }
+                if (this.AppInstanceId != null)
+                {
+                    hashCode = (hashCode * 59) + this.AppInstanceId.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeyDuo.cs b/src/Okta.Sdk/Model/AuthenticatorKeyDuo.cs
new file mode 100644
index 000000000..dcbbb3e3c
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeyDuo.cs
@@ -0,0 +1,132 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using JsonSubTypes;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorKeyDuo
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeyDuo")]
+    [JsonConverter(typeof(JsonSubtypes), "Key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyCustomApp), "custom_app")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyDuo), "duo")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyExternalIdp), "external_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyGoogleOtp), "google_otp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyEmail), "okta_email")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPassword), "okta_password")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOktaVerify), "okta_verify")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOnprem), "onprem_mfa")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPhone), "phone_number")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityKey), "security_key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityQuestion), "security_question")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySmartCard), "smart_card_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySymantecVip), "symantec_vip")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyWebauthn), "webauthn")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyYubikey), "yubikey_token")]
+    
+    public partial class AuthenticatorKeyDuo : AuthenticatorSimple, IEquatable<AuthenticatorKeyDuo>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Provider
+        /// </summary>
+        [DataMember(Name = "provider", EmitDefaultValue = true)]
+        public AuthenticatorKeyDuoAllOfProvider Provider { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeyDuo {\n");
+            sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
+            sb.Append("  Provider: ").Append(Provider).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeyDuo);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeyDuo instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeyDuo to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeyDuo input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return base.Equals(input) && 
+                (
+                    this.Provider == input.Provider ||
+                    (this.Provider != null &&
+                    this.Provider.Equals(input.Provider))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = base.GetHashCode();
+                
+                if (this.Provider != null)
+                {
+                    hashCode = (hashCode * 59) + this.Provider.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeyDuoAllOfProvider.cs b/src/Okta.Sdk/Model/AuthenticatorKeyDuoAllOfProvider.cs
new file mode 100644
index 000000000..16089c203
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeyDuoAllOfProvider.cs
@@ -0,0 +1,161 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorKeyDuoAllOfProvider
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeyDuo_allOf_provider")]
+    
+    public partial class AuthenticatorKeyDuoAllOfProvider : IEquatable<AuthenticatorKeyDuoAllOfProvider>
+    {
+        /// <summary>
+        /// Provider type
+        /// </summary>
+        /// <value>Provider type</value>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class TypeEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum DUO for value: DUO
+            /// </summary>
+            
+            public static TypeEnum DUO = new TypeEnum("DUO");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="TypeEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator TypeEnum(string value) => new TypeEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="Type"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public TypeEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// Provider type
+        /// </summary>
+        /// <value>Provider type</value>
+        [DataMember(Name = "type", EmitDefaultValue = true)]
+        
+        public TypeEnum Type { get; set; }
+        
+        /// <summary>
+        /// Gets or Sets _Configuration
+        /// </summary>
+        [DataMember(Name = "configuration", EmitDefaultValue = true)]
+        public AuthenticatorKeyDuoAllOfProviderConfiguration _Configuration { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeyDuoAllOfProvider {\n");
+            sb.Append("  Type: ").Append(Type).Append("\n");
+            sb.Append("  _Configuration: ").Append(_Configuration).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeyDuoAllOfProvider);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeyDuoAllOfProvider instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeyDuoAllOfProvider to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeyDuoAllOfProvider input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Type == input.Type ||
+                    this.Type.Equals(input.Type)
+                ) && 
+                (
+                    this._Configuration == input._Configuration ||
+                    (this._Configuration != null &&
+                    this._Configuration.Equals(input._Configuration))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Type != null)
+                {
+                    hashCode = (hashCode * 59) + this.Type.GetHashCode();
+                }
+                if (this._Configuration != null)
+                {
+                    hashCode = (hashCode * 59) + this._Configuration.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeyDuoAllOfProviderConfiguration.cs b/src/Okta.Sdk/Model/AuthenticatorKeyDuoAllOfProviderConfiguration.cs
new file mode 100644
index 000000000..bbf98d842
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeyDuoAllOfProviderConfiguration.cs
@@ -0,0 +1,165 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorKeyDuoAllOfProviderConfiguration
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeyDuo_allOf_provider_configuration")]
+    
+    public partial class AuthenticatorKeyDuoAllOfProviderConfiguration : IEquatable<AuthenticatorKeyDuoAllOfProviderConfiguration>
+    {
+        
+        /// <summary>
+        /// The Duo Security API hostname
+        /// </summary>
+        /// <value>The Duo Security API hostname</value>
+        [DataMember(Name = "host", EmitDefaultValue = true)]
+        public string Host { get; set; }
+
+        /// <summary>
+        /// The Duo Security integration key
+        /// </summary>
+        /// <value>The Duo Security integration key</value>
+        [DataMember(Name = "integrationKey", EmitDefaultValue = true)]
+        public string IntegrationKey { get; set; }
+
+        /// <summary>
+        /// The Duo Security secret key
+        /// </summary>
+        /// <value>The Duo Security secret key</value>
+        [DataMember(Name = "secretKey", EmitDefaultValue = true)]
+        public string SecretKey { get; set; }
+
+        /// <summary>
+        /// Gets or Sets UserNameTemplate
+        /// </summary>
+        [DataMember(Name = "userNameTemplate", EmitDefaultValue = true)]
+        public AuthenticatorKeyDuoAllOfProviderConfigurationUserNameTemplate UserNameTemplate { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeyDuoAllOfProviderConfiguration {\n");
+            sb.Append("  Host: ").Append(Host).Append("\n");
+            sb.Append("  IntegrationKey: ").Append(IntegrationKey).Append("\n");
+            sb.Append("  SecretKey: ").Append(SecretKey).Append("\n");
+            sb.Append("  UserNameTemplate: ").Append(UserNameTemplate).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeyDuoAllOfProviderConfiguration);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeyDuoAllOfProviderConfiguration instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeyDuoAllOfProviderConfiguration to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeyDuoAllOfProviderConfiguration input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Host == input.Host ||
+                    (this.Host != null &&
+                    this.Host.Equals(input.Host))
+                ) && 
+                (
+                    this.IntegrationKey == input.IntegrationKey ||
+                    (this.IntegrationKey != null &&
+                    this.IntegrationKey.Equals(input.IntegrationKey))
+                ) && 
+                (
+                    this.SecretKey == input.SecretKey ||
+                    (this.SecretKey != null &&
+                    this.SecretKey.Equals(input.SecretKey))
+                ) && 
+                (
+                    this.UserNameTemplate == input.UserNameTemplate ||
+                    (this.UserNameTemplate != null &&
+                    this.UserNameTemplate.Equals(input.UserNameTemplate))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Host != null)
+                {
+                    hashCode = (hashCode * 59) + this.Host.GetHashCode();
+                }
+                if (this.IntegrationKey != null)
+                {
+                    hashCode = (hashCode * 59) + this.IntegrationKey.GetHashCode();
+                }
+                if (this.SecretKey != null)
+                {
+                    hashCode = (hashCode * 59) + this.SecretKey.GetHashCode();
+                }
+                if (this.UserNameTemplate != null)
+                {
+                    hashCode = (hashCode * 59) + this.UserNameTemplate.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeyDuoAllOfProviderConfigurationUserNameTemplate.cs b/src/Okta.Sdk/Model/AuthenticatorKeyDuoAllOfProviderConfigurationUserNameTemplate.cs
new file mode 100644
index 000000000..02d4aaf12
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeyDuoAllOfProviderConfigurationUserNameTemplate.cs
@@ -0,0 +1,115 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorKeyDuoAllOfProviderConfigurationUserNameTemplate
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeyDuo_allOf_provider_configuration_userNameTemplate")]
+    
+    public partial class AuthenticatorKeyDuoAllOfProviderConfigurationUserNameTemplate : IEquatable<AuthenticatorKeyDuoAllOfProviderConfigurationUserNameTemplate>
+    {
+        
+        /// <summary>
+        /// The Duo Security user template name
+        /// </summary>
+        /// <value>The Duo Security user template name</value>
+        [DataMember(Name = "template", EmitDefaultValue = true)]
+        public string Template { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeyDuoAllOfProviderConfigurationUserNameTemplate {\n");
+            sb.Append("  Template: ").Append(Template).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeyDuoAllOfProviderConfigurationUserNameTemplate);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeyDuoAllOfProviderConfigurationUserNameTemplate instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeyDuoAllOfProviderConfigurationUserNameTemplate to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeyDuoAllOfProviderConfigurationUserNameTemplate input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Template == input.Template ||
+                    (this.Template != null &&
+                    this.Template.Equals(input.Template))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Template != null)
+                {
+                    hashCode = (hashCode * 59) + this.Template.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeyEmail.cs b/src/Okta.Sdk/Model/AuthenticatorKeyEmail.cs
new file mode 100644
index 000000000..c92c32ab2
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeyEmail.cs
@@ -0,0 +1,132 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using JsonSubTypes;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorKeyEmail
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeyEmail")]
+    [JsonConverter(typeof(JsonSubtypes), "Key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyCustomApp), "custom_app")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyDuo), "duo")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyExternalIdp), "external_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyGoogleOtp), "google_otp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyEmail), "okta_email")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPassword), "okta_password")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOktaVerify), "okta_verify")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOnprem), "onprem_mfa")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPhone), "phone_number")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityKey), "security_key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityQuestion), "security_question")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySmartCard), "smart_card_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySymantecVip), "symantec_vip")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyWebauthn), "webauthn")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyYubikey), "yubikey_token")]
+    
+    public partial class AuthenticatorKeyEmail : AuthenticatorSimple, IEquatable<AuthenticatorKeyEmail>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Settings
+        /// </summary>
+        [DataMember(Name = "settings", EmitDefaultValue = true)]
+        public AuthenticatorKeyEmailAllOfSettings Settings { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeyEmail {\n");
+            sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
+            sb.Append("  Settings: ").Append(Settings).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeyEmail);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeyEmail instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeyEmail to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeyEmail input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return base.Equals(input) && 
+                (
+                    this.Settings == input.Settings ||
+                    (this.Settings != null &&
+                    this.Settings.Equals(input.Settings))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = base.GetHashCode();
+                
+                if (this.Settings != null)
+                {
+                    hashCode = (hashCode * 59) + this.Settings.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeyEmailAllOfSettings.cs b/src/Okta.Sdk/Model/AuthenticatorKeyEmailAllOfSettings.cs
new file mode 100644
index 000000000..61396b281
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeyEmailAllOfSettings.cs
@@ -0,0 +1,127 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorKeyEmailAllOfSettings
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeyEmail_allOf_settings")]
+    
+    public partial class AuthenticatorKeyEmailAllOfSettings : IEquatable<AuthenticatorKeyEmailAllOfSettings>
+    {
+
+        /// <summary>
+        /// Gets or Sets AllowedFor
+        /// </summary>
+        [DataMember(Name = "allowedFor", EmitDefaultValue = true)]
+        
+        public AllowedForEnum AllowedFor { get; set; }
+        
+        /// <summary>
+        /// Specifies the lifetime of an email token. Default value is 5 minutes.
+        /// </summary>
+        /// <value>Specifies the lifetime of an email token. Default value is 5 minutes.</value>
+        [DataMember(Name = "tokenLifetimeInMinutes", EmitDefaultValue = true)]
+        public decimal TokenLifetimeInMinutes { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeyEmailAllOfSettings {\n");
+            sb.Append("  AllowedFor: ").Append(AllowedFor).Append("\n");
+            sb.Append("  TokenLifetimeInMinutes: ").Append(TokenLifetimeInMinutes).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeyEmailAllOfSettings);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeyEmailAllOfSettings instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeyEmailAllOfSettings to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeyEmailAllOfSettings input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.AllowedFor == input.AllowedFor ||
+                    this.AllowedFor.Equals(input.AllowedFor)
+                ) && 
+                (
+                    this.TokenLifetimeInMinutes == input.TokenLifetimeInMinutes ||
+                    this.TokenLifetimeInMinutes.Equals(input.TokenLifetimeInMinutes)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.AllowedFor != null)
+                {
+                    hashCode = (hashCode * 59) + this.AllowedFor.GetHashCode();
+                }
+                hashCode = (hashCode * 59) + this.TokenLifetimeInMinutes.GetHashCode();
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeyEnum.cs b/src/Okta.Sdk/Model/AuthenticatorKeyEnum.cs
new file mode 100644
index 000000000..a5cc0a588
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeyEnum.cs
@@ -0,0 +1,113 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// A human-readable string that identifies the Authenticator
+    /// </summary>
+    /// <value>A human-readable string that identifies the Authenticator</value>
+    [JsonConverter(typeof(StringEnumSerializingConverter))]
+    public sealed class AuthenticatorKeyEnum : StringEnum
+    {
+        /// <summary>
+        /// StringEnum AuthenticatorKeyEnum for value: custom_app
+        /// </summary>
+        public static AuthenticatorKeyEnum CustomApp = new AuthenticatorKeyEnum("custom_app");
+        /// <summary>
+        /// StringEnum AuthenticatorKeyEnum for value: duo
+        /// </summary>
+        public static AuthenticatorKeyEnum Duo = new AuthenticatorKeyEnum("duo");
+        /// <summary>
+        /// StringEnum AuthenticatorKeyEnum for value: external_idp
+        /// </summary>
+        public static AuthenticatorKeyEnum ExternalIdp = new AuthenticatorKeyEnum("external_idp");
+        /// <summary>
+        /// StringEnum AuthenticatorKeyEnum for value: google_otp
+        /// </summary>
+        public static AuthenticatorKeyEnum GoogleOtp = new AuthenticatorKeyEnum("google_otp");
+        /// <summary>
+        /// StringEnum AuthenticatorKeyEnum for value: okta_email
+        /// </summary>
+        public static AuthenticatorKeyEnum OktaEmail = new AuthenticatorKeyEnum("okta_email");
+        /// <summary>
+        /// StringEnum AuthenticatorKeyEnum for value: okta_password
+        /// </summary>
+        public static AuthenticatorKeyEnum OktaPassword = new AuthenticatorKeyEnum("okta_password");
+        /// <summary>
+        /// StringEnum AuthenticatorKeyEnum for value: okta_verify
+        /// </summary>
+        public static AuthenticatorKeyEnum OktaVerify = new AuthenticatorKeyEnum("okta_verify");
+        /// <summary>
+        /// StringEnum AuthenticatorKeyEnum for value: onprem_mfa
+        /// </summary>
+        public static AuthenticatorKeyEnum OnpremMfa = new AuthenticatorKeyEnum("onprem_mfa");
+        /// <summary>
+        /// StringEnum AuthenticatorKeyEnum for value: phone_number
+        /// </summary>
+        public static AuthenticatorKeyEnum PhoneNumber = new AuthenticatorKeyEnum("phone_number");
+        /// <summary>
+        /// StringEnum AuthenticatorKeyEnum for value: security_key
+        /// </summary>
+        public static AuthenticatorKeyEnum SecurityKey = new AuthenticatorKeyEnum("security_key");
+        /// <summary>
+        /// StringEnum AuthenticatorKeyEnum for value: security_question
+        /// </summary>
+        public static AuthenticatorKeyEnum SecurityQuestion = new AuthenticatorKeyEnum("security_question");
+        /// <summary>
+        /// StringEnum AuthenticatorKeyEnum for value: smart_card_idp
+        /// </summary>
+        public static AuthenticatorKeyEnum SmartCardIdp = new AuthenticatorKeyEnum("smart_card_idp");
+        /// <summary>
+        /// StringEnum AuthenticatorKeyEnum for value: symantec_vip
+        /// </summary>
+        public static AuthenticatorKeyEnum SymantecVip = new AuthenticatorKeyEnum("symantec_vip");
+        /// <summary>
+        /// StringEnum AuthenticatorKeyEnum for value: webauthn
+        /// </summary>
+        public static AuthenticatorKeyEnum Webauthn = new AuthenticatorKeyEnum("webauthn");
+        /// <summary>
+        /// StringEnum AuthenticatorKeyEnum for value: yubikey_token
+        /// </summary>
+        public static AuthenticatorKeyEnum YubikeyToken = new AuthenticatorKeyEnum("yubikey_token");
+
+        /// <summary>
+        /// Implicit operator declaration to accept and convert a string value as a <see cref="AuthenticatorKeyEnum"/>
+        /// </summary>
+        /// <param name="value">The value to use</param>
+        public static implicit operator AuthenticatorKeyEnum(string value) => new AuthenticatorKeyEnum(value);
+
+        /// <summary>
+        /// Creates a new <see cref="AuthenticatorKeyEnum"/> instance.
+        /// </summary>
+        /// <param name="value">The value to use.</param>
+        public AuthenticatorKeyEnum(string value)
+            : base(value)
+        {
+        }
+    }
+
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeyExternalIdp.cs b/src/Okta.Sdk/Model/AuthenticatorKeyExternalIdp.cs
new file mode 100644
index 000000000..ee9eebfae
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeyExternalIdp.cs
@@ -0,0 +1,116 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using JsonSubTypes;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorKeyExternalIdp
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeyExternalIdp")]
+    [JsonConverter(typeof(JsonSubtypes), "Key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyCustomApp), "custom_app")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyDuo), "duo")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyExternalIdp), "external_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyGoogleOtp), "google_otp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyEmail), "okta_email")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPassword), "okta_password")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOktaVerify), "okta_verify")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOnprem), "onprem_mfa")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPhone), "phone_number")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityKey), "security_key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityQuestion), "security_question")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySmartCard), "smart_card_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySymantecVip), "symantec_vip")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyWebauthn), "webauthn")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyYubikey), "yubikey_token")]
+    
+    public partial class AuthenticatorKeyExternalIdp : AuthenticatorSimple, IEquatable<AuthenticatorKeyExternalIdp>
+    {
+        
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeyExternalIdp {\n");
+            sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeyExternalIdp);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeyExternalIdp instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeyExternalIdp to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeyExternalIdp input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return base.Equals(input);
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = base.GetHashCode();
+                
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeyGoogleOtp.cs b/src/Okta.Sdk/Model/AuthenticatorKeyGoogleOtp.cs
new file mode 100644
index 000000000..e03465bd7
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeyGoogleOtp.cs
@@ -0,0 +1,116 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using JsonSubTypes;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorKeyGoogleOtp
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeyGoogleOtp")]
+    [JsonConverter(typeof(JsonSubtypes), "Key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyCustomApp), "custom_app")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyDuo), "duo")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyExternalIdp), "external_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyGoogleOtp), "google_otp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyEmail), "okta_email")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPassword), "okta_password")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOktaVerify), "okta_verify")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOnprem), "onprem_mfa")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPhone), "phone_number")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityKey), "security_key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityQuestion), "security_question")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySmartCard), "smart_card_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySymantecVip), "symantec_vip")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyWebauthn), "webauthn")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyYubikey), "yubikey_token")]
+    
+    public partial class AuthenticatorKeyGoogleOtp : AuthenticatorSimple, IEquatable<AuthenticatorKeyGoogleOtp>
+    {
+        
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeyGoogleOtp {\n");
+            sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeyGoogleOtp);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeyGoogleOtp instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeyGoogleOtp to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeyGoogleOtp input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return base.Equals(input);
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = base.GetHashCode();
+                
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeyOktaVerify.cs b/src/Okta.Sdk/Model/AuthenticatorKeyOktaVerify.cs
new file mode 100644
index 000000000..8e4075437
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeyOktaVerify.cs
@@ -0,0 +1,132 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using JsonSubTypes;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorKeyOktaVerify
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeyOktaVerify")]
+    [JsonConverter(typeof(JsonSubtypes), "Key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyCustomApp), "custom_app")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyDuo), "duo")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyExternalIdp), "external_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyGoogleOtp), "google_otp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyEmail), "okta_email")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPassword), "okta_password")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOktaVerify), "okta_verify")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOnprem), "onprem_mfa")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPhone), "phone_number")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityKey), "security_key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityQuestion), "security_question")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySmartCard), "smart_card_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySymantecVip), "symantec_vip")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyWebauthn), "webauthn")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyYubikey), "yubikey_token")]
+    
+    public partial class AuthenticatorKeyOktaVerify : AuthenticatorSimple, IEquatable<AuthenticatorKeyOktaVerify>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Settings
+        /// </summary>
+        [DataMember(Name = "settings", EmitDefaultValue = true)]
+        public AuthenticatorKeyOktaVerifyAllOfSettings Settings { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeyOktaVerify {\n");
+            sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
+            sb.Append("  Settings: ").Append(Settings).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeyOktaVerify);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeyOktaVerify instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeyOktaVerify to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeyOktaVerify input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return base.Equals(input) && 
+                (
+                    this.Settings == input.Settings ||
+                    (this.Settings != null &&
+                    this.Settings.Equals(input.Settings))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = base.GetHashCode();
+                
+                if (this.Settings != null)
+                {
+                    hashCode = (hashCode * 59) + this.Settings.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeyOktaVerifyAllOfSettings.cs b/src/Okta.Sdk/Model/AuthenticatorKeyOktaVerifyAllOfSettings.cs
new file mode 100644
index 000000000..7e0409ca4
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeyOktaVerifyAllOfSettings.cs
@@ -0,0 +1,163 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorKeyOktaVerifyAllOfSettings
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeyOktaVerify_allOf_settings")]
+    
+    public partial class AuthenticatorKeyOktaVerifyAllOfSettings : IEquatable<AuthenticatorKeyOktaVerifyAllOfSettings>
+    {
+
+        /// <summary>
+        /// Gets or Sets UserVerification
+        /// </summary>
+        [DataMember(Name = "userVerification", EmitDefaultValue = true)]
+        
+        public UserVerificationEnum UserVerification { get; set; }
+        
+        /// <summary>
+        /// Gets or Sets ChannelBinding
+        /// </summary>
+        [DataMember(Name = "channelBinding", EmitDefaultValue = true)]
+        public ChannelBinding ChannelBinding { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Compliance
+        /// </summary>
+        [DataMember(Name = "compliance", EmitDefaultValue = true)]
+        public Compliance Compliance { get; set; }
+
+        /// <summary>
+        /// The application instance ID
+        /// </summary>
+        /// <value>The application instance ID</value>
+        [DataMember(Name = "appInstanceId", EmitDefaultValue = true)]
+        public string AppInstanceId { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeyOktaVerifyAllOfSettings {\n");
+            sb.Append("  ChannelBinding: ").Append(ChannelBinding).Append("\n");
+            sb.Append("  Compliance: ").Append(Compliance).Append("\n");
+            sb.Append("  UserVerification: ").Append(UserVerification).Append("\n");
+            sb.Append("  AppInstanceId: ").Append(AppInstanceId).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeyOktaVerifyAllOfSettings);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeyOktaVerifyAllOfSettings instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeyOktaVerifyAllOfSettings to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeyOktaVerifyAllOfSettings input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.ChannelBinding == input.ChannelBinding ||
+                    (this.ChannelBinding != null &&
+                    this.ChannelBinding.Equals(input.ChannelBinding))
+                ) && 
+                (
+                    this.Compliance == input.Compliance ||
+                    (this.Compliance != null &&
+                    this.Compliance.Equals(input.Compliance))
+                ) && 
+                (
+                    this.UserVerification == input.UserVerification ||
+                    this.UserVerification.Equals(input.UserVerification)
+                ) && 
+                (
+                    this.AppInstanceId == input.AppInstanceId ||
+                    (this.AppInstanceId != null &&
+                    this.AppInstanceId.Equals(input.AppInstanceId))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.ChannelBinding != null)
+                {
+                    hashCode = (hashCode * 59) + this.ChannelBinding.GetHashCode();
+                }
+                if (this.Compliance != null)
+                {
+                    hashCode = (hashCode * 59) + this.Compliance.GetHashCode();
+                }
+                if (this.UserVerification != null)
+                {
+                    hashCode = (hashCode * 59) + this.UserVerification.GetHashCode();
+                }
+                if (this.AppInstanceId != null)
+                {
+                    hashCode = (hashCode * 59) + this.AppInstanceId.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeyOnprem.cs b/src/Okta.Sdk/Model/AuthenticatorKeyOnprem.cs
new file mode 100644
index 000000000..0052806c1
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeyOnprem.cs
@@ -0,0 +1,116 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using JsonSubTypes;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorKeyOnprem
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeyOnprem")]
+    [JsonConverter(typeof(JsonSubtypes), "Key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyCustomApp), "custom_app")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyDuo), "duo")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyExternalIdp), "external_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyGoogleOtp), "google_otp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyEmail), "okta_email")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPassword), "okta_password")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOktaVerify), "okta_verify")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOnprem), "onprem_mfa")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPhone), "phone_number")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityKey), "security_key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityQuestion), "security_question")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySmartCard), "smart_card_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySymantecVip), "symantec_vip")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyWebauthn), "webauthn")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyYubikey), "yubikey_token")]
+    
+    public partial class AuthenticatorKeyOnprem : AuthenticatorSimple, IEquatable<AuthenticatorKeyOnprem>
+    {
+        
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeyOnprem {\n");
+            sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeyOnprem);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeyOnprem instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeyOnprem to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeyOnprem input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return base.Equals(input);
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = base.GetHashCode();
+                
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeyPassword.cs b/src/Okta.Sdk/Model/AuthenticatorKeyPassword.cs
new file mode 100644
index 000000000..43713ac41
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeyPassword.cs
@@ -0,0 +1,116 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using JsonSubTypes;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorKeyPassword
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeyPassword")]
+    [JsonConverter(typeof(JsonSubtypes), "Key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyCustomApp), "custom_app")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyDuo), "duo")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyExternalIdp), "external_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyGoogleOtp), "google_otp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyEmail), "okta_email")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPassword), "okta_password")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOktaVerify), "okta_verify")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOnprem), "onprem_mfa")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPhone), "phone_number")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityKey), "security_key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityQuestion), "security_question")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySmartCard), "smart_card_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySymantecVip), "symantec_vip")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyWebauthn), "webauthn")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyYubikey), "yubikey_token")]
+    
+    public partial class AuthenticatorKeyPassword : AuthenticatorSimple, IEquatable<AuthenticatorKeyPassword>
+    {
+        
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeyPassword {\n");
+            sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeyPassword);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeyPassword instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeyPassword to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeyPassword input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return base.Equals(input);
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = base.GetHashCode();
+                
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeyPhone.cs b/src/Okta.Sdk/Model/AuthenticatorKeyPhone.cs
new file mode 100644
index 000000000..fe04fe6b1
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeyPhone.cs
@@ -0,0 +1,132 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using JsonSubTypes;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorKeyPhone
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeyPhone")]
+    [JsonConverter(typeof(JsonSubtypes), "Key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyCustomApp), "custom_app")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyDuo), "duo")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyExternalIdp), "external_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyGoogleOtp), "google_otp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyEmail), "okta_email")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPassword), "okta_password")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOktaVerify), "okta_verify")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOnprem), "onprem_mfa")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPhone), "phone_number")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityKey), "security_key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityQuestion), "security_question")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySmartCard), "smart_card_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySymantecVip), "symantec_vip")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyWebauthn), "webauthn")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyYubikey), "yubikey_token")]
+    
+    public partial class AuthenticatorKeyPhone : AuthenticatorSimple, IEquatable<AuthenticatorKeyPhone>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Settings
+        /// </summary>
+        [DataMember(Name = "settings", EmitDefaultValue = true)]
+        public AuthenticatorKeyPhoneAllOfSettings Settings { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeyPhone {\n");
+            sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
+            sb.Append("  Settings: ").Append(Settings).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeyPhone);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeyPhone instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeyPhone to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeyPhone input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return base.Equals(input) && 
+                (
+                    this.Settings == input.Settings ||
+                    (this.Settings != null &&
+                    this.Settings.Equals(input.Settings))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = base.GetHashCode();
+                
+                if (this.Settings != null)
+                {
+                    hashCode = (hashCode * 59) + this.Settings.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeyPhoneAllOfSettings.cs b/src/Okta.Sdk/Model/AuthenticatorKeyPhoneAllOfSettings.cs
new file mode 100644
index 000000000..6fda8c915
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeyPhoneAllOfSettings.cs
@@ -0,0 +1,114 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorKeyPhoneAllOfSettings
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeyPhone_allOf_settings")]
+    
+    public partial class AuthenticatorKeyPhoneAllOfSettings : IEquatable<AuthenticatorKeyPhoneAllOfSettings>
+    {
+
+        /// <summary>
+        /// Gets or Sets AllowedFor
+        /// </summary>
+        [DataMember(Name = "allowedFor", EmitDefaultValue = true)]
+        
+        public AllowedForEnum AllowedFor { get; set; }
+        
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeyPhoneAllOfSettings {\n");
+            sb.Append("  AllowedFor: ").Append(AllowedFor).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeyPhoneAllOfSettings);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeyPhoneAllOfSettings instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeyPhoneAllOfSettings to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeyPhoneAllOfSettings input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.AllowedFor == input.AllowedFor ||
+                    this.AllowedFor.Equals(input.AllowedFor)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.AllowedFor != null)
+                {
+                    hashCode = (hashCode * 59) + this.AllowedFor.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeySecurityKey.cs b/src/Okta.Sdk/Model/AuthenticatorKeySecurityKey.cs
new file mode 100644
index 000000000..b1b7e698d
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeySecurityKey.cs
@@ -0,0 +1,116 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using JsonSubTypes;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorKeySecurityKey
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeySecurityKey")]
+    [JsonConverter(typeof(JsonSubtypes), "Key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyCustomApp), "custom_app")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyDuo), "duo")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyExternalIdp), "external_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyGoogleOtp), "google_otp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyEmail), "okta_email")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPassword), "okta_password")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOktaVerify), "okta_verify")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOnprem), "onprem_mfa")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPhone), "phone_number")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityKey), "security_key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityQuestion), "security_question")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySmartCard), "smart_card_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySymantecVip), "symantec_vip")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyWebauthn), "webauthn")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyYubikey), "yubikey_token")]
+    
+    public partial class AuthenticatorKeySecurityKey : AuthenticatorSimple, IEquatable<AuthenticatorKeySecurityKey>
+    {
+        
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeySecurityKey {\n");
+            sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeySecurityKey);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeySecurityKey instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeySecurityKey to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeySecurityKey input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return base.Equals(input);
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = base.GetHashCode();
+                
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeySecurityQuestion.cs b/src/Okta.Sdk/Model/AuthenticatorKeySecurityQuestion.cs
new file mode 100644
index 000000000..5e8b9a229
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeySecurityQuestion.cs
@@ -0,0 +1,132 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using JsonSubTypes;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorKeySecurityQuestion
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeySecurityQuestion")]
+    [JsonConverter(typeof(JsonSubtypes), "Key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyCustomApp), "custom_app")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyDuo), "duo")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyExternalIdp), "external_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyGoogleOtp), "google_otp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyEmail), "okta_email")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPassword), "okta_password")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOktaVerify), "okta_verify")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOnprem), "onprem_mfa")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPhone), "phone_number")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityKey), "security_key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityQuestion), "security_question")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySmartCard), "smart_card_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySymantecVip), "symantec_vip")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyWebauthn), "webauthn")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyYubikey), "yubikey_token")]
+    
+    public partial class AuthenticatorKeySecurityQuestion : AuthenticatorSimple, IEquatable<AuthenticatorKeySecurityQuestion>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Settings
+        /// </summary>
+        [DataMember(Name = "settings", EmitDefaultValue = true)]
+        public AuthenticatorKeyPhoneAllOfSettings Settings { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeySecurityQuestion {\n");
+            sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
+            sb.Append("  Settings: ").Append(Settings).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeySecurityQuestion);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeySecurityQuestion instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeySecurityQuestion to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeySecurityQuestion input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return base.Equals(input) && 
+                (
+                    this.Settings == input.Settings ||
+                    (this.Settings != null &&
+                    this.Settings.Equals(input.Settings))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = base.GetHashCode();
+                
+                if (this.Settings != null)
+                {
+                    hashCode = (hashCode * 59) + this.Settings.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeySmartCard.cs b/src/Okta.Sdk/Model/AuthenticatorKeySmartCard.cs
new file mode 100644
index 000000000..cc39c8334
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeySmartCard.cs
@@ -0,0 +1,116 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using JsonSubTypes;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorKeySmartCard
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeySmartCard")]
+    [JsonConverter(typeof(JsonSubtypes), "Key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyCustomApp), "custom_app")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyDuo), "duo")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyExternalIdp), "external_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyGoogleOtp), "google_otp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyEmail), "okta_email")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPassword), "okta_password")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOktaVerify), "okta_verify")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOnprem), "onprem_mfa")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPhone), "phone_number")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityKey), "security_key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityQuestion), "security_question")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySmartCard), "smart_card_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySymantecVip), "symantec_vip")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyWebauthn), "webauthn")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyYubikey), "yubikey_token")]
+    
+    public partial class AuthenticatorKeySmartCard : AuthenticatorSimple, IEquatable<AuthenticatorKeySmartCard>
+    {
+        
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeySmartCard {\n");
+            sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeySmartCard);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeySmartCard instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeySmartCard to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeySmartCard input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return base.Equals(input);
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = base.GetHashCode();
+                
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeySymantecVip.cs b/src/Okta.Sdk/Model/AuthenticatorKeySymantecVip.cs
new file mode 100644
index 000000000..ba1121beb
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeySymantecVip.cs
@@ -0,0 +1,116 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using JsonSubTypes;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorKeySymantecVip
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeySymantecVip")]
+    [JsonConverter(typeof(JsonSubtypes), "Key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyCustomApp), "custom_app")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyDuo), "duo")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyExternalIdp), "external_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyGoogleOtp), "google_otp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyEmail), "okta_email")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPassword), "okta_password")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOktaVerify), "okta_verify")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOnprem), "onprem_mfa")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPhone), "phone_number")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityKey), "security_key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityQuestion), "security_question")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySmartCard), "smart_card_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySymantecVip), "symantec_vip")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyWebauthn), "webauthn")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyYubikey), "yubikey_token")]
+    
+    public partial class AuthenticatorKeySymantecVip : AuthenticatorSimple, IEquatable<AuthenticatorKeySymantecVip>
+    {
+        
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeySymantecVip {\n");
+            sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeySymantecVip);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeySymantecVip instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeySymantecVip to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeySymantecVip input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return base.Equals(input);
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = base.GetHashCode();
+                
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeyWebauthn.cs b/src/Okta.Sdk/Model/AuthenticatorKeyWebauthn.cs
new file mode 100644
index 000000000..bc8a4b4d8
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeyWebauthn.cs
@@ -0,0 +1,116 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using JsonSubTypes;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorKeyWebauthn
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeyWebauthn")]
+    [JsonConverter(typeof(JsonSubtypes), "Key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyCustomApp), "custom_app")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyDuo), "duo")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyExternalIdp), "external_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyGoogleOtp), "google_otp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyEmail), "okta_email")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPassword), "okta_password")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOktaVerify), "okta_verify")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOnprem), "onprem_mfa")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPhone), "phone_number")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityKey), "security_key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityQuestion), "security_question")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySmartCard), "smart_card_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySymantecVip), "symantec_vip")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyWebauthn), "webauthn")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyYubikey), "yubikey_token")]
+    
+    public partial class AuthenticatorKeyWebauthn : AuthenticatorSimple, IEquatable<AuthenticatorKeyWebauthn>
+    {
+        
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeyWebauthn {\n");
+            sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeyWebauthn);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeyWebauthn instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeyWebauthn to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeyWebauthn input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return base.Equals(input);
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = base.GetHashCode();
+                
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorKeyYubikey.cs b/src/Okta.Sdk/Model/AuthenticatorKeyYubikey.cs
new file mode 100644
index 000000000..32a61bcd0
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorKeyYubikey.cs
@@ -0,0 +1,116 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using JsonSubTypes;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorKeyYubikey
+    /// </summary>
+    [DataContract(Name = "AuthenticatorKeyYubikey")]
+    [JsonConverter(typeof(JsonSubtypes), "Key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyCustomApp), "custom_app")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyDuo), "duo")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyExternalIdp), "external_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyGoogleOtp), "google_otp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyEmail), "okta_email")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPassword), "okta_password")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOktaVerify), "okta_verify")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOnprem), "onprem_mfa")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPhone), "phone_number")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityKey), "security_key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityQuestion), "security_question")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySmartCard), "smart_card_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySymantecVip), "symantec_vip")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyWebauthn), "webauthn")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyYubikey), "yubikey_token")]
+    
+    public partial class AuthenticatorKeyYubikey : AuthenticatorSimple, IEquatable<AuthenticatorKeyYubikey>
+    {
+        
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorKeyYubikey {\n");
+            sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorKeyYubikey);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorKeyYubikey instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorKeyYubikey to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorKeyYubikey input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return base.Equals(input);
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = base.GetHashCode();
+                
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorLinks.cs b/src/Okta.Sdk/Model/AuthenticatorLinks.cs
index 63d5c3ee2..21aebe18b 100644
--- a/src/Okta.Sdk/Model/AuthenticatorLinks.cs
+++ b/src/Okta.Sdk/Model/AuthenticatorLinks.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AuthenticatorMethodAlgorithm.cs b/src/Okta.Sdk/Model/AuthenticatorMethodAlgorithm.cs
index 9122351b0..ca05e0be4 100644
--- a/src/Okta.Sdk/Model/AuthenticatorMethodAlgorithm.cs
+++ b/src/Okta.Sdk/Model/AuthenticatorMethodAlgorithm.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -26,9 +26,8 @@
 namespace Okta.Sdk.Model
 {
     /// <summary>
-    /// The encryption algorithm for this authenticator method
+    /// Defines AuthenticatorMethodAlgorithm
     /// </summary>
-    /// <value>The encryption algorithm for this authenticator method</value>
     [JsonConverter(typeof(StringEnumSerializingConverter))]
     public sealed class AuthenticatorMethodAlgorithm : StringEnum
     {
diff --git a/src/Okta.Sdk/Model/AuthenticatorMethodBase.cs b/src/Okta.Sdk/Model/AuthenticatorMethodBase.cs
index 630bd1fd3..1e126ff7f 100644
--- a/src/Okta.Sdk/Model/AuthenticatorMethodBase.cs
+++ b/src/Okta.Sdk/Model/AuthenticatorMethodBase.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AuthenticatorMethodConstraint.cs b/src/Okta.Sdk/Model/AuthenticatorMethodConstraint.cs
index c2d9cdeb9..945a259cf 100644
--- a/src/Okta.Sdk/Model/AuthenticatorMethodConstraint.cs
+++ b/src/Okta.Sdk/Model/AuthenticatorMethodConstraint.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -84,8 +84,8 @@ public override string ToString()
         {
             StringBuilder sb = new StringBuilder();
             sb.Append("class AuthenticatorMethodConstraint {\n");
-            sb.Append("  Method: ").Append(Method).Append("\n");
             sb.Append("  AllowedAuthenticators: ").Append(AllowedAuthenticators).Append("\n");
+            sb.Append("  Method: ").Append(Method).Append("\n");
             sb.Append("}\n");
             return sb.ToString();
         }
@@ -121,15 +121,15 @@ public bool Equals(AuthenticatorMethodConstraint input)
                 return false;
             }
             return 
-                (
-                    this.Method == input.Method ||
-                    this.Method.Equals(input.Method)
-                ) && 
                 (
                     this.AllowedAuthenticators == input.AllowedAuthenticators ||
                     this.AllowedAuthenticators != null &&
                     input.AllowedAuthenticators != null &&
                     this.AllowedAuthenticators.SequenceEqual(input.AllowedAuthenticators)
+                ) && 
+                (
+                    this.Method == input.Method ||
+                    this.Method.Equals(input.Method)
                 );
         }
 
@@ -143,14 +143,14 @@ public override int GetHashCode()
             {
                 int hashCode = 41;
                 
-                if (this.Method != null)
-                {
-                    hashCode = (hashCode * 59) + this.Method.GetHashCode();
-                }
                 if (this.AllowedAuthenticators != null)
                 {
                     hashCode = (hashCode * 59) + this.AllowedAuthenticators.GetHashCode();
                 }
+                if (this.Method != null)
+                {
+                    hashCode = (hashCode * 59) + this.Method.GetHashCode();
+                }
                 return hashCode;
             }
         }
diff --git a/src/Okta.Sdk/Model/AuthenticatorMethodOtp.cs b/src/Okta.Sdk/Model/AuthenticatorMethodOtp.cs
index 09dc3cf4e..3665bb459 100644
--- a/src/Okta.Sdk/Model/AuthenticatorMethodOtp.cs
+++ b/src/Okta.Sdk/Model/AuthenticatorMethodOtp.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -71,26 +71,30 @@ public partial class AuthenticatorMethodOtp : AuthenticatorMethodWithVerifiableP
         public OtpProtocol Protocol { get; set; }
         
         /// <summary>
-        /// Gets or Sets AcceptableAdjacentIntervals
+        /// The number of acceptable adjacent intervals, also known as the clock drift interval. This setting allows you to build in tolerance for any time difference between the token and the server. For example, with a &#x60;timeIntervalInSeconds&#x60; of 60 seconds and an &#x60;acceptableAdjacentIntervals&#x60; value of 5, Okta accepts passcodes within 300 seconds (60 * 5) before or after the end user enters their code.
         /// </summary>
+        /// <value>The number of acceptable adjacent intervals, also known as the clock drift interval. This setting allows you to build in tolerance for any time difference between the token and the server. For example, with a &#x60;timeIntervalInSeconds&#x60; of 60 seconds and an &#x60;acceptableAdjacentIntervals&#x60; value of 5, Okta accepts passcodes within 300 seconds (60 * 5) before or after the end user enters their code.</value>
         [DataMember(Name = "acceptableAdjacentIntervals", EmitDefaultValue = true)]
         public int AcceptableAdjacentIntervals { get; set; }
 
         /// <summary>
-        /// Gets or Sets FactorProfileId
+        /// The &#x60;id&#x60; value of the factor profile
         /// </summary>
+        /// <value>The &#x60;id&#x60; value of the factor profile</value>
         [DataMember(Name = "factorProfileId", EmitDefaultValue = true)]
         public string FactorProfileId { get; set; }
 
         /// <summary>
-        /// Gets or Sets PassCodeLength
+        /// Number of digits in an OTP value
         /// </summary>
+        /// <value>Number of digits in an OTP value</value>
         [DataMember(Name = "passCodeLength", EmitDefaultValue = true)]
         public int PassCodeLength { get; set; }
 
         /// <summary>
-        /// Gets or Sets TimeIntervalInSeconds
+        /// Time interval for TOTP in seconds
         /// </summary>
+        /// <value>Time interval for TOTP in seconds</value>
         [DataMember(Name = "timeIntervalInSeconds", EmitDefaultValue = true)]
         public int TimeIntervalInSeconds { get; set; }
 
diff --git a/src/Okta.Sdk/Model/AuthenticatorMethodProperty.cs b/src/Okta.Sdk/Model/AuthenticatorMethodProperty.cs
index 07c9b19d8..4e7b61897 100644
--- a/src/Okta.Sdk/Model/AuthenticatorMethodProperty.cs
+++ b/src/Okta.Sdk/Model/AuthenticatorMethodProperty.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AuthenticatorMethodPush.cs b/src/Okta.Sdk/Model/AuthenticatorMethodPush.cs
index 4abce675b..3d291be4c 100644
--- a/src/Okta.Sdk/Model/AuthenticatorMethodPush.cs
+++ b/src/Okta.Sdk/Model/AuthenticatorMethodPush.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AuthenticatorMethodPushAllOfSettings.cs b/src/Okta.Sdk/Model/AuthenticatorMethodPushAllOfSettings.cs
index 9eecfd69a..d84c9dfdc 100644
--- a/src/Okta.Sdk/Model/AuthenticatorMethodPushAllOfSettings.cs
+++ b/src/Okta.Sdk/Model/AuthenticatorMethodPushAllOfSettings.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AuthenticatorMethodSignedNonce.cs b/src/Okta.Sdk/Model/AuthenticatorMethodSignedNonce.cs
index 03e5d04b0..77b2469a6 100644
--- a/src/Okta.Sdk/Model/AuthenticatorMethodSignedNonce.cs
+++ b/src/Okta.Sdk/Model/AuthenticatorMethodSignedNonce.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AuthenticatorMethodSignedNonceAllOfSettings.cs b/src/Okta.Sdk/Model/AuthenticatorMethodSignedNonceAllOfSettings.cs
index 3a625ff84..ac5ff0f59 100644
--- a/src/Okta.Sdk/Model/AuthenticatorMethodSignedNonceAllOfSettings.cs
+++ b/src/Okta.Sdk/Model/AuthenticatorMethodSignedNonceAllOfSettings.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AuthenticatorMethodSimple.cs b/src/Okta.Sdk/Model/AuthenticatorMethodSimple.cs
index ba059ed6e..e70caa489 100644
--- a/src/Okta.Sdk/Model/AuthenticatorMethodSimple.cs
+++ b/src/Okta.Sdk/Model/AuthenticatorMethodSimple.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AuthenticatorMethodTotp.cs b/src/Okta.Sdk/Model/AuthenticatorMethodTotp.cs
index 25c2dd106..e1a76c45d 100644
--- a/src/Okta.Sdk/Model/AuthenticatorMethodTotp.cs
+++ b/src/Okta.Sdk/Model/AuthenticatorMethodTotp.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AuthenticatorMethodTotpAllOfSettings.cs b/src/Okta.Sdk/Model/AuthenticatorMethodTotpAllOfSettings.cs
index aba57b3d3..f67cbb74f 100644
--- a/src/Okta.Sdk/Model/AuthenticatorMethodTotpAllOfSettings.cs
+++ b/src/Okta.Sdk/Model/AuthenticatorMethodTotpAllOfSettings.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -33,28 +33,32 @@ namespace Okta.Sdk.Model
     
     public partial class AuthenticatorMethodTotpAllOfSettings : IEquatable<AuthenticatorMethodTotpAllOfSettings>
     {
-        
-        /// <summary>
-        /// Gets or Sets TimeIntervalInSeconds
-        /// </summary>
-        [DataMember(Name = "timeIntervalInSeconds", EmitDefaultValue = true)]
-        public int TimeIntervalInSeconds { get; set; }
 
         /// <summary>
         /// Gets or Sets Encoding
         /// </summary>
         [DataMember(Name = "encoding", EmitDefaultValue = true)]
-        public string Encoding { get; set; }
+        
+        public OtpTotpEncoding Encoding { get; set; }
 
         /// <summary>
         /// Gets or Sets Algorithm
         /// </summary>
         [DataMember(Name = "algorithm", EmitDefaultValue = true)]
-        public string Algorithm { get; set; }
+        
+        public OtpTotpAlgorithm Algorithm { get; set; }
+        
+        /// <summary>
+        /// Time interval for TOTP in seconds
+        /// </summary>
+        /// <value>Time interval for TOTP in seconds</value>
+        [DataMember(Name = "timeIntervalInSeconds", EmitDefaultValue = true)]
+        public int TimeIntervalInSeconds { get; set; }
 
         /// <summary>
-        /// Gets or Sets PassCodeLength
+        /// Number of digits in an OTP value
         /// </summary>
+        /// <value>Number of digits in an OTP value</value>
         [DataMember(Name = "passCodeLength", EmitDefaultValue = true)]
         public int PassCodeLength { get; set; }
 
@@ -111,13 +115,11 @@ public bool Equals(AuthenticatorMethodTotpAllOfSettings input)
                 ) && 
                 (
                     this.Encoding == input.Encoding ||
-                    (this.Encoding != null &&
-                    this.Encoding.Equals(input.Encoding))
+                    this.Encoding.Equals(input.Encoding)
                 ) && 
                 (
                     this.Algorithm == input.Algorithm ||
-                    (this.Algorithm != null &&
-                    this.Algorithm.Equals(input.Algorithm))
+                    this.Algorithm.Equals(input.Algorithm)
                 ) && 
                 (
                     this.PassCodeLength == input.PassCodeLength ||
diff --git a/src/Okta.Sdk/Model/AuthenticatorMethodTransactionType.cs b/src/Okta.Sdk/Model/AuthenticatorMethodTransactionType.cs
index 786547589..5a0d00a36 100644
--- a/src/Okta.Sdk/Model/AuthenticatorMethodTransactionType.cs
+++ b/src/Okta.Sdk/Model/AuthenticatorMethodTransactionType.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AuthenticatorMethodType.cs b/src/Okta.Sdk/Model/AuthenticatorMethodType.cs
index dda40a7a7..9f8c76e4c 100644
--- a/src/Okta.Sdk/Model/AuthenticatorMethodType.cs
+++ b/src/Okta.Sdk/Model/AuthenticatorMethodType.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -26,8 +26,9 @@
 namespace Okta.Sdk.Model
 {
     /// <summary>
-    /// Defines AuthenticatorMethodType
+    /// The type of authenticator method
     /// </summary>
+    /// <value>The type of authenticator method</value>
     [JsonConverter(typeof(StringEnumSerializingConverter))]
     public sealed class AuthenticatorMethodType : StringEnum
     {
diff --git a/src/Okta.Sdk/Model/AuthenticatorMethodWebAuthn.cs b/src/Okta.Sdk/Model/AuthenticatorMethodWebAuthn.cs
index 247a1aa03..eb28f3231 100644
--- a/src/Okta.Sdk/Model/AuthenticatorMethodWebAuthn.cs
+++ b/src/Okta.Sdk/Model/AuthenticatorMethodWebAuthn.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AuthenticatorMethodWebAuthnAllOfSettings.cs b/src/Okta.Sdk/Model/AuthenticatorMethodWebAuthnAllOfSettings.cs
index 2b0a46323..ff10fedce 100644
--- a/src/Okta.Sdk/Model/AuthenticatorMethodWebAuthnAllOfSettings.cs
+++ b/src/Okta.Sdk/Model/AuthenticatorMethodWebAuthnAllOfSettings.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -48,6 +48,13 @@ public partial class AuthenticatorMethodWebAuthnAllOfSettings : IEquatable<Authe
         
         public WebAuthnAttachment Attachment { get; set; }
         
+        /// <summary>
+        /// &lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt; The FIDO2 AAGUID groups available to the WebAuthn authenticator
+        /// </summary>
+        /// <value>&lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt; The FIDO2 AAGUID groups available to the WebAuthn authenticator</value>
+        [DataMember(Name = "aaguidGroups", EmitDefaultValue = true)]
+        public List<AAGUIDGroupObject> AaguidGroups { get; set; }
+
         /// <summary>
         /// Returns the string presentation of the object
         /// </summary>
@@ -56,6 +63,7 @@ public override string ToString()
         {
             StringBuilder sb = new StringBuilder();
             sb.Append("class AuthenticatorMethodWebAuthnAllOfSettings {\n");
+            sb.Append("  AaguidGroups: ").Append(AaguidGroups).Append("\n");
             sb.Append("  UserVerification: ").Append(UserVerification).Append("\n");
             sb.Append("  Attachment: ").Append(Attachment).Append("\n");
             sb.Append("}\n");
@@ -93,6 +101,12 @@ public bool Equals(AuthenticatorMethodWebAuthnAllOfSettings input)
                 return false;
             }
             return 
+                (
+                    this.AaguidGroups == input.AaguidGroups ||
+                    this.AaguidGroups != null &&
+                    input.AaguidGroups != null &&
+                    this.AaguidGroups.SequenceEqual(input.AaguidGroups)
+                ) && 
                 (
                     this.UserVerification == input.UserVerification ||
                     this.UserVerification.Equals(input.UserVerification)
@@ -113,6 +127,10 @@ public override int GetHashCode()
             {
                 int hashCode = 41;
                 
+                if (this.AaguidGroups != null)
+                {
+                    hashCode = (hashCode * 59) + this.AaguidGroups.GetHashCode();
+                }
                 if (this.UserVerification != null)
                 {
                     hashCode = (hashCode * 59) + this.UserVerification.GetHashCode();
diff --git a/src/Okta.Sdk/Model/AuthenticatorMethodWithVerifiableProperties.cs b/src/Okta.Sdk/Model/AuthenticatorMethodWithVerifiableProperties.cs
index 850b66061..e91a3493a 100644
--- a/src/Okta.Sdk/Model/AuthenticatorMethodWithVerifiableProperties.cs
+++ b/src/Okta.Sdk/Model/AuthenticatorMethodWithVerifiableProperties.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AuthenticatorSimple.cs b/src/Okta.Sdk/Model/AuthenticatorSimple.cs
new file mode 100644
index 000000000..2a178b8cd
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthenticatorSimple.cs
@@ -0,0 +1,131 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using JsonSubTypes;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthenticatorSimple
+    /// </summary>
+    [DataContract(Name = "AuthenticatorSimple")]
+    [JsonConverter(typeof(JsonSubtypes), "Key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyCustomApp), "AuthenticatorKeyCustomApp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyDuo), "AuthenticatorKeyDuo")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyEmail), "AuthenticatorKeyEmail")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyExternalIdp), "AuthenticatorKeyExternalIdp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyGoogleOtp), "AuthenticatorKeyGoogleOtp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOktaVerify), "AuthenticatorKeyOktaVerify")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOnprem), "AuthenticatorKeyOnprem")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPassword), "AuthenticatorKeyPassword")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPhone), "AuthenticatorKeyPhone")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityKey), "AuthenticatorKeySecurityKey")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityQuestion), "AuthenticatorKeySecurityQuestion")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySmartCard), "AuthenticatorKeySmartCard")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySymantecVip), "AuthenticatorKeySymantecVip")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyWebauthn), "AuthenticatorKeyWebauthn")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyYubikey), "AuthenticatorKeyYubikey")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyCustomApp), "custom_app")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyDuo), "duo")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyExternalIdp), "external_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyGoogleOtp), "google_otp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyEmail), "okta_email")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPassword), "okta_password")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOktaVerify), "okta_verify")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyOnprem), "onprem_mfa")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyPhone), "phone_number")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityKey), "security_key")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySecurityQuestion), "security_question")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySmartCard), "smart_card_idp")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeySymantecVip), "symantec_vip")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyWebauthn), "webauthn")]
+    [JsonSubtypes.KnownSubType(typeof(AuthenticatorKeyYubikey), "yubikey_token")]
+    
+    public partial class AuthenticatorSimple : AuthenticatorBase, IEquatable<AuthenticatorSimple>
+    {
+        
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthenticatorSimple {\n");
+            sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthenticatorSimple);
+        }
+
+        /// <summary>
+        /// Returns true if AuthenticatorSimple instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthenticatorSimple to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthenticatorSimple input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return base.Equals(input);
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = base.GetHashCode();
+                
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthenticatorType.cs b/src/Okta.Sdk/Model/AuthenticatorType.cs
index 5266e80cd..b1f4171ee 100644
--- a/src/Okta.Sdk/Model/AuthenticatorType.cs
+++ b/src/Okta.Sdk/Model/AuthenticatorType.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -26,8 +26,9 @@
 namespace Okta.Sdk.Model
 {
     /// <summary>
-    /// Defines AuthenticatorType
+    /// The type of Authenticator
     /// </summary>
+    /// <value>The type of Authenticator</value>
     [JsonConverter(typeof(StringEnumSerializingConverter))]
     public sealed class AuthenticatorType : StringEnum
     {
diff --git a/src/Okta.Sdk/Model/AuthorizationServer.cs b/src/Okta.Sdk/Model/AuthorizationServer.cs
index 67bcbfa41..4ce7656f5 100644
--- a/src/Okta.Sdk/Model/AuthorizationServer.cs
+++ b/src/Okta.Sdk/Model/AuthorizationServer.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -34,13 +34,6 @@ namespace Okta.Sdk.Model
     public partial class AuthorizationServer : IEquatable<AuthorizationServer>
     {
 
-        /// <summary>
-        /// Gets or Sets IssuerMode
-        /// </summary>
-        [DataMember(Name = "issuerMode", EmitDefaultValue = true)]
-        
-        public IssuerMode IssuerMode { get; set; }
-
         /// <summary>
         /// Gets or Sets Status
         /// </summary>
@@ -49,8 +42,9 @@ public partial class AuthorizationServer : IEquatable<AuthorizationServer>
         public LifecycleStatus Status { get; set; }
         
         /// <summary>
-        /// Gets or Sets Audiences
+        /// The recipients that the tokens are intended for. This becomes the &#x60;aud&#x60; claim in an access token. Okta currently supports only one audience.
         /// </summary>
+        /// <value>The recipients that the tokens are intended for. This becomes the &#x60;aud&#x60; claim in an access token. Okta currently supports only one audience.</value>
         [DataMember(Name = "audiences", EmitDefaultValue = true)]
         public List<string> Audiences { get; set; }
 
@@ -75,14 +69,16 @@ public bool ShouldSerializeCreated()
         public AuthorizationServerCredentials Credentials { get; set; }
 
         /// <summary>
-        /// Gets or Sets Description
+        /// The description of the custom authorization server
         /// </summary>
+        /// <value>The description of the custom authorization server</value>
         [DataMember(Name = "description", EmitDefaultValue = true)]
         public string Description { get; set; }
 
         /// <summary>
-        /// Gets or Sets Id
+        /// The ID of the custom authorization server
         /// </summary>
+        /// <value>The ID of the custom authorization server</value>
         [DataMember(Name = "id", EmitDefaultValue = true)]
         public string Id { get; private set; }
 
@@ -95,11 +91,19 @@ public bool ShouldSerializeId()
             return false;
         }
         /// <summary>
-        /// Gets or Sets Issuer
+        /// The complete URL for the custom authorization server. This becomes the &#x60;iss&#x60; claim in an access token.
         /// </summary>
+        /// <value>The complete URL for the custom authorization server. This becomes the &#x60;iss&#x60; claim in an access token.</value>
         [DataMember(Name = "issuer", EmitDefaultValue = true)]
         public string Issuer { get; set; }
 
+        /// <summary>
+        /// Indicates which value is specified in the issuer of the tokens that a custom authorization server returns: the Okta org domain URL or a custom domain URL.  &#x60;issuerMode&#x60; is visible if you have a custom URL domain configured or the Dynamic Issuer Mode feature enabled. If you have a custom URL domain configured, you can set a custom domain URL in a custom authorization server, and this property is returned in the appropriate responses.  When set to &#x60;ORG_URL&#x60;, then in responses, &#x60;issuer&#x60; is the Okta org domain URL: &#x60;https://${yourOktaDomain}&#x60;.  When set to &#x60;CUSTOM_URL&#x60;, then in responses, &#x60;issuer&#x60; is the custom domain URL configured in the administration user interface.  When set to &#x60;DYNAMIC&#x60;, then in responses, &#x60;issuer&#x60; is the custom domain URL if the OAuth 2.0 request was sent to the custom domain, or is the Okta org&#39;s domain URL if the OAuth 2.0 request was sent to the original Okta org domain.  After you configure a custom URL domain, all new custom authorization servers use &#x60;CUSTOM_URL&#x60; by default. If the Dynamic Issuer Mode feature is enabled, then all new custom authorization servers use &#x60;DYNAMIC&#x60; by default. All existing custom authorization servers continue to use the original value until they&#39;re changed using the Admin Console or the API. This way, existing integrations with the client and resource server continue to work after the feature is enabled.
+        /// </summary>
+        /// <value>Indicates which value is specified in the issuer of the tokens that a custom authorization server returns: the Okta org domain URL or a custom domain URL.  &#x60;issuerMode&#x60; is visible if you have a custom URL domain configured or the Dynamic Issuer Mode feature enabled. If you have a custom URL domain configured, you can set a custom domain URL in a custom authorization server, and this property is returned in the appropriate responses.  When set to &#x60;ORG_URL&#x60;, then in responses, &#x60;issuer&#x60; is the Okta org domain URL: &#x60;https://${yourOktaDomain}&#x60;.  When set to &#x60;CUSTOM_URL&#x60;, then in responses, &#x60;issuer&#x60; is the custom domain URL configured in the administration user interface.  When set to &#x60;DYNAMIC&#x60;, then in responses, &#x60;issuer&#x60; is the custom domain URL if the OAuth 2.0 request was sent to the custom domain, or is the Okta org&#39;s domain URL if the OAuth 2.0 request was sent to the original Okta org domain.  After you configure a custom URL domain, all new custom authorization servers use &#x60;CUSTOM_URL&#x60; by default. If the Dynamic Issuer Mode feature is enabled, then all new custom authorization servers use &#x60;DYNAMIC&#x60; by default. All existing custom authorization servers continue to use the original value until they&#39;re changed using the Admin Console or the API. This way, existing integrations with the client and resource server continue to work after the feature is enabled.</value>
+        [DataMember(Name = "issuerMode", EmitDefaultValue = true)]
+        public string IssuerMode { get; set; }
+
         /// <summary>
         /// Gets or Sets LastUpdated
         /// </summary>
@@ -115,8 +119,9 @@ public bool ShouldSerializeLastUpdated()
             return false;
         }
         /// <summary>
-        /// Gets or Sets Name
+        /// The name of the custom authorization server
         /// </summary>
+        /// <value>The name of the custom authorization server</value>
         [DataMember(Name = "name", EmitDefaultValue = true)]
         public string Name { get; set; }
 
@@ -124,7 +129,7 @@ public bool ShouldSerializeLastUpdated()
         /// Gets or Sets Links
         /// </summary>
         [DataMember(Name = "_links", EmitDefaultValue = true)]
-        public LinksSelf Links { get; set; }
+        public AuthServerLinks Links { get; set; }
 
         /// <summary>
         /// Returns the string presentation of the object
@@ -213,7 +218,8 @@ public bool Equals(AuthorizationServer input)
                 ) && 
                 (
                     this.IssuerMode == input.IssuerMode ||
-                    this.IssuerMode.Equals(input.IssuerMode)
+                    (this.IssuerMode != null &&
+                    this.IssuerMode.Equals(input.IssuerMode))
                 ) && 
                 (
                     this.LastUpdated == input.LastUpdated ||
diff --git a/src/Okta.Sdk/Model/AuthorizationServerCredentials.cs b/src/Okta.Sdk/Model/AuthorizationServerCredentials.cs
index d4f466238..309e771f1 100644
--- a/src/Okta.Sdk/Model/AuthorizationServerCredentials.cs
+++ b/src/Okta.Sdk/Model/AuthorizationServerCredentials.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AuthorizationServerCredentialsRotationMode.cs b/src/Okta.Sdk/Model/AuthorizationServerCredentialsRotationMode.cs
index 5c4e82dba..2d3c44705 100644
--- a/src/Okta.Sdk/Model/AuthorizationServerCredentialsRotationMode.cs
+++ b/src/Okta.Sdk/Model/AuthorizationServerCredentialsRotationMode.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -26,8 +26,9 @@
 namespace Okta.Sdk.Model
 {
     /// <summary>
-    /// Defines AuthorizationServerCredentialsRotationMode
+    /// The Key rotation mode for the authorization server
     /// </summary>
+    /// <value>The Key rotation mode for the authorization server</value>
     [JsonConverter(typeof(StringEnumSerializingConverter))]
     public sealed class AuthorizationServerCredentialsRotationMode : StringEnum
     {
diff --git a/src/Okta.Sdk/Model/AuthorizationServerCredentialsSigningConfig.cs b/src/Okta.Sdk/Model/AuthorizationServerCredentialsSigningConfig.cs
index 1b6a6a324..036760017 100644
--- a/src/Okta.Sdk/Model/AuthorizationServerCredentialsSigningConfig.cs
+++ b/src/Okta.Sdk/Model/AuthorizationServerCredentialsSigningConfig.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -49,14 +49,24 @@ public partial class AuthorizationServerCredentialsSigningConfig : IEquatable<Au
         public AuthorizationServerCredentialsUse Use { get; set; }
         
         /// <summary>
-        /// Gets or Sets Kid
+        /// The ID of the JSON Web Key used for signing tokens issued by the authorization server
         /// </summary>
+        /// <value>The ID of the JSON Web Key used for signing tokens issued by the authorization server</value>
         [DataMember(Name = "kid", EmitDefaultValue = true)]
-        public string Kid { get; set; }
+        public string Kid { get; private set; }
 
         /// <summary>
-        /// Gets or Sets LastRotated
+        /// Returns false as Kid should not be serialized given that it's read-only.
         /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeKid()
+        {
+            return false;
+        }
+        /// <summary>
+        /// The timestamp when the authorization server started using the &#x60;kid&#x60; for signing tokens
+        /// </summary>
+        /// <value>The timestamp when the authorization server started using the &#x60;kid&#x60; for signing tokens</value>
         [DataMember(Name = "lastRotated", EmitDefaultValue = true)]
         public DateTimeOffset LastRotated { get; private set; }
 
@@ -69,8 +79,9 @@ public bool ShouldSerializeLastRotated()
             return false;
         }
         /// <summary>
-        /// Gets or Sets NextRotation
+        /// The timestamp when the authorization server changes the Key for signing tokens. This is only returned when &#x60;rotationMode&#x60; is set to &#x60;AUTO&#x60;.
         /// </summary>
+        /// <value>The timestamp when the authorization server changes the Key for signing tokens. This is only returned when &#x60;rotationMode&#x60; is set to &#x60;AUTO&#x60;.</value>
         [DataMember(Name = "nextRotation", EmitDefaultValue = true)]
         public DateTimeOffset NextRotation { get; private set; }
 
diff --git a/src/Okta.Sdk/Model/AuthorizationServerCredentialsUse.cs b/src/Okta.Sdk/Model/AuthorizationServerCredentialsUse.cs
index 81ffb830c..fc2aa3504 100644
--- a/src/Okta.Sdk/Model/AuthorizationServerCredentialsUse.cs
+++ b/src/Okta.Sdk/Model/AuthorizationServerCredentialsUse.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -26,8 +26,9 @@
 namespace Okta.Sdk.Model
 {
     /// <summary>
-    /// Defines AuthorizationServerCredentialsUse
+    /// How the key is used
     /// </summary>
+    /// <value>How the key is used</value>
     [JsonConverter(typeof(StringEnumSerializingConverter))]
     public sealed class AuthorizationServerCredentialsUse : StringEnum
     {
diff --git a/src/Okta.Sdk/Model/AuthorizationServerJsonWebKey.cs b/src/Okta.Sdk/Model/AuthorizationServerJsonWebKey.cs
new file mode 100644
index 000000000..069232d2d
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthorizationServerJsonWebKey.cs
@@ -0,0 +1,265 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthorizationServerJsonWebKey
+    /// </summary>
+    [DataContract(Name = "AuthorizationServerJsonWebKey")]
+    
+    public partial class AuthorizationServerJsonWebKey : IEquatable<AuthorizationServerJsonWebKey>
+    {
+        
+        /// <summary>
+        /// The algorithm used with the Key. Valid value: &#x60;RS256&#x60;
+        /// </summary>
+        /// <value>The algorithm used with the Key. Valid value: &#x60;RS256&#x60;</value>
+        [DataMember(Name = "alg", EmitDefaultValue = true)]
+        public string Alg { get; set; }
+
+        /// <summary>
+        /// RSA key value (public exponent) for Key binding
+        /// </summary>
+        /// <value>RSA key value (public exponent) for Key binding</value>
+        [DataMember(Name = "e", EmitDefaultValue = true)]
+        public string E { get; private set; }
+
+        /// <summary>
+        /// Returns false as E should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeE()
+        {
+            return false;
+        }
+        /// <summary>
+        /// Unique identifier for the key
+        /// </summary>
+        /// <value>Unique identifier for the key</value>
+        [DataMember(Name = "kid", EmitDefaultValue = true)]
+        public string Kid { get; private set; }
+
+        /// <summary>
+        /// Returns false as Kid should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeKid()
+        {
+            return false;
+        }
+        /// <summary>
+        /// Cryptographic algorithm family for the certificate&#39;s keypair. Valid value: &#x60;RSA&#x60;
+        /// </summary>
+        /// <value>Cryptographic algorithm family for the certificate&#39;s keypair. Valid value: &#x60;RSA&#x60;</value>
+        [DataMember(Name = "kty", EmitDefaultValue = true)]
+        public string Kty { get; private set; }
+
+        /// <summary>
+        /// Returns false as Kty should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeKty()
+        {
+            return false;
+        }
+        /// <summary>
+        /// RSA modulus value that is used by both the public and private keys and provides a link between them
+        /// </summary>
+        /// <value>RSA modulus value that is used by both the public and private keys and provides a link between them</value>
+        [DataMember(Name = "n", EmitDefaultValue = true)]
+        public string N { get; set; }
+
+        /// <summary>
+        /// An &#x60;ACTIVE&#x60; Key is used to sign tokens issued by the authorization server. Supported values: &#x60;ACTIVE&#x60;, &#x60;NEXT&#x60;, or &#x60;EXPIRED&#x60;&lt;br&gt; A &#x60;NEXT&#x60; Key is the next Key that the authorization server uses to sign tokens when Keys are rotated. The &#x60;NEXT&#x60; Key might not be listed if it hasn&#39;t been generated. An &#x60;EXPIRED&#x60; Key is the previous Key that the authorization server used to sign tokens. The &#x60;EXPIRED&#x60; Key might not be listed if no Key has expired or the expired Key was deleted.
+        /// </summary>
+        /// <value>An &#x60;ACTIVE&#x60; Key is used to sign tokens issued by the authorization server. Supported values: &#x60;ACTIVE&#x60;, &#x60;NEXT&#x60;, or &#x60;EXPIRED&#x60;&lt;br&gt; A &#x60;NEXT&#x60; Key is the next Key that the authorization server uses to sign tokens when Keys are rotated. The &#x60;NEXT&#x60; Key might not be listed if it hasn&#39;t been generated. An &#x60;EXPIRED&#x60; Key is the previous Key that the authorization server used to sign tokens. The &#x60;EXPIRED&#x60; Key might not be listed if no Key has expired or the expired Key was deleted.</value>
+        [DataMember(Name = "status", EmitDefaultValue = true)]
+        public string Status { get; set; }
+
+        /// <summary>
+        /// Acceptable use of the key. Valid value: &#x60;sig&#x60;
+        /// </summary>
+        /// <value>Acceptable use of the key. Valid value: &#x60;sig&#x60;</value>
+        [DataMember(Name = "use", EmitDefaultValue = true)]
+        public string Use { get; private set; }
+
+        /// <summary>
+        /// Returns false as Use should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeUse()
+        {
+            return false;
+        }
+        /// <summary>
+        /// Gets or Sets Links
+        /// </summary>
+        [DataMember(Name = "_links", EmitDefaultValue = true)]
+        public LinksSelf Links { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthorizationServerJsonWebKey {\n");
+            sb.Append("  Alg: ").Append(Alg).Append("\n");
+            sb.Append("  E: ").Append(E).Append("\n");
+            sb.Append("  Kid: ").Append(Kid).Append("\n");
+            sb.Append("  Kty: ").Append(Kty).Append("\n");
+            sb.Append("  N: ").Append(N).Append("\n");
+            sb.Append("  Status: ").Append(Status).Append("\n");
+            sb.Append("  Use: ").Append(Use).Append("\n");
+            sb.Append("  Links: ").Append(Links).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthorizationServerJsonWebKey);
+        }
+
+        /// <summary>
+        /// Returns true if AuthorizationServerJsonWebKey instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthorizationServerJsonWebKey to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthorizationServerJsonWebKey input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Alg == input.Alg ||
+                    (this.Alg != null &&
+                    this.Alg.Equals(input.Alg))
+                ) && 
+                (
+                    this.E == input.E ||
+                    (this.E != null &&
+                    this.E.Equals(input.E))
+                ) && 
+                (
+                    this.Kid == input.Kid ||
+                    (this.Kid != null &&
+                    this.Kid.Equals(input.Kid))
+                ) && 
+                (
+                    this.Kty == input.Kty ||
+                    (this.Kty != null &&
+                    this.Kty.Equals(input.Kty))
+                ) && 
+                (
+                    this.N == input.N ||
+                    (this.N != null &&
+                    this.N.Equals(input.N))
+                ) && 
+                (
+                    this.Status == input.Status ||
+                    (this.Status != null &&
+                    this.Status.Equals(input.Status))
+                ) && 
+                (
+                    this.Use == input.Use ||
+                    (this.Use != null &&
+                    this.Use.Equals(input.Use))
+                ) && 
+                (
+                    this.Links == input.Links ||
+                    (this.Links != null &&
+                    this.Links.Equals(input.Links))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Alg != null)
+                {
+                    hashCode = (hashCode * 59) + this.Alg.GetHashCode();
+                }
+                if (this.E != null)
+                {
+                    hashCode = (hashCode * 59) + this.E.GetHashCode();
+                }
+                if (this.Kid != null)
+                {
+                    hashCode = (hashCode * 59) + this.Kid.GetHashCode();
+                }
+                if (this.Kty != null)
+                {
+                    hashCode = (hashCode * 59) + this.Kty.GetHashCode();
+                }
+                if (this.N != null)
+                {
+                    hashCode = (hashCode * 59) + this.N.GetHashCode();
+                }
+                if (this.Status != null)
+                {
+                    hashCode = (hashCode * 59) + this.Status.GetHashCode();
+                }
+                if (this.Use != null)
+                {
+                    hashCode = (hashCode * 59) + this.Use.GetHashCode();
+                }
+                if (this.Links != null)
+                {
+                    hashCode = (hashCode * 59) + this.Links.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthorizationServerPolicy.cs b/src/Okta.Sdk/Model/AuthorizationServerPolicy.cs
index 6759f6253..6ff492792 100644
--- a/src/Okta.Sdk/Model/AuthorizationServerPolicy.cs
+++ b/src/Okta.Sdk/Model/AuthorizationServerPolicy.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -21,7 +21,6 @@
 using Newtonsoft.Json;
 using Newtonsoft.Json.Converters;
 using Newtonsoft.Json.Linq;
-using JsonSubTypes;
 using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
 
 namespace Okta.Sdk.Model
@@ -31,22 +30,15 @@ namespace Okta.Sdk.Model
     /// AuthorizationServerPolicy
     /// </summary>
     [DataContract(Name = "AuthorizationServerPolicy")]
-    [JsonConverter(typeof(JsonSubtypes), "Type")]
-    [JsonSubtypes.KnownSubType(typeof(AccessPolicy), "ACCESS_POLICY")]
-    [JsonSubtypes.KnownSubType(typeof(IdpDiscoveryPolicy), "IDP_DISCOVERY")]
-    [JsonSubtypes.KnownSubType(typeof(MultifactorEnrollmentPolicy), "MFA_ENROLL")]
-    [JsonSubtypes.KnownSubType(typeof(OktaSignOnPolicy), "OKTA_SIGN_ON")]
-    [JsonSubtypes.KnownSubType(typeof(PasswordPolicy), "PASSWORD")]
-    [JsonSubtypes.KnownSubType(typeof(ProfileEnrollmentPolicy), "PROFILE_ENROLLMENT")]
     
-    public partial class AuthorizationServerPolicy : Policy, IEquatable<AuthorizationServerPolicy>
+    public partial class AuthorizationServerPolicy : IEquatable<AuthorizationServerPolicy>
     {
         
         /// <summary>
         /// Gets or Sets Conditions
         /// </summary>
         [DataMember(Name = "conditions", EmitDefaultValue = true)]
-        public PolicyRuleConditions Conditions { get; set; }
+        public AuthorizationServerPolicyConditions Conditions { get; set; }
 
         /// <summary>
         /// Returns the string presentation of the object
@@ -56,7 +48,6 @@ public override string ToString()
         {
             StringBuilder sb = new StringBuilder();
             sb.Append("class AuthorizationServerPolicy {\n");
-            sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
             sb.Append("  Conditions: ").Append(Conditions).Append("\n");
             sb.Append("}\n");
             return sb.ToString();
@@ -66,7 +57,7 @@ public override string ToString()
         /// Returns the JSON string presentation of the object
         /// </summary>
         /// <returns>JSON string presentation of the object</returns>
-        public override string ToJson()
+        public virtual string ToJson()
         {
             return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
         }
@@ -92,7 +83,7 @@ public bool Equals(AuthorizationServerPolicy input)
             {
                 return false;
             }
-            return base.Equals(input) && 
+            return 
                 (
                     this.Conditions == input.Conditions ||
                     (this.Conditions != null &&
@@ -108,7 +99,7 @@ public override int GetHashCode()
         {
             unchecked // Overflow is fine, just wrap
             {
-                int hashCode = base.GetHashCode();
+                int hashCode = 41;
                 
                 if (this.Conditions != null)
                 {
diff --git a/src/Okta.Sdk/Model/AuthorizationServerPolicyConditions.cs b/src/Okta.Sdk/Model/AuthorizationServerPolicyConditions.cs
new file mode 100644
index 000000000..7d26e12ad
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthorizationServerPolicyConditions.cs
@@ -0,0 +1,114 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// AuthorizationServerPolicyConditions
+    /// </summary>
+    [DataContract(Name = "AuthorizationServerPolicyConditions")]
+    
+    public partial class AuthorizationServerPolicyConditions : IEquatable<AuthorizationServerPolicyConditions>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Clients
+        /// </summary>
+        [DataMember(Name = "clients", EmitDefaultValue = true)]
+        public ClientPolicyCondition Clients { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthorizationServerPolicyConditions {\n");
+            sb.Append("  Clients: ").Append(Clients).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthorizationServerPolicyConditions);
+        }
+
+        /// <summary>
+        /// Returns true if AuthorizationServerPolicyConditions instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthorizationServerPolicyConditions to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthorizationServerPolicyConditions input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Clients == input.Clients ||
+                    (this.Clients != null &&
+                    this.Clients.Equals(input.Clients))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Clients != null)
+                {
+                    hashCode = (hashCode * 59) + this.Clients.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthorizationServerPolicyPeopleCondition.cs b/src/Okta.Sdk/Model/AuthorizationServerPolicyPeopleCondition.cs
new file mode 100644
index 000000000..e568badfb
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthorizationServerPolicyPeopleCondition.cs
@@ -0,0 +1,130 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Identifies Users and Groups that are used together
+    /// </summary>
+    [DataContract(Name = "AuthorizationServerPolicyPeopleCondition")]
+    
+    public partial class AuthorizationServerPolicyPeopleCondition : IEquatable<AuthorizationServerPolicyPeopleCondition>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Groups
+        /// </summary>
+        [DataMember(Name = "groups", EmitDefaultValue = true)]
+        public AuthorizationServerPolicyRuleGroupCondition Groups { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Users
+        /// </summary>
+        [DataMember(Name = "users", EmitDefaultValue = true)]
+        public AuthorizationServerPolicyRuleUserCondition Users { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthorizationServerPolicyPeopleCondition {\n");
+            sb.Append("  Groups: ").Append(Groups).Append("\n");
+            sb.Append("  Users: ").Append(Users).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthorizationServerPolicyPeopleCondition);
+        }
+
+        /// <summary>
+        /// Returns true if AuthorizationServerPolicyPeopleCondition instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthorizationServerPolicyPeopleCondition to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthorizationServerPolicyPeopleCondition input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Groups == input.Groups ||
+                    (this.Groups != null &&
+                    this.Groups.Equals(input.Groups))
+                ) && 
+                (
+                    this.Users == input.Users ||
+                    (this.Users != null &&
+                    this.Users.Equals(input.Users))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Groups != null)
+                {
+                    hashCode = (hashCode * 59) + this.Groups.GetHashCode();
+                }
+                if (this.Users != null)
+                {
+                    hashCode = (hashCode * 59) + this.Users.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthorizationServerPolicyRule.cs b/src/Okta.Sdk/Model/AuthorizationServerPolicyRule.cs
index ecafed4c3..63b379ab6 100644
--- a/src/Okta.Sdk/Model/AuthorizationServerPolicyRule.cs
+++ b/src/Okta.Sdk/Model/AuthorizationServerPolicyRule.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -33,6 +33,8 @@ namespace Okta.Sdk.Model
     [DataContract(Name = "AuthorizationServerPolicyRule")]
     [JsonConverter(typeof(JsonSubtypes), "Type")]
     [JsonSubtypes.KnownSubType(typeof(AccessPolicyRule), "ACCESS_POLICY")]
+    [JsonSubtypes.KnownSubType(typeof(ContinuousAccessPolicyRule), "CONTINUOUS_ACCESS")]
+    [JsonSubtypes.KnownSubType(typeof(EntityRiskPolicyRule), "ENTITY_RISK")]
     [JsonSubtypes.KnownSubType(typeof(IdpDiscoveryPolicyRule), "IDP_DISCOVERY")]
     [JsonSubtypes.KnownSubType(typeof(PasswordPolicyRule), "PASSWORD")]
     [JsonSubtypes.KnownSubType(typeof(ProfileEnrollmentPolicyRule), "PROFILE_ENROLLMENT")]
diff --git a/src/Okta.Sdk/Model/AuthorizationServerPolicyRuleActions.cs b/src/Okta.Sdk/Model/AuthorizationServerPolicyRuleActions.cs
index 4ef7f2e92..5ea633c96 100644
--- a/src/Okta.Sdk/Model/AuthorizationServerPolicyRuleActions.cs
+++ b/src/Okta.Sdk/Model/AuthorizationServerPolicyRuleActions.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AuthorizationServerPolicyRuleConditions.cs b/src/Okta.Sdk/Model/AuthorizationServerPolicyRuleConditions.cs
index 84150b8e1..2abda52f5 100644
--- a/src/Okta.Sdk/Model/AuthorizationServerPolicyRuleConditions.cs
+++ b/src/Okta.Sdk/Model/AuthorizationServerPolicyRuleConditions.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -34,107 +34,17 @@ namespace Okta.Sdk.Model
     public partial class AuthorizationServerPolicyRuleConditions : IEquatable<AuthorizationServerPolicyRuleConditions>
     {
         
-        /// <summary>
-        /// Gets or Sets App
-        /// </summary>
-        [DataMember(Name = "app", EmitDefaultValue = true)]
-        public AppAndInstancePolicyRuleCondition App { get; set; }
-
-        /// <summary>
-        /// Gets or Sets Apps
-        /// </summary>
-        [DataMember(Name = "apps", EmitDefaultValue = true)]
-        public AppInstancePolicyRuleCondition Apps { get; set; }
-
-        /// <summary>
-        /// Gets or Sets AuthContext
-        /// </summary>
-        [DataMember(Name = "authContext", EmitDefaultValue = true)]
-        public PolicyRuleAuthContextCondition AuthContext { get; set; }
-
-        /// <summary>
-        /// Gets or Sets AuthProvider
-        /// </summary>
-        [DataMember(Name = "authProvider", EmitDefaultValue = true)]
-        public PasswordPolicyAuthenticationProviderCondition AuthProvider { get; set; }
-
-        /// <summary>
-        /// Gets or Sets BeforeScheduledAction
-        /// </summary>
-        [DataMember(Name = "beforeScheduledAction", EmitDefaultValue = true)]
-        public BeforeScheduledActionPolicyRuleCondition BeforeScheduledAction { get; set; }
-
-        /// <summary>
-        /// Gets or Sets Clients
-        /// </summary>
-        [DataMember(Name = "clients", EmitDefaultValue = true)]
-        public ClientPolicyCondition Clients { get; set; }
-
-        /// <summary>
-        /// Gets or Sets Context
-        /// </summary>
-        [DataMember(Name = "context", EmitDefaultValue = true)]
-        public ContextPolicyRuleCondition Context { get; set; }
-
-        /// <summary>
-        /// Gets or Sets Device
-        /// </summary>
-        [DataMember(Name = "device", EmitDefaultValue = true)]
-        public DevicePolicyRuleCondition Device { get; set; }
-
         /// <summary>
         /// Gets or Sets GrantTypes
         /// </summary>
         [DataMember(Name = "grantTypes", EmitDefaultValue = true)]
         public GrantTypePolicyRuleCondition GrantTypes { get; set; }
 
-        /// <summary>
-        /// Gets or Sets Groups
-        /// </summary>
-        [DataMember(Name = "groups", EmitDefaultValue = true)]
-        public GroupPolicyRuleCondition Groups { get; set; }
-
-        /// <summary>
-        /// Gets or Sets IdentityProvider
-        /// </summary>
-        [DataMember(Name = "identityProvider", EmitDefaultValue = true)]
-        public IdentityProviderPolicyRuleCondition IdentityProvider { get; set; }
-
-        /// <summary>
-        /// Gets or Sets MdmEnrollment
-        /// </summary>
-        [DataMember(Name = "mdmEnrollment", EmitDefaultValue = true)]
-        public MDMEnrollmentPolicyRuleCondition MdmEnrollment { get; set; }
-
-        /// <summary>
-        /// Gets or Sets Network
-        /// </summary>
-        [DataMember(Name = "network", EmitDefaultValue = true)]
-        public PolicyNetworkCondition Network { get; set; }
-
         /// <summary>
         /// Gets or Sets People
         /// </summary>
         [DataMember(Name = "people", EmitDefaultValue = true)]
-        public PolicyPeopleCondition People { get; set; }
-
-        /// <summary>
-        /// Gets or Sets Platform
-        /// </summary>
-        [DataMember(Name = "platform", EmitDefaultValue = true)]
-        public PlatformPolicyRuleCondition Platform { get; set; }
-
-        /// <summary>
-        /// Gets or Sets Risk
-        /// </summary>
-        [DataMember(Name = "risk", EmitDefaultValue = true)]
-        public RiskPolicyRuleCondition Risk { get; set; }
-
-        /// <summary>
-        /// Gets or Sets RiskScore
-        /// </summary>
-        [DataMember(Name = "riskScore", EmitDefaultValue = true)]
-        public RiskScorePolicyRuleCondition RiskScore { get; set; }
+        public AuthorizationServerPolicyPeopleCondition People { get; set; }
 
         /// <summary>
         /// Gets or Sets Scopes
@@ -142,24 +52,6 @@ public partial class AuthorizationServerPolicyRuleConditions : IEquatable<Author
         [DataMember(Name = "scopes", EmitDefaultValue = true)]
         public OAuth2ScopesMediationPolicyRuleCondition Scopes { get; set; }
 
-        /// <summary>
-        /// Gets or Sets UserIdentifier
-        /// </summary>
-        [DataMember(Name = "userIdentifier", EmitDefaultValue = true)]
-        public UserIdentifierPolicyRuleCondition UserIdentifier { get; set; }
-
-        /// <summary>
-        /// Gets or Sets Users
-        /// </summary>
-        [DataMember(Name = "users", EmitDefaultValue = true)]
-        public UserPolicyRuleCondition Users { get; set; }
-
-        /// <summary>
-        /// Gets or Sets UserStatus
-        /// </summary>
-        [DataMember(Name = "userStatus", EmitDefaultValue = true)]
-        public UserStatusPolicyRuleCondition UserStatus { get; set; }
-
         /// <summary>
         /// Returns the string presentation of the object
         /// </summary>
@@ -168,27 +60,9 @@ public override string ToString()
         {
             StringBuilder sb = new StringBuilder();
             sb.Append("class AuthorizationServerPolicyRuleConditions {\n");
-            sb.Append("  App: ").Append(App).Append("\n");
-            sb.Append("  Apps: ").Append(Apps).Append("\n");
-            sb.Append("  AuthContext: ").Append(AuthContext).Append("\n");
-            sb.Append("  AuthProvider: ").Append(AuthProvider).Append("\n");
-            sb.Append("  BeforeScheduledAction: ").Append(BeforeScheduledAction).Append("\n");
-            sb.Append("  Clients: ").Append(Clients).Append("\n");
-            sb.Append("  Context: ").Append(Context).Append("\n");
-            sb.Append("  Device: ").Append(Device).Append("\n");
             sb.Append("  GrantTypes: ").Append(GrantTypes).Append("\n");
-            sb.Append("  Groups: ").Append(Groups).Append("\n");
-            sb.Append("  IdentityProvider: ").Append(IdentityProvider).Append("\n");
-            sb.Append("  MdmEnrollment: ").Append(MdmEnrollment).Append("\n");
-            sb.Append("  Network: ").Append(Network).Append("\n");
             sb.Append("  People: ").Append(People).Append("\n");
-            sb.Append("  Platform: ").Append(Platform).Append("\n");
-            sb.Append("  Risk: ").Append(Risk).Append("\n");
-            sb.Append("  RiskScore: ").Append(RiskScore).Append("\n");
             sb.Append("  Scopes: ").Append(Scopes).Append("\n");
-            sb.Append("  UserIdentifier: ").Append(UserIdentifier).Append("\n");
-            sb.Append("  Users: ").Append(Users).Append("\n");
-            sb.Append("  UserStatus: ").Append(UserStatus).Append("\n");
             sb.Append("}\n");
             return sb.ToString();
         }
@@ -224,110 +98,20 @@ public bool Equals(AuthorizationServerPolicyRuleConditions input)
                 return false;
             }
             return 
-                (
-                    this.App == input.App ||
-                    (this.App != null &&
-                    this.App.Equals(input.App))
-                ) && 
-                (
-                    this.Apps == input.Apps ||
-                    (this.Apps != null &&
-                    this.Apps.Equals(input.Apps))
-                ) && 
-                (
-                    this.AuthContext == input.AuthContext ||
-                    (this.AuthContext != null &&
-                    this.AuthContext.Equals(input.AuthContext))
-                ) && 
-                (
-                    this.AuthProvider == input.AuthProvider ||
-                    (this.AuthProvider != null &&
-                    this.AuthProvider.Equals(input.AuthProvider))
-                ) && 
-                (
-                    this.BeforeScheduledAction == input.BeforeScheduledAction ||
-                    (this.BeforeScheduledAction != null &&
-                    this.BeforeScheduledAction.Equals(input.BeforeScheduledAction))
-                ) && 
-                (
-                    this.Clients == input.Clients ||
-                    (this.Clients != null &&
-                    this.Clients.Equals(input.Clients))
-                ) && 
-                (
-                    this.Context == input.Context ||
-                    (this.Context != null &&
-                    this.Context.Equals(input.Context))
-                ) && 
-                (
-                    this.Device == input.Device ||
-                    (this.Device != null &&
-                    this.Device.Equals(input.Device))
-                ) && 
                 (
                     this.GrantTypes == input.GrantTypes ||
                     (this.GrantTypes != null &&
                     this.GrantTypes.Equals(input.GrantTypes))
                 ) && 
-                (
-                    this.Groups == input.Groups ||
-                    (this.Groups != null &&
-                    this.Groups.Equals(input.Groups))
-                ) && 
-                (
-                    this.IdentityProvider == input.IdentityProvider ||
-                    (this.IdentityProvider != null &&
-                    this.IdentityProvider.Equals(input.IdentityProvider))
-                ) && 
-                (
-                    this.MdmEnrollment == input.MdmEnrollment ||
-                    (this.MdmEnrollment != null &&
-                    this.MdmEnrollment.Equals(input.MdmEnrollment))
-                ) && 
-                (
-                    this.Network == input.Network ||
-                    (this.Network != null &&
-                    this.Network.Equals(input.Network))
-                ) && 
                 (
                     this.People == input.People ||
                     (this.People != null &&
                     this.People.Equals(input.People))
                 ) && 
-                (
-                    this.Platform == input.Platform ||
-                    (this.Platform != null &&
-                    this.Platform.Equals(input.Platform))
-                ) && 
-                (
-                    this.Risk == input.Risk ||
-                    (this.Risk != null &&
-                    this.Risk.Equals(input.Risk))
-                ) && 
-                (
-                    this.RiskScore == input.RiskScore ||
-                    (this.RiskScore != null &&
-                    this.RiskScore.Equals(input.RiskScore))
-                ) && 
                 (
                     this.Scopes == input.Scopes ||
                     (this.Scopes != null &&
                     this.Scopes.Equals(input.Scopes))
-                ) && 
-                (
-                    this.UserIdentifier == input.UserIdentifier ||
-                    (this.UserIdentifier != null &&
-                    this.UserIdentifier.Equals(input.UserIdentifier))
-                ) && 
-                (
-                    this.Users == input.Users ||
-                    (this.Users != null &&
-                    this.Users.Equals(input.Users))
-                ) && 
-                (
-                    this.UserStatus == input.UserStatus ||
-                    (this.UserStatus != null &&
-                    this.UserStatus.Equals(input.UserStatus))
                 );
         }
 
@@ -341,90 +125,18 @@ public override int GetHashCode()
             {
                 int hashCode = 41;
                 
-                if (this.App != null)
-                {
-                    hashCode = (hashCode * 59) + this.App.GetHashCode();
-                }
-                if (this.Apps != null)
-                {
-                    hashCode = (hashCode * 59) + this.Apps.GetHashCode();
-                }
-                if (this.AuthContext != null)
-                {
-                    hashCode = (hashCode * 59) + this.AuthContext.GetHashCode();
-                }
-                if (this.AuthProvider != null)
-                {
-                    hashCode = (hashCode * 59) + this.AuthProvider.GetHashCode();
-                }
-                if (this.BeforeScheduledAction != null)
-                {
-                    hashCode = (hashCode * 59) + this.BeforeScheduledAction.GetHashCode();
-                }
-                if (this.Clients != null)
-                {
-                    hashCode = (hashCode * 59) + this.Clients.GetHashCode();
-                }
-                if (this.Context != null)
-                {
-                    hashCode = (hashCode * 59) + this.Context.GetHashCode();
-                }
-                if (this.Device != null)
-                {
-                    hashCode = (hashCode * 59) + this.Device.GetHashCode();
-                }
                 if (this.GrantTypes != null)
                 {
                     hashCode = (hashCode * 59) + this.GrantTypes.GetHashCode();
                 }
-                if (this.Groups != null)
-                {
-                    hashCode = (hashCode * 59) + this.Groups.GetHashCode();
-                }
-                if (this.IdentityProvider != null)
-                {
-                    hashCode = (hashCode * 59) + this.IdentityProvider.GetHashCode();
-                }
-                if (this.MdmEnrollment != null)
-                {
-                    hashCode = (hashCode * 59) + this.MdmEnrollment.GetHashCode();
-                }
-                if (this.Network != null)
-                {
-                    hashCode = (hashCode * 59) + this.Network.GetHashCode();
-                }
                 if (this.People != null)
                 {
                     hashCode = (hashCode * 59) + this.People.GetHashCode();
                 }
-                if (this.Platform != null)
-                {
-                    hashCode = (hashCode * 59) + this.Platform.GetHashCode();
-                }
-                if (this.Risk != null)
-                {
-                    hashCode = (hashCode * 59) + this.Risk.GetHashCode();
-                }
-                if (this.RiskScore != null)
-                {
-                    hashCode = (hashCode * 59) + this.RiskScore.GetHashCode();
-                }
                 if (this.Scopes != null)
                 {
                     hashCode = (hashCode * 59) + this.Scopes.GetHashCode();
                 }
-                if (this.UserIdentifier != null)
-                {
-                    hashCode = (hashCode * 59) + this.UserIdentifier.GetHashCode();
-                }
-                if (this.Users != null)
-                {
-                    hashCode = (hashCode * 59) + this.Users.GetHashCode();
-                }
-                if (this.UserStatus != null)
-                {
-                    hashCode = (hashCode * 59) + this.UserStatus.GetHashCode();
-                }
                 return hashCode;
             }
         }
diff --git a/src/Okta.Sdk/Model/AuthorizationServerPolicyRuleGroupCondition.cs b/src/Okta.Sdk/Model/AuthorizationServerPolicyRuleGroupCondition.cs
new file mode 100644
index 000000000..a0b948ffc
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthorizationServerPolicyRuleGroupCondition.cs
@@ -0,0 +1,116 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Specifies a set of Groups whose Users are to be included
+    /// </summary>
+    [DataContract(Name = "AuthorizationServerPolicyRuleGroupCondition")]
+    
+    public partial class AuthorizationServerPolicyRuleGroupCondition : IEquatable<AuthorizationServerPolicyRuleGroupCondition>
+    {
+        
+        /// <summary>
+        /// Groups to be included
+        /// </summary>
+        /// <value>Groups to be included</value>
+        [DataMember(Name = "include", EmitDefaultValue = true)]
+        public List<string> Include { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthorizationServerPolicyRuleGroupCondition {\n");
+            sb.Append("  Include: ").Append(Include).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthorizationServerPolicyRuleGroupCondition);
+        }
+
+        /// <summary>
+        /// Returns true if AuthorizationServerPolicyRuleGroupCondition instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthorizationServerPolicyRuleGroupCondition to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthorizationServerPolicyRuleGroupCondition input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Include == input.Include ||
+                    this.Include != null &&
+                    input.Include != null &&
+                    this.Include.SequenceEqual(input.Include)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Include != null)
+                {
+                    hashCode = (hashCode * 59) + this.Include.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AuthorizationServerPolicyRuleUserCondition.cs b/src/Okta.Sdk/Model/AuthorizationServerPolicyRuleUserCondition.cs
new file mode 100644
index 000000000..ce285acd6
--- /dev/null
+++ b/src/Okta.Sdk/Model/AuthorizationServerPolicyRuleUserCondition.cs
@@ -0,0 +1,116 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Specifies a set of Users to be included
+    /// </summary>
+    [DataContract(Name = "AuthorizationServerPolicyRuleUserCondition")]
+    
+    public partial class AuthorizationServerPolicyRuleUserCondition : IEquatable<AuthorizationServerPolicyRuleUserCondition>
+    {
+        
+        /// <summary>
+        /// Users to be included
+        /// </summary>
+        /// <value>Users to be included</value>
+        [DataMember(Name = "include", EmitDefaultValue = true)]
+        public List<string> Include { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AuthorizationServerPolicyRuleUserCondition {\n");
+            sb.Append("  Include: ").Append(Include).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AuthorizationServerPolicyRuleUserCondition);
+        }
+
+        /// <summary>
+        /// Returns true if AuthorizationServerPolicyRuleUserCondition instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AuthorizationServerPolicyRuleUserCondition to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AuthorizationServerPolicyRuleUserCondition input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Include == input.Include ||
+                    this.Include != null &&
+                    input.Include != null &&
+                    this.Include.SequenceEqual(input.Include)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Include != null)
+                {
+                    hashCode = (hashCode * 59) + this.Include.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AutoAssignAdminAppSetting.cs b/src/Okta.Sdk/Model/AutoAssignAdminAppSetting.cs
new file mode 100644
index 000000000..a5f208b00
--- /dev/null
+++ b/src/Okta.Sdk/Model/AutoAssignAdminAppSetting.cs
@@ -0,0 +1,110 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// The org setting that automatically assigns the Okta Admin Console when an admin role is assigned
+    /// </summary>
+    [DataContract(Name = "AutoAssignAdminAppSetting")]
+    
+    public partial class AutoAssignAdminAppSetting : IEquatable<AutoAssignAdminAppSetting>
+    {
+        
+        /// <summary>
+        /// Gets or Sets _AutoAssignAdminAppSetting
+        /// </summary>
+        [DataMember(Name = "autoAssignAdminAppSetting", EmitDefaultValue = true)]
+        public bool _AutoAssignAdminAppSetting { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class AutoAssignAdminAppSetting {\n");
+            sb.Append("  _AutoAssignAdminAppSetting: ").Append(_AutoAssignAdminAppSetting).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as AutoAssignAdminAppSetting);
+        }
+
+        /// <summary>
+        /// Returns true if AutoAssignAdminAppSetting instances are equal
+        /// </summary>
+        /// <param name="input">Instance of AutoAssignAdminAppSetting to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(AutoAssignAdminAppSetting input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this._AutoAssignAdminAppSetting == input._AutoAssignAdminAppSetting ||
+                    this._AutoAssignAdminAppSetting.Equals(input._AutoAssignAdminAppSetting)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                hashCode = (hashCode * 59) + this._AutoAssignAdminAppSetting.GetHashCode();
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/AutoLoginApplication.cs b/src/Okta.Sdk/Model/AutoLoginApplication.cs
index 5eaeb15ff..7749aed77 100644
--- a/src/Okta.Sdk/Model/AutoLoginApplication.cs
+++ b/src/Okta.Sdk/Model/AutoLoginApplication.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -37,13 +37,18 @@ namespace Okta.Sdk.Model
     [JsonSubtypes.KnownSubType(typeof(BookmarkApplication), "BOOKMARK")]
     [JsonSubtypes.KnownSubType(typeof(BrowserPluginApplication), "BROWSER_PLUGIN")]
     [JsonSubtypes.KnownSubType(typeof(OpenIdConnectApplication), "OPENID_CONNECT")]
-    [JsonSubtypes.KnownSubType(typeof(SamlApplication), "SAML_1_1")]
+    [JsonSubtypes.KnownSubType(typeof(Saml11Application), "SAML_1_1")]
     [JsonSubtypes.KnownSubType(typeof(SamlApplication), "SAML_2_0")]
     [JsonSubtypes.KnownSubType(typeof(SecurePasswordStoreApplication), "SECURE_PASSWORD_STORE")]
     [JsonSubtypes.KnownSubType(typeof(WsFederationApplication), "WS_FEDERATION")]
     
     public partial class AutoLoginApplication : Application, IEquatable<AutoLoginApplication>
     {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="AutoLoginApplication" /> class.
+        /// </summary>
+        [JsonConstructorAttribute]
+        public AutoLoginApplication() { }
         
         /// <summary>
         /// Gets or Sets Credentials
@@ -52,11 +57,20 @@ public partial class AutoLoginApplication : Application, IEquatable<AutoLoginApp
         public SchemeApplicationCredentials Credentials { get; set; }
 
         /// <summary>
-        /// Gets or Sets Name
+        /// A unique key is generated for the custom SWA app instance when you use AUTO_LOGIN &#x60;signOnMode&#x60;.
         /// </summary>
+        /// <value>A unique key is generated for the custom SWA app instance when you use AUTO_LOGIN &#x60;signOnMode&#x60;.</value>
         [DataMember(Name = "name", EmitDefaultValue = true)]
-        public string Name { get; set; }
+        public string Name { get; private set; }
 
+        /// <summary>
+        /// Returns false as Name should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeName()
+        {
+            return false;
+        }
         /// <summary>
         /// Gets or Sets Settings
         /// </summary>
diff --git a/src/Okta.Sdk/Model/AutoLoginApplicationSettings.cs b/src/Okta.Sdk/Model/AutoLoginApplicationSettings.cs
index 171d9a46d..908f2ce55 100644
--- a/src/Okta.Sdk/Model/AutoLoginApplicationSettings.cs
+++ b/src/Okta.Sdk/Model/AutoLoginApplicationSettings.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AutoLoginApplicationSettingsSignOn.cs b/src/Okta.Sdk/Model/AutoLoginApplicationSettingsSignOn.cs
index eab6ac934..b483e4231 100644
--- a/src/Okta.Sdk/Model/AutoLoginApplicationSettingsSignOn.cs
+++ b/src/Okta.Sdk/Model/AutoLoginApplicationSettingsSignOn.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -35,14 +35,16 @@ public partial class AutoLoginApplicationSettingsSignOn : IEquatable<AutoLoginAp
     {
         
         /// <summary>
-        /// Gets or Sets LoginUrl
+        /// Primary URL of the sign-in page for this app
         /// </summary>
+        /// <value>Primary URL of the sign-in page for this app</value>
         [DataMember(Name = "loginUrl", EmitDefaultValue = true)]
         public string LoginUrl { get; set; }
 
         /// <summary>
-        /// Gets or Sets RedirectUrl
+        /// Secondary URL of the sign-in page for this app
         /// </summary>
+        /// <value>Secondary URL of the sign-in page for this app</value>
         [DataMember(Name = "redirectUrl", EmitDefaultValue = true)]
         public string RedirectUrl { get; set; }
 
diff --git a/src/Okta.Sdk/Model/AutoUpdateSchedule.cs b/src/Okta.Sdk/Model/AutoUpdateSchedule.cs
index 94095dc1f..68e52b0d8 100644
--- a/src/Okta.Sdk/Model/AutoUpdateSchedule.cs
+++ b/src/Okta.Sdk/Model/AutoUpdateSchedule.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/AwsRegion.cs b/src/Okta.Sdk/Model/AwsRegion.cs
index ab946a572..8337fd81f 100644
--- a/src/Okta.Sdk/Model/AwsRegion.cs
+++ b/src/Okta.Sdk/Model/AwsRegion.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/BaseEmailDomain.cs b/src/Okta.Sdk/Model/BaseEmailDomain.cs
index a0e5328a4..56170406f 100644
--- a/src/Okta.Sdk/Model/BaseEmailDomain.cs
+++ b/src/Okta.Sdk/Model/BaseEmailDomain.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/BaseEmailServer.cs b/src/Okta.Sdk/Model/BaseEmailServer.cs
index 9cf091a18..8a22db88d 100644
--- a/src/Okta.Sdk/Model/BaseEmailServer.cs
+++ b/src/Okta.Sdk/Model/BaseEmailServer.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -35,37 +35,37 @@ public partial class BaseEmailServer : IEquatable<BaseEmailServer>
     {
         
         /// <summary>
-        /// A name to identify this configuration
+        /// Human-readable name for your SMTP server
         /// </summary>
-        /// <value>A name to identify this configuration</value>
+        /// <value>Human-readable name for your SMTP server</value>
         [DataMember(Name = "alias", EmitDefaultValue = true)]
         public string Alias { get; set; }
 
         /// <summary>
-        /// True if and only if all email traffic should be routed through this SMTP Server
+        /// If &#x60;true&#x60;, routes all email traffic through your SMTP server
         /// </summary>
-        /// <value>True if and only if all email traffic should be routed through this SMTP Server</value>
+        /// <value>If &#x60;true&#x60;, routes all email traffic through your SMTP server</value>
         [DataMember(Name = "enabled", EmitDefaultValue = true)]
         public bool Enabled { get; set; }
 
         /// <summary>
-        /// The address of the SMTP Server
+        /// Hostname or IP address of your SMTP server
         /// </summary>
-        /// <value>The address of the SMTP Server</value>
+        /// <value>Hostname or IP address of your SMTP server</value>
         [DataMember(Name = "host", EmitDefaultValue = true)]
         public string Host { get; set; }
 
         /// <summary>
-        /// The port number of the SMTP Server
+        /// Port number of your SMTP server
         /// </summary>
-        /// <value>The port number of the SMTP Server</value>
+        /// <value>Port number of your SMTP server</value>
         [DataMember(Name = "port", EmitDefaultValue = true)]
         public int Port { get; set; }
 
         /// <summary>
-        /// The username to use with your SMTP Server
+        /// Username used to access your SMTP server
         /// </summary>
-        /// <value>The username to use with your SMTP Server</value>
+        /// <value>Username used to access your SMTP server</value>
         [DataMember(Name = "username", EmitDefaultValue = true)]
         public string Username { get; set; }
 
diff --git a/src/Okta.Sdk/Model/BasicApplicationSettings.cs b/src/Okta.Sdk/Model/BasicApplicationSettings.cs
index 803944f43..272847bf0 100644
--- a/src/Okta.Sdk/Model/BasicApplicationSettings.cs
+++ b/src/Okta.Sdk/Model/BasicApplicationSettings.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/BasicApplicationSettingsApplication.cs b/src/Okta.Sdk/Model/BasicApplicationSettingsApplication.cs
index 88feb5ebf..a8e1bb13f 100644
--- a/src/Okta.Sdk/Model/BasicApplicationSettingsApplication.cs
+++ b/src/Okta.Sdk/Model/BasicApplicationSettingsApplication.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/BasicAuthApplication.cs b/src/Okta.Sdk/Model/BasicAuthApplication.cs
index 960d6eb8e..817cec4d3 100644
--- a/src/Okta.Sdk/Model/BasicAuthApplication.cs
+++ b/src/Okta.Sdk/Model/BasicAuthApplication.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -37,25 +37,62 @@ namespace Okta.Sdk.Model
     [JsonSubtypes.KnownSubType(typeof(BookmarkApplication), "BOOKMARK")]
     [JsonSubtypes.KnownSubType(typeof(BrowserPluginApplication), "BROWSER_PLUGIN")]
     [JsonSubtypes.KnownSubType(typeof(OpenIdConnectApplication), "OPENID_CONNECT")]
-    [JsonSubtypes.KnownSubType(typeof(SamlApplication), "SAML_1_1")]
+    [JsonSubtypes.KnownSubType(typeof(Saml11Application), "SAML_1_1")]
     [JsonSubtypes.KnownSubType(typeof(SamlApplication), "SAML_2_0")]
     [JsonSubtypes.KnownSubType(typeof(SecurePasswordStoreApplication), "SECURE_PASSWORD_STORE")]
     [JsonSubtypes.KnownSubType(typeof(WsFederationApplication), "WS_FEDERATION")]
     
     public partial class BasicAuthApplication : Application, IEquatable<BasicAuthApplication>
     {
-        
         /// <summary>
-        /// Gets or Sets Credentials
+        /// &#x60;template_basic_auth&#x60; is the key name for a basic authentication scheme app instance
         /// </summary>
-        [DataMember(Name = "credentials", EmitDefaultValue = true)]
-        public SchemeApplicationCredentials Credentials { get; set; }
+        /// <value>&#x60;template_basic_auth&#x60; is the key name for a basic authentication scheme app instance</value>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class NameEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum TemplateBasicAuth for value: template_basic_auth
+            /// </summary>
+            
+            public static NameEnum TemplateBasicAuth = new NameEnum("template_basic_auth");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="NameEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator NameEnum(string value) => new NameEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="Name"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public NameEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
 
         /// <summary>
-        /// Gets or Sets Name
+        /// &#x60;template_basic_auth&#x60; is the key name for a basic authentication scheme app instance
         /// </summary>
+        /// <value>&#x60;template_basic_auth&#x60; is the key name for a basic authentication scheme app instance</value>
         [DataMember(Name = "name", EmitDefaultValue = true)]
-        public string Name { get; set; }
+        
+        public NameEnum Name { get; set; }
+        /// <summary>
+        /// Initializes a new instance of the <see cref="BasicAuthApplication" /> class.
+        /// </summary>
+        [JsonConstructorAttribute]
+        public BasicAuthApplication() { }
+        
+        /// <summary>
+        /// Gets or Sets Credentials
+        /// </summary>
+        [DataMember(Name = "credentials", EmitDefaultValue = true)]
+        public SchemeApplicationCredentials Credentials { get; set; }
 
         /// <summary>
         /// Gets or Sets Settings
@@ -117,8 +154,7 @@ public bool Equals(BasicAuthApplication input)
                 ) && base.Equals(input) && 
                 (
                     this.Name == input.Name ||
-                    (this.Name != null &&
-                    this.Name.Equals(input.Name))
+                    this.Name.Equals(input.Name)
                 ) && base.Equals(input) && 
                 (
                     this.Settings == input.Settings ||
diff --git a/src/Okta.Sdk/Model/BeforeScheduledActionPolicyRuleCondition.cs b/src/Okta.Sdk/Model/BeforeScheduledActionPolicyRuleCondition.cs
index 2594ef4f1..9431e6f54 100644
--- a/src/Okta.Sdk/Model/BeforeScheduledActionPolicyRuleCondition.cs
+++ b/src/Okta.Sdk/Model/BeforeScheduledActionPolicyRuleCondition.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour.cs b/src/Okta.Sdk/Model/BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour.cs
index 6b99ccbaf..fd7e546ab 100644
--- a/src/Okta.Sdk/Model/BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour.cs
+++ b/src/Okta.Sdk/Model/BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/BehaviorDetectionRuleSettingsBasedOnEventHistory.cs b/src/Okta.Sdk/Model/BehaviorDetectionRuleSettingsBasedOnEventHistory.cs
index c2421e870..94975b4fe 100644
--- a/src/Okta.Sdk/Model/BehaviorDetectionRuleSettingsBasedOnEventHistory.cs
+++ b/src/Okta.Sdk/Model/BehaviorDetectionRuleSettingsBasedOnEventHistory.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/BehaviorRule.cs b/src/Okta.Sdk/Model/BehaviorRule.cs
index 951814b34..89061bc0d 100644
--- a/src/Okta.Sdk/Model/BehaviorRule.cs
+++ b/src/Okta.Sdk/Model/BehaviorRule.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/BehaviorRuleAnomalousDevice.cs b/src/Okta.Sdk/Model/BehaviorRuleAnomalousDevice.cs
index 625eeb902..297c4114b 100644
--- a/src/Okta.Sdk/Model/BehaviorRuleAnomalousDevice.cs
+++ b/src/Okta.Sdk/Model/BehaviorRuleAnomalousDevice.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/BehaviorRuleAnomalousIP.cs b/src/Okta.Sdk/Model/BehaviorRuleAnomalousIP.cs
index 199b8eded..98563fcff 100644
--- a/src/Okta.Sdk/Model/BehaviorRuleAnomalousIP.cs
+++ b/src/Okta.Sdk/Model/BehaviorRuleAnomalousIP.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/BehaviorRuleAnomalousLocation.cs b/src/Okta.Sdk/Model/BehaviorRuleAnomalousLocation.cs
index c32f0ac50..7091d15f5 100644
--- a/src/Okta.Sdk/Model/BehaviorRuleAnomalousLocation.cs
+++ b/src/Okta.Sdk/Model/BehaviorRuleAnomalousLocation.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/BehaviorRuleSettingsAnomalousDevice.cs b/src/Okta.Sdk/Model/BehaviorRuleSettingsAnomalousDevice.cs
index 90edee25d..c03f35b1d 100644
--- a/src/Okta.Sdk/Model/BehaviorRuleSettingsAnomalousDevice.cs
+++ b/src/Okta.Sdk/Model/BehaviorRuleSettingsAnomalousDevice.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/BehaviorRuleSettingsAnomalousIP.cs b/src/Okta.Sdk/Model/BehaviorRuleSettingsAnomalousIP.cs
index 911debc86..be4f827af 100644
--- a/src/Okta.Sdk/Model/BehaviorRuleSettingsAnomalousIP.cs
+++ b/src/Okta.Sdk/Model/BehaviorRuleSettingsAnomalousIP.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/BehaviorRuleSettingsAnomalousLocation.cs b/src/Okta.Sdk/Model/BehaviorRuleSettingsAnomalousLocation.cs
index ad5c446cc..44ba222c4 100644
--- a/src/Okta.Sdk/Model/BehaviorRuleSettingsAnomalousLocation.cs
+++ b/src/Okta.Sdk/Model/BehaviorRuleSettingsAnomalousLocation.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/BehaviorRuleSettingsHistoryBased.cs b/src/Okta.Sdk/Model/BehaviorRuleSettingsHistoryBased.cs
index 3863c28bf..a80bbb73e 100644
--- a/src/Okta.Sdk/Model/BehaviorRuleSettingsHistoryBased.cs
+++ b/src/Okta.Sdk/Model/BehaviorRuleSettingsHistoryBased.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/BehaviorRuleSettingsVelocity.cs b/src/Okta.Sdk/Model/BehaviorRuleSettingsVelocity.cs
index ecdd509ef..423101356 100644
--- a/src/Okta.Sdk/Model/BehaviorRuleSettingsVelocity.cs
+++ b/src/Okta.Sdk/Model/BehaviorRuleSettingsVelocity.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/BehaviorRuleType.cs b/src/Okta.Sdk/Model/BehaviorRuleType.cs
index 5ac7e38a0..667237104 100644
--- a/src/Okta.Sdk/Model/BehaviorRuleType.cs
+++ b/src/Okta.Sdk/Model/BehaviorRuleType.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/BehaviorRuleVelocity.cs b/src/Okta.Sdk/Model/BehaviorRuleVelocity.cs
index 02acaec43..11de4b4e8 100644
--- a/src/Okta.Sdk/Model/BehaviorRuleVelocity.cs
+++ b/src/Okta.Sdk/Model/BehaviorRuleVelocity.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/BindingMethod.cs b/src/Okta.Sdk/Model/BindingMethod.cs
new file mode 100644
index 000000000..6dfe1275d
--- /dev/null
+++ b/src/Okta.Sdk/Model/BindingMethod.cs
@@ -0,0 +1,65 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// The method used to bind the out-of-band channel with the primary channel.
+    /// </summary>
+    /// <value>The method used to bind the out-of-band channel with the primary channel.</value>
+    [JsonConverter(typeof(StringEnumSerializingConverter))]
+    public sealed class BindingMethod : StringEnum
+    {
+        /// <summary>
+        /// StringEnum BindingMethod for value: none
+        /// </summary>
+        public static BindingMethod None = new BindingMethod("none");
+        /// <summary>
+        /// StringEnum BindingMethod for value: prompt
+        /// </summary>
+        public static BindingMethod Prompt = new BindingMethod("prompt");
+        /// <summary>
+        /// StringEnum BindingMethod for value: transfer
+        /// </summary>
+        public static BindingMethod Transfer = new BindingMethod("transfer");
+
+        /// <summary>
+        /// Implicit operator declaration to accept and convert a string value as a <see cref="BindingMethod"/>
+        /// </summary>
+        /// <param name="value">The value to use</param>
+        public static implicit operator BindingMethod(string value) => new BindingMethod(value);
+
+        /// <summary>
+        /// Creates a new <see cref="BindingMethod"/> instance.
+        /// </summary>
+        /// <param name="value">The value to use.</param>
+        public BindingMethod(string value)
+            : base(value)
+        {
+        }
+    }
+
+
+}
diff --git a/src/Okta.Sdk/Model/BookmarkApplication.cs b/src/Okta.Sdk/Model/BookmarkApplication.cs
index d391d3170..90e3bd544 100644
--- a/src/Okta.Sdk/Model/BookmarkApplication.cs
+++ b/src/Okta.Sdk/Model/BookmarkApplication.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -37,25 +37,62 @@ namespace Okta.Sdk.Model
     [JsonSubtypes.KnownSubType(typeof(BookmarkApplication), "BOOKMARK")]
     [JsonSubtypes.KnownSubType(typeof(BrowserPluginApplication), "BROWSER_PLUGIN")]
     [JsonSubtypes.KnownSubType(typeof(OpenIdConnectApplication), "OPENID_CONNECT")]
-    [JsonSubtypes.KnownSubType(typeof(SamlApplication), "SAML_1_1")]
+    [JsonSubtypes.KnownSubType(typeof(Saml11Application), "SAML_1_1")]
     [JsonSubtypes.KnownSubType(typeof(SamlApplication), "SAML_2_0")]
     [JsonSubtypes.KnownSubType(typeof(SecurePasswordStoreApplication), "SECURE_PASSWORD_STORE")]
     [JsonSubtypes.KnownSubType(typeof(WsFederationApplication), "WS_FEDERATION")]
     
     public partial class BookmarkApplication : Application, IEquatable<BookmarkApplication>
     {
-        
         /// <summary>
-        /// Gets or Sets Credentials
+        /// &#x60;bookmark&#x60; is the key name for a Bookmark app
         /// </summary>
-        [DataMember(Name = "credentials", EmitDefaultValue = true)]
-        public ApplicationCredentials Credentials { get; set; }
+        /// <value>&#x60;bookmark&#x60; is the key name for a Bookmark app</value>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class NameEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum Bookmark for value: bookmark
+            /// </summary>
+            
+            public static NameEnum Bookmark = new NameEnum("bookmark");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="NameEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator NameEnum(string value) => new NameEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="Name"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public NameEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
 
         /// <summary>
-        /// Gets or Sets Name
+        /// &#x60;bookmark&#x60; is the key name for a Bookmark app
         /// </summary>
+        /// <value>&#x60;bookmark&#x60; is the key name for a Bookmark app</value>
         [DataMember(Name = "name", EmitDefaultValue = true)]
-        public string Name { get; set; }
+        
+        public NameEnum Name { get; set; }
+        /// <summary>
+        /// Initializes a new instance of the <see cref="BookmarkApplication" /> class.
+        /// </summary>
+        [JsonConstructorAttribute]
+        public BookmarkApplication() { }
+        
+        /// <summary>
+        /// Gets or Sets Credentials
+        /// </summary>
+        [DataMember(Name = "credentials", EmitDefaultValue = true)]
+        public ApplicationCredentials Credentials { get; set; }
 
         /// <summary>
         /// Gets or Sets Settings
@@ -117,8 +154,7 @@ public bool Equals(BookmarkApplication input)
                 ) && base.Equals(input) && 
                 (
                     this.Name == input.Name ||
-                    (this.Name != null &&
-                    this.Name.Equals(input.Name))
+                    this.Name.Equals(input.Name)
                 ) && base.Equals(input) && 
                 (
                     this.Settings == input.Settings ||
diff --git a/src/Okta.Sdk/Model/BookmarkApplicationSettings.cs b/src/Okta.Sdk/Model/BookmarkApplicationSettings.cs
index 10b90dd56..34eef9fa7 100644
--- a/src/Okta.Sdk/Model/BookmarkApplicationSettings.cs
+++ b/src/Okta.Sdk/Model/BookmarkApplicationSettings.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/BookmarkApplicationSettingsApplication.cs b/src/Okta.Sdk/Model/BookmarkApplicationSettingsApplication.cs
index e777cd15c..92505a71e 100644
--- a/src/Okta.Sdk/Model/BookmarkApplicationSettingsApplication.cs
+++ b/src/Okta.Sdk/Model/BookmarkApplicationSettingsApplication.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/BouncesRemoveListError.cs b/src/Okta.Sdk/Model/BouncesRemoveListError.cs
index dfd41c29a..ab81e7f6f 100644
--- a/src/Okta.Sdk/Model/BouncesRemoveListError.cs
+++ b/src/Okta.Sdk/Model/BouncesRemoveListError.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/BouncesRemoveListObj.cs b/src/Okta.Sdk/Model/BouncesRemoveListObj.cs
index b456597aa..5d46dc56b 100644
--- a/src/Okta.Sdk/Model/BouncesRemoveListObj.cs
+++ b/src/Okta.Sdk/Model/BouncesRemoveListObj.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/BouncesRemoveListResult.cs b/src/Okta.Sdk/Model/BouncesRemoveListResult.cs
index fc1f0c00b..6684132c8 100644
--- a/src/Okta.Sdk/Model/BouncesRemoveListResult.cs
+++ b/src/Okta.Sdk/Model/BouncesRemoveListResult.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/Brand.cs b/src/Okta.Sdk/Model/Brand.cs
index f68225a7c..6ee3f6317 100644
--- a/src/Okta.Sdk/Model/Brand.cs
+++ b/src/Okta.Sdk/Model/Brand.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -35,14 +35,16 @@ public partial class Brand : IEquatable<Brand>
     {
         
         /// <summary>
-        /// Gets or Sets AgreeToCustomPrivacyPolicy
+        /// Consent for updating the custom privacy URL. Not required when resetting the URL.
         /// </summary>
+        /// <value>Consent for updating the custom privacy URL. Not required when resetting the URL.</value>
         [DataMember(Name = "agreeToCustomPrivacyPolicy", EmitDefaultValue = true)]
         public bool AgreeToCustomPrivacyPolicy { get; set; }
 
         /// <summary>
-        /// Gets or Sets CustomPrivacyPolicyUrl
+        /// Custom privacy policy URL
         /// </summary>
+        /// <value>Custom privacy policy URL</value>
         [DataMember(Name = "customPrivacyPolicyUrl", EmitDefaultValue = true)]
         public string CustomPrivacyPolicyUrl { get; set; }
 
@@ -53,14 +55,16 @@ public partial class Brand : IEquatable<Brand>
         public DefaultApp DefaultApp { get; set; }
 
         /// <summary>
-        /// Gets or Sets EmailDomainId
+        /// The ID of the email domain
         /// </summary>
+        /// <value>The ID of the email domain</value>
         [DataMember(Name = "emailDomainId", EmitDefaultValue = true)]
         public string EmailDomainId { get; set; }
 
         /// <summary>
-        /// Gets or Sets Id
+        /// The Brand ID
         /// </summary>
+        /// <value>The Brand ID</value>
         [DataMember(Name = "id", EmitDefaultValue = true)]
         public string Id { get; private set; }
 
@@ -73,8 +77,9 @@ public bool ShouldSerializeId()
             return false;
         }
         /// <summary>
-        /// Gets or Sets IsDefault
+        /// If &#x60;true&#x60;, the Brand is used for the Okta subdomain
         /// </summary>
+        /// <value>If &#x60;true&#x60;, the Brand is used for the Okta subdomain</value>
         [DataMember(Name = "isDefault", EmitDefaultValue = true)]
         public bool IsDefault { get; private set; }
 
@@ -94,14 +99,16 @@ public bool ShouldSerializeIsDefault()
         public string Locale { get; set; }
 
         /// <summary>
-        /// Gets or Sets Name
+        /// The name of the Brand
         /// </summary>
+        /// <value>The name of the Brand</value>
         [DataMember(Name = "name", EmitDefaultValue = true)]
         public string Name { get; set; }
 
         /// <summary>
-        /// Gets or Sets RemovePoweredByOkta
+        /// Removes \&quot;Powered by Okta\&quot; from the sign-in page in redirect authentication deployments, and \&quot;© [current year] Okta, Inc.\&quot; from the Okta End-User Dashboard
         /// </summary>
+        /// <value>Removes \&quot;Powered by Okta\&quot; from the sign-in page in redirect authentication deployments, and \&quot;© [current year] Okta, Inc.\&quot; from the Okta End-User Dashboard</value>
         [DataMember(Name = "removePoweredByOkta", EmitDefaultValue = true)]
         public bool RemovePoweredByOkta { get; set; }
 
diff --git a/src/Okta.Sdk/Model/BrandRequest.cs b/src/Okta.Sdk/Model/BrandRequest.cs
index 2d32ac806..234fb94cc 100644
--- a/src/Okta.Sdk/Model/BrandRequest.cs
+++ b/src/Okta.Sdk/Model/BrandRequest.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -33,16 +33,23 @@ namespace Okta.Sdk.Model
     
     public partial class BrandRequest : IEquatable<BrandRequest>
     {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="BrandRequest" /> class.
+        /// </summary>
+        [JsonConstructorAttribute]
+        public BrandRequest() { }
         
         /// <summary>
-        /// Gets or Sets AgreeToCustomPrivacyPolicy
+        /// Consent for updating the custom privacy URL. Not required when resetting the URL.
         /// </summary>
+        /// <value>Consent for updating the custom privacy URL. Not required when resetting the URL.</value>
         [DataMember(Name = "agreeToCustomPrivacyPolicy", EmitDefaultValue = true)]
         public bool AgreeToCustomPrivacyPolicy { get; set; }
 
         /// <summary>
-        /// Gets or Sets CustomPrivacyPolicyUrl
+        /// Custom privacy policy URL
         /// </summary>
+        /// <value>Custom privacy policy URL</value>
         [DataMember(Name = "customPrivacyPolicyUrl", EmitDefaultValue = true)]
         public string CustomPrivacyPolicyUrl { get; set; }
 
@@ -53,8 +60,9 @@ public partial class BrandRequest : IEquatable<BrandRequest>
         public DefaultApp DefaultApp { get; set; }
 
         /// <summary>
-        /// Gets or Sets EmailDomainId
+        /// The ID of the email domain
         /// </summary>
+        /// <value>The ID of the email domain</value>
         [DataMember(Name = "emailDomainId", EmitDefaultValue = true)]
         public string EmailDomainId { get; set; }
 
@@ -66,14 +74,16 @@ public partial class BrandRequest : IEquatable<BrandRequest>
         public string Locale { get; set; }
 
         /// <summary>
-        /// Gets or Sets Name
+        /// The name of the Brand
         /// </summary>
+        /// <value>The name of the Brand</value>
         [DataMember(Name = "name", EmitDefaultValue = true)]
         public string Name { get; set; }
 
         /// <summary>
-        /// Gets or Sets RemovePoweredByOkta
+        /// Removes \&quot;Powered by Okta\&quot; from the sign-in page in redirect authentication deployments, and \&quot;© [current year] Okta, Inc.\&quot; from the Okta End-User Dashboard
         /// </summary>
+        /// <value>Removes \&quot;Powered by Okta\&quot; from the sign-in page in redirect authentication deployments, and \&quot;© [current year] Okta, Inc.\&quot; from the Okta End-User Dashboard</value>
         [DataMember(Name = "removePoweredByOkta", EmitDefaultValue = true)]
         public bool RemovePoweredByOkta { get; set; }
 
diff --git a/src/Okta.Sdk/Model/BrandWithEmbedded.cs b/src/Okta.Sdk/Model/BrandWithEmbedded.cs
index 51dafc53d..e04891445 100644
--- a/src/Okta.Sdk/Model/BrandWithEmbedded.cs
+++ b/src/Okta.Sdk/Model/BrandWithEmbedded.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -55,14 +55,16 @@ public bool ShouldSerializeEmbedded()
         public LinksSelf Links { get; set; }
 
         /// <summary>
-        /// Gets or Sets AgreeToCustomPrivacyPolicy
+        /// Consent for updating the custom privacy URL. Not required when resetting the URL.
         /// </summary>
+        /// <value>Consent for updating the custom privacy URL. Not required when resetting the URL.</value>
         [DataMember(Name = "agreeToCustomPrivacyPolicy", EmitDefaultValue = true)]
         public bool AgreeToCustomPrivacyPolicy { get; set; }
 
         /// <summary>
-        /// Gets or Sets CustomPrivacyPolicyUrl
+        /// Custom privacy policy URL
         /// </summary>
+        /// <value>Custom privacy policy URL</value>
         [DataMember(Name = "customPrivacyPolicyUrl", EmitDefaultValue = true)]
         public string CustomPrivacyPolicyUrl { get; set; }
 
@@ -73,14 +75,16 @@ public bool ShouldSerializeEmbedded()
         public DefaultApp DefaultApp { get; set; }
 
         /// <summary>
-        /// Gets or Sets EmailDomainId
+        /// The ID of the email domain
         /// </summary>
+        /// <value>The ID of the email domain</value>
         [DataMember(Name = "emailDomainId", EmitDefaultValue = true)]
         public string EmailDomainId { get; set; }
 
         /// <summary>
-        /// Gets or Sets Id
+        /// The Brand ID
         /// </summary>
+        /// <value>The Brand ID</value>
         [DataMember(Name = "id", EmitDefaultValue = true)]
         public string Id { get; private set; }
 
@@ -93,8 +97,9 @@ public bool ShouldSerializeId()
             return false;
         }
         /// <summary>
-        /// Gets or Sets IsDefault
+        /// If &#x60;true&#x60;, the Brand is used for the Okta subdomain
         /// </summary>
+        /// <value>If &#x60;true&#x60;, the Brand is used for the Okta subdomain</value>
         [DataMember(Name = "isDefault", EmitDefaultValue = true)]
         public bool IsDefault { get; private set; }
 
@@ -114,14 +119,16 @@ public bool ShouldSerializeIsDefault()
         public string Locale { get; set; }
 
         /// <summary>
-        /// Gets or Sets Name
+        /// The name of the Brand
         /// </summary>
+        /// <value>The name of the Brand</value>
         [DataMember(Name = "name", EmitDefaultValue = true)]
         public string Name { get; set; }
 
         /// <summary>
-        /// Gets or Sets RemovePoweredByOkta
+        /// Removes \&quot;Powered by Okta\&quot; from the sign-in page in redirect authentication deployments, and \&quot;© [current year] Okta, Inc.\&quot; from the Okta End-User Dashboard
         /// </summary>
+        /// <value>Removes \&quot;Powered by Okta\&quot; from the sign-in page in redirect authentication deployments, and \&quot;© [current year] Okta, Inc.\&quot; from the Okta End-User Dashboard</value>
         [DataMember(Name = "removePoweredByOkta", EmitDefaultValue = true)]
         public bool RemovePoweredByOkta { get; set; }
 
diff --git a/src/Okta.Sdk/Model/BrowserPluginApplication.cs b/src/Okta.Sdk/Model/BrowserPluginApplication.cs
index 5e46298ae..cd5156ab1 100644
--- a/src/Okta.Sdk/Model/BrowserPluginApplication.cs
+++ b/src/Okta.Sdk/Model/BrowserPluginApplication.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -37,25 +37,68 @@ namespace Okta.Sdk.Model
     [JsonSubtypes.KnownSubType(typeof(BookmarkApplication), "BOOKMARK")]
     [JsonSubtypes.KnownSubType(typeof(BrowserPluginApplication), "BROWSER_PLUGIN")]
     [JsonSubtypes.KnownSubType(typeof(OpenIdConnectApplication), "OPENID_CONNECT")]
-    [JsonSubtypes.KnownSubType(typeof(SamlApplication), "SAML_1_1")]
+    [JsonSubtypes.KnownSubType(typeof(Saml11Application), "SAML_1_1")]
     [JsonSubtypes.KnownSubType(typeof(SamlApplication), "SAML_2_0")]
     [JsonSubtypes.KnownSubType(typeof(SecurePasswordStoreApplication), "SECURE_PASSWORD_STORE")]
     [JsonSubtypes.KnownSubType(typeof(WsFederationApplication), "WS_FEDERATION")]
     
     public partial class BrowserPluginApplication : Application, IEquatable<BrowserPluginApplication>
     {
-        
         /// <summary>
-        /// Gets or Sets Credentials
+        /// The key name for the app definition
         /// </summary>
-        [DataMember(Name = "credentials", EmitDefaultValue = true)]
-        public SchemeApplicationCredentials Credentials { get; set; }
+        /// <value>The key name for the app definition</value>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class NameEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum Swa for value: template_swa
+            /// </summary>
+            
+            public static NameEnum Swa = new NameEnum("template_swa");
+
+            /// <summary>
+            /// StringEnum Swa3field for value: template_swa3field
+            /// </summary>
+            
+            public static NameEnum Swa3field = new NameEnum("template_swa3field");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="NameEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator NameEnum(string value) => new NameEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="Name"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public NameEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
 
         /// <summary>
-        /// Gets or Sets Name
+        /// The key name for the app definition
         /// </summary>
+        /// <value>The key name for the app definition</value>
         [DataMember(Name = "name", EmitDefaultValue = true)]
-        public string Name { get; set; }
+        
+        public NameEnum Name { get; set; }
+        /// <summary>
+        /// Initializes a new instance of the <see cref="BrowserPluginApplication" /> class.
+        /// </summary>
+        [JsonConstructorAttribute]
+        public BrowserPluginApplication() { }
+        
+        /// <summary>
+        /// Gets or Sets Credentials
+        /// </summary>
+        [DataMember(Name = "credentials", EmitDefaultValue = true)]
+        public SchemeApplicationCredentials Credentials { get; set; }
 
         /// <summary>
         /// Gets or Sets Settings
@@ -117,8 +160,7 @@ public bool Equals(BrowserPluginApplication input)
                 ) && base.Equals(input) && 
                 (
                     this.Name == input.Name ||
-                    (this.Name != null &&
-                    this.Name.Equals(input.Name))
+                    this.Name.Equals(input.Name)
                 ) && base.Equals(input) && 
                 (
                     this.Settings == input.Settings ||
diff --git a/src/Okta.Sdk/Model/BulkDeleteRequestBody.cs b/src/Okta.Sdk/Model/BulkDeleteRequestBody.cs
index 93af5ff44..1c2e5907f 100644
--- a/src/Okta.Sdk/Model/BulkDeleteRequestBody.cs
+++ b/src/Okta.Sdk/Model/BulkDeleteRequestBody.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/BulkUpsertRequestBody.cs b/src/Okta.Sdk/Model/BulkUpsertRequestBody.cs
index 881a5419f..5cde4fd70 100644
--- a/src/Okta.Sdk/Model/BulkUpsertRequestBody.cs
+++ b/src/Okta.Sdk/Model/BulkUpsertRequestBody.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/BundleEntitlement.cs b/src/Okta.Sdk/Model/BundleEntitlement.cs
new file mode 100644
index 000000000..d7757c67b
--- /dev/null
+++ b/src/Okta.Sdk/Model/BundleEntitlement.cs
@@ -0,0 +1,178 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// BundleEntitlement
+    /// </summary>
+    [DataContract(Name = "BundleEntitlement")]
+    
+    public partial class BundleEntitlement : IEquatable<BundleEntitlement>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Description
+        /// </summary>
+        [DataMember(Name = "description", EmitDefaultValue = true)]
+        public string Description { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Id
+        /// </summary>
+        [DataMember(Name = "id", EmitDefaultValue = true)]
+        public string Id { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Name
+        /// </summary>
+        [DataMember(Name = "name", EmitDefaultValue = true)]
+        public string Name { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Role
+        /// </summary>
+        [DataMember(Name = "role", EmitDefaultValue = true)]
+        public string Role { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Links
+        /// </summary>
+        [DataMember(Name = "_links", EmitDefaultValue = true)]
+        public BundleEntitlementLinks Links { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class BundleEntitlement {\n");
+            sb.Append("  Description: ").Append(Description).Append("\n");
+            sb.Append("  Id: ").Append(Id).Append("\n");
+            sb.Append("  Name: ").Append(Name).Append("\n");
+            sb.Append("  Role: ").Append(Role).Append("\n");
+            sb.Append("  Links: ").Append(Links).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as BundleEntitlement);
+        }
+
+        /// <summary>
+        /// Returns true if BundleEntitlement instances are equal
+        /// </summary>
+        /// <param name="input">Instance of BundleEntitlement to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(BundleEntitlement input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Description == input.Description ||
+                    (this.Description != null &&
+                    this.Description.Equals(input.Description))
+                ) && 
+                (
+                    this.Id == input.Id ||
+                    (this.Id != null &&
+                    this.Id.Equals(input.Id))
+                ) && 
+                (
+                    this.Name == input.Name ||
+                    (this.Name != null &&
+                    this.Name.Equals(input.Name))
+                ) && 
+                (
+                    this.Role == input.Role ||
+                    (this.Role != null &&
+                    this.Role.Equals(input.Role))
+                ) && 
+                (
+                    this.Links == input.Links ||
+                    (this.Links != null &&
+                    this.Links.Equals(input.Links))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Description != null)
+                {
+                    hashCode = (hashCode * 59) + this.Description.GetHashCode();
+                }
+                if (this.Id != null)
+                {
+                    hashCode = (hashCode * 59) + this.Id.GetHashCode();
+                }
+                if (this.Name != null)
+                {
+                    hashCode = (hashCode * 59) + this.Name.GetHashCode();
+                }
+                if (this.Role != null)
+                {
+                    hashCode = (hashCode * 59) + this.Role.GetHashCode();
+                }
+                if (this.Links != null)
+                {
+                    hashCode = (hashCode * 59) + this.Links.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/BundleEntitlementLinks.cs b/src/Okta.Sdk/Model/BundleEntitlementLinks.cs
new file mode 100644
index 000000000..ae15eee8f
--- /dev/null
+++ b/src/Okta.Sdk/Model/BundleEntitlementLinks.cs
@@ -0,0 +1,114 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// BundleEntitlementLinks
+    /// </summary>
+    [DataContract(Name = "BundleEntitlement__links")]
+    
+    public partial class BundleEntitlementLinks : IEquatable<BundleEntitlementLinks>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Values
+        /// </summary>
+        [DataMember(Name = "values", EmitDefaultValue = true)]
+        public HrefObject Values { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class BundleEntitlementLinks {\n");
+            sb.Append("  Values: ").Append(Values).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as BundleEntitlementLinks);
+        }
+
+        /// <summary>
+        /// Returns true if BundleEntitlementLinks instances are equal
+        /// </summary>
+        /// <param name="input">Instance of BundleEntitlementLinks to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(BundleEntitlementLinks input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Values == input.Values ||
+                    (this.Values != null &&
+                    this.Values.Equals(input.Values))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Values != null)
+                {
+                    hashCode = (hashCode * 59) + this.Values.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/BundleEntitlementsResponse.cs b/src/Okta.Sdk/Model/BundleEntitlementsResponse.cs
new file mode 100644
index 000000000..a11d89472
--- /dev/null
+++ b/src/Okta.Sdk/Model/BundleEntitlementsResponse.cs
@@ -0,0 +1,131 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// BundleEntitlementsResponse
+    /// </summary>
+    [DataContract(Name = "BundleEntitlementsResponse")]
+    
+    public partial class BundleEntitlementsResponse : IEquatable<BundleEntitlementsResponse>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Entitlements
+        /// </summary>
+        [DataMember(Name = "entitlements", EmitDefaultValue = true)]
+        public List<BundleEntitlement> Entitlements { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Links
+        /// </summary>
+        [DataMember(Name = "_links", EmitDefaultValue = true)]
+        public BundleEntitlementsResponseLinks Links { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class BundleEntitlementsResponse {\n");
+            sb.Append("  Entitlements: ").Append(Entitlements).Append("\n");
+            sb.Append("  Links: ").Append(Links).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as BundleEntitlementsResponse);
+        }
+
+        /// <summary>
+        /// Returns true if BundleEntitlementsResponse instances are equal
+        /// </summary>
+        /// <param name="input">Instance of BundleEntitlementsResponse to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(BundleEntitlementsResponse input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Entitlements == input.Entitlements ||
+                    this.Entitlements != null &&
+                    input.Entitlements != null &&
+                    this.Entitlements.SequenceEqual(input.Entitlements)
+                ) && 
+                (
+                    this.Links == input.Links ||
+                    (this.Links != null &&
+                    this.Links.Equals(input.Links))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Entitlements != null)
+                {
+                    hashCode = (hashCode * 59) + this.Entitlements.GetHashCode();
+                }
+                if (this.Links != null)
+                {
+                    hashCode = (hashCode * 59) + this.Links.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/BundleEntitlementsResponseLinks.cs b/src/Okta.Sdk/Model/BundleEntitlementsResponseLinks.cs
new file mode 100644
index 000000000..7a2f9b04a
--- /dev/null
+++ b/src/Okta.Sdk/Model/BundleEntitlementsResponseLinks.cs
@@ -0,0 +1,295 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: AnyOf
+    /// BundleEntitlementsResponseLinks
+    /// </summary>
+    [JsonConverter(typeof(BundleEntitlementsResponseLinksJsonConverter))]
+    [DataContract(Name = "BundleEntitlementsResponse__links")]
+    public partial class BundleEntitlementsResponseLinks : AbstractOpenAPISchema, IEquatable<BundleEntitlementsResponseLinks>
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="BundleEntitlementsResponseLinks" /> class
+        /// with the <see cref="BundleEntitlementsResponseLinksAnyOf" /> class
+        /// </summary>
+        /// <param name="actualInstance">An instance of BundleEntitlementsResponseLinksAnyOf.</param>
+        public BundleEntitlementsResponseLinks(BundleEntitlementsResponseLinksAnyOf actualInstance)
+        {
+            this.IsNullable = false;
+            this.SchemaType= "anyOf";
+            this.ActualInstance = actualInstance ?? throw new ArgumentException("Invalid instance found. Must not be null.");
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="BundleEntitlementsResponseLinks" /> class
+        /// with the <see cref="LinksNext" /> class
+        /// </summary>
+        /// <param name="actualInstance">An instance of LinksNext.</param>
+        public BundleEntitlementsResponseLinks(LinksNext actualInstance)
+        {
+            this.IsNullable = false;
+            this.SchemaType= "anyOf";
+            this.ActualInstance = actualInstance ?? throw new ArgumentException("Invalid instance found. Must not be null.");
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="BundleEntitlementsResponseLinks" /> class
+        /// with the <see cref="LinksSelf" /> class
+        /// </summary>
+        /// <param name="actualInstance">An instance of LinksSelf.</param>
+        public BundleEntitlementsResponseLinks(LinksSelf actualInstance)
+        {
+            this.IsNullable = false;
+            this.SchemaType= "anyOf";
+            this.ActualInstance = actualInstance ?? throw new ArgumentException("Invalid instance found. Must not be null.");
+        }
+
+
+        private Object _actualInstance;
+
+        /// <summary>
+        /// Gets or Sets ActualInstance
+        /// </summary>
+        public override Object ActualInstance
+        {
+            get
+            {
+                return _actualInstance;
+            }
+            set
+            {
+                if (value.GetType() == typeof(BundleEntitlementsResponseLinksAnyOf))
+                {
+                    this._actualInstance = value;
+                }
+                else if (value.GetType() == typeof(LinksNext))
+                {
+                    this._actualInstance = value;
+                }
+                else if (value.GetType() == typeof(LinksSelf))
+                {
+                    this._actualInstance = value;
+                }
+                else
+                {
+                    throw new ArgumentException("Invalid instance found. Must be the following types: BundleEntitlementsResponseLinksAnyOf, LinksNext, LinksSelf");
+                }
+            }
+        }
+
+        /// <summary>
+        /// Get the actual instance of `BundleEntitlementsResponseLinksAnyOf`. If the actual instance is not `BundleEntitlementsResponseLinksAnyOf`,
+        /// the InvalidClassException will be thrown
+        /// </summary>
+        /// <returns>An instance of BundleEntitlementsResponseLinksAnyOf</returns>
+        public BundleEntitlementsResponseLinksAnyOf GetBundleEntitlementsResponseLinksAnyOf()
+        {
+            return (BundleEntitlementsResponseLinksAnyOf)this.ActualInstance;
+        }
+
+        /// <summary>
+        /// Get the actual instance of `LinksNext`. If the actual instance is not `LinksNext`,
+        /// the InvalidClassException will be thrown
+        /// </summary>
+        /// <returns>An instance of LinksNext</returns>
+        public LinksNext GetLinksNext()
+        {
+            return (LinksNext)this.ActualInstance;
+        }
+
+        /// <summary>
+        /// Get the actual instance of `LinksSelf`. If the actual instance is not `LinksSelf`,
+        /// the InvalidClassException will be thrown
+        /// </summary>
+        /// <returns>An instance of LinksSelf</returns>
+        public LinksSelf GetLinksSelf()
+        {
+            return (LinksSelf)this.ActualInstance;
+        }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            var sb = new StringBuilder();
+            sb.Append("class BundleEntitlementsResponseLinks {\n");
+            sb.Append("  ActualInstance: ").Append(this.ActualInstance).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return JsonConvert.SerializeObject(this.ActualInstance, BundleEntitlementsResponseLinks.SerializerSettings);
+        }
+
+        /// <summary>
+        /// Converts the JSON string into an instance of BundleEntitlementsResponseLinks
+        /// </summary>
+        /// <param name="jsonString">JSON string</param>
+        /// <returns>An instance of BundleEntitlementsResponseLinks</returns>
+        public static BundleEntitlementsResponseLinks FromJson(string jsonString)
+        {
+            BundleEntitlementsResponseLinks newBundleEntitlementsResponseLinks = null;
+
+            if (string.IsNullOrEmpty(jsonString))
+            {
+                return newBundleEntitlementsResponseLinks;
+            }
+
+            try
+            {
+                newBundleEntitlementsResponseLinks = new BundleEntitlementsResponseLinks(JsonConvert.DeserializeObject<BundleEntitlementsResponseLinksAnyOf>(jsonString, BundleEntitlementsResponseLinks.SerializerSettings));
+                // deserialization is considered successful at this point if no exception has been thrown.
+                return newBundleEntitlementsResponseLinks;
+            }
+            catch (Exception exception)
+            {
+                // deserialization failed, try the next one
+                System.Diagnostics.Debug.WriteLine(string.Format("Failed to deserialize `{0}` into BundleEntitlementsResponseLinksAnyOf: {1}", jsonString, exception.ToString()));
+            }
+
+            try
+            {
+                newBundleEntitlementsResponseLinks = new BundleEntitlementsResponseLinks(JsonConvert.DeserializeObject<LinksNext>(jsonString, BundleEntitlementsResponseLinks.SerializerSettings));
+                // deserialization is considered successful at this point if no exception has been thrown.
+                return newBundleEntitlementsResponseLinks;
+            }
+            catch (Exception exception)
+            {
+                // deserialization failed, try the next one
+                System.Diagnostics.Debug.WriteLine(string.Format("Failed to deserialize `{0}` into LinksNext: {1}", jsonString, exception.ToString()));
+            }
+
+            try
+            {
+                newBundleEntitlementsResponseLinks = new BundleEntitlementsResponseLinks(JsonConvert.DeserializeObject<LinksSelf>(jsonString, BundleEntitlementsResponseLinks.SerializerSettings));
+                // deserialization is considered successful at this point if no exception has been thrown.
+                return newBundleEntitlementsResponseLinks;
+            }
+            catch (Exception exception)
+            {
+                // deserialization failed, try the next one
+                System.Diagnostics.Debug.WriteLine(string.Format("Failed to deserialize `{0}` into LinksSelf: {1}", jsonString, exception.ToString()));
+            }
+
+            // no match found, throw an exception
+            throw new InvalidDataException("The JSON string `" + jsonString + "` cannot be deserialized into any schema defined.");
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as BundleEntitlementsResponseLinks);
+        }
+
+        /// <summary>
+        /// Returns true if BundleEntitlementsResponseLinks instances are equal
+        /// </summary>
+        /// <param name="input">Instance of BundleEntitlementsResponseLinks to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(BundleEntitlementsResponseLinks input)
+        {
+            if (input == null)
+                return false;
+
+            return this.ActualInstance.Equals(input.ActualInstance);
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                if (this.ActualInstance != null)
+                    hashCode = hashCode * 59 + this.ActualInstance.GetHashCode();
+                return hashCode;
+            }
+        }
+
+    }
+
+    /// <summary>
+    /// Custom JSON converter for BundleEntitlementsResponseLinks
+    /// </summary>
+    public class BundleEntitlementsResponseLinksJsonConverter : JsonConverter
+    {
+        /// <summary>
+        /// To write the JSON string
+        /// </summary>
+        /// <param name="writer">JSON writer</param>
+        /// <param name="value">Object to be converted into a JSON string</param>
+        /// <param name="serializer">JSON Serializer</param>
+        public override void WriteJson(JsonWriter writer, object value, JsonSerializer serializer)
+        {
+            writer.WriteRawValue((string)(typeof(BundleEntitlementsResponseLinks).GetMethod("ToJson").Invoke(value, null)));
+        }
+
+        /// <summary>
+        /// To convert a JSON string into an object
+        /// </summary>
+        /// <param name="reader">JSON reader</param>
+        /// <param name="objectType">Object type</param>
+        /// <param name="existingValue">Existing value</param>
+        /// <param name="serializer">JSON Serializer</param>
+        /// <returns>The object converted from the JSON string</returns>
+        public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer)
+        {
+            if(reader.TokenType != JsonToken.Null)
+            {
+                return BundleEntitlementsResponseLinks.FromJson(JObject.Load(reader).ToString(Formatting.None));
+            }
+            return null;
+        }
+
+        /// <summary>
+        /// Check if the object can be converted
+        /// </summary>
+        /// <param name="objectType">Object type</param>
+        /// <returns>True if the object can be converted</returns>
+        public override bool CanConvert(Type objectType)
+        {
+            return false;
+        }
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/BundleEntitlementsResponseLinksAnyOf.cs b/src/Okta.Sdk/Model/BundleEntitlementsResponseLinksAnyOf.cs
new file mode 100644
index 000000000..1f03876c5
--- /dev/null
+++ b/src/Okta.Sdk/Model/BundleEntitlementsResponseLinksAnyOf.cs
@@ -0,0 +1,114 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// BundleEntitlementsResponseLinksAnyOf
+    /// </summary>
+    [DataContract(Name = "BundleEntitlementsResponse__links_anyOf")]
+    
+    public partial class BundleEntitlementsResponseLinksAnyOf : IEquatable<BundleEntitlementsResponseLinksAnyOf>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Bundle
+        /// </summary>
+        [DataMember(Name = "bundle", EmitDefaultValue = true)]
+        public HrefObject Bundle { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class BundleEntitlementsResponseLinksAnyOf {\n");
+            sb.Append("  Bundle: ").Append(Bundle).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as BundleEntitlementsResponseLinksAnyOf);
+        }
+
+        /// <summary>
+        /// Returns true if BundleEntitlementsResponseLinksAnyOf instances are equal
+        /// </summary>
+        /// <param name="input">Instance of BundleEntitlementsResponseLinksAnyOf to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(BundleEntitlementsResponseLinksAnyOf input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Bundle == input.Bundle ||
+                    (this.Bundle != null &&
+                    this.Bundle.Equals(input.Bundle))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Bundle != null)
+                {
+                    hashCode = (hashCode * 59) + this.Bundle.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/CAPTCHAInstance.cs b/src/Okta.Sdk/Model/CAPTCHAInstance.cs
index 20b8ccb0e..77a1294d9 100644
--- a/src/Okta.Sdk/Model/CAPTCHAInstance.cs
+++ b/src/Okta.Sdk/Model/CAPTCHAInstance.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/CAPTCHAType.cs b/src/Okta.Sdk/Model/CAPTCHAType.cs
index 473c2d22b..e59867677 100644
--- a/src/Okta.Sdk/Model/CAPTCHAType.cs
+++ b/src/Okta.Sdk/Model/CAPTCHAType.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/CaepDeviceComplianceChangeEvent.cs b/src/Okta.Sdk/Model/CaepDeviceComplianceChangeEvent.cs
new file mode 100644
index 000000000..1ebf85a08
--- /dev/null
+++ b/src/Okta.Sdk/Model/CaepDeviceComplianceChangeEvent.cs
@@ -0,0 +1,335 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// The subject&#39;s device compliance was revoked
+    /// </summary>
+    [DataContract(Name = "CaepDeviceComplianceChangeEvent")]
+    
+    public partial class CaepDeviceComplianceChangeEvent : IEquatable<CaepDeviceComplianceChangeEvent>
+    {
+        /// <summary>
+        /// Current device compliance status
+        /// </summary>
+        /// <value>Current device compliance status</value>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class CurrentStatusEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum Compliant for value: compliant
+            /// </summary>
+            
+            public static CurrentStatusEnum Compliant = new CurrentStatusEnum("compliant");
+
+            /// <summary>
+            /// StringEnum NotCompliant for value: not-compliant
+            /// </summary>
+            
+            public static CurrentStatusEnum NotCompliant = new CurrentStatusEnum("not-compliant");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="CurrentStatusEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator CurrentStatusEnum(string value) => new CurrentStatusEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="CurrentStatus"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public CurrentStatusEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// Current device compliance status
+        /// </summary>
+        /// <value>Current device compliance status</value>
+        [DataMember(Name = "current_status", EmitDefaultValue = true)]
+        
+        public CurrentStatusEnum CurrentStatus { get; set; }
+        /// <summary>
+        /// The entity that initiated the event
+        /// </summary>
+        /// <value>The entity that initiated the event</value>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class InitiatingEntityEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum Admin for value: admin
+            /// </summary>
+            
+            public static InitiatingEntityEnum Admin = new InitiatingEntityEnum("admin");
+
+            /// <summary>
+            /// StringEnum User for value: user
+            /// </summary>
+            
+            public static InitiatingEntityEnum User = new InitiatingEntityEnum("user");
+
+            /// <summary>
+            /// StringEnum Policy for value: policy
+            /// </summary>
+            
+            public static InitiatingEntityEnum Policy = new InitiatingEntityEnum("policy");
+
+            /// <summary>
+            /// StringEnum System for value: system
+            /// </summary>
+            
+            public static InitiatingEntityEnum System = new InitiatingEntityEnum("system");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="InitiatingEntityEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator InitiatingEntityEnum(string value) => new InitiatingEntityEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="InitiatingEntity"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public InitiatingEntityEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// The entity that initiated the event
+        /// </summary>
+        /// <value>The entity that initiated the event</value>
+        [DataMember(Name = "initiating_entity", EmitDefaultValue = true)]
+        
+        public InitiatingEntityEnum InitiatingEntity { get; set; }
+        /// <summary>
+        /// Previous device compliance status
+        /// </summary>
+        /// <value>Previous device compliance status</value>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class PreviousStatusEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum Compliant for value: compliant
+            /// </summary>
+            
+            public static PreviousStatusEnum Compliant = new PreviousStatusEnum("compliant");
+
+            /// <summary>
+            /// StringEnum NotCompliant for value: not-compliant
+            /// </summary>
+            
+            public static PreviousStatusEnum NotCompliant = new PreviousStatusEnum("not-compliant");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="PreviousStatusEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator PreviousStatusEnum(string value) => new PreviousStatusEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="PreviousStatus"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public PreviousStatusEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// Previous device compliance status
+        /// </summary>
+        /// <value>Previous device compliance status</value>
+        [DataMember(Name = "previous_status", EmitDefaultValue = true)]
+        
+        public PreviousStatusEnum PreviousStatus { get; set; }
+        /// <summary>
+        /// Initializes a new instance of the <see cref="CaepDeviceComplianceChangeEvent" /> class.
+        /// </summary>
+        [JsonConstructorAttribute]
+        public CaepDeviceComplianceChangeEvent() { }
+        
+        /// <summary>
+        /// The time of the event (UNIX timestamp)
+        /// </summary>
+        /// <value>The time of the event (UNIX timestamp)</value>
+        [DataMember(Name = "event_timestamp", EmitDefaultValue = true)]
+        public long EventTimestamp { get; set; }
+
+        /// <summary>
+        /// Gets or Sets ReasonAdmin
+        /// </summary>
+        [DataMember(Name = "reason_admin", EmitDefaultValue = true)]
+        public CaepDeviceComplianceChangeEventReasonAdmin ReasonAdmin { get; set; }
+
+        /// <summary>
+        /// Gets or Sets ReasonUser
+        /// </summary>
+        [DataMember(Name = "reason_user", EmitDefaultValue = true)]
+        public CaepDeviceComplianceChangeEventReasonUser ReasonUser { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Subjects
+        /// </summary>
+        [DataMember(Name = "subjects", EmitDefaultValue = true)]
+        public SecurityEventSubject Subjects { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class CaepDeviceComplianceChangeEvent {\n");
+            sb.Append("  CurrentStatus: ").Append(CurrentStatus).Append("\n");
+            sb.Append("  EventTimestamp: ").Append(EventTimestamp).Append("\n");
+            sb.Append("  InitiatingEntity: ").Append(InitiatingEntity).Append("\n");
+            sb.Append("  PreviousStatus: ").Append(PreviousStatus).Append("\n");
+            sb.Append("  ReasonAdmin: ").Append(ReasonAdmin).Append("\n");
+            sb.Append("  ReasonUser: ").Append(ReasonUser).Append("\n");
+            sb.Append("  Subjects: ").Append(Subjects).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as CaepDeviceComplianceChangeEvent);
+        }
+
+        /// <summary>
+        /// Returns true if CaepDeviceComplianceChangeEvent instances are equal
+        /// </summary>
+        /// <param name="input">Instance of CaepDeviceComplianceChangeEvent to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(CaepDeviceComplianceChangeEvent input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.CurrentStatus == input.CurrentStatus ||
+                    this.CurrentStatus.Equals(input.CurrentStatus)
+                ) && 
+                (
+                    this.EventTimestamp == input.EventTimestamp ||
+                    this.EventTimestamp.Equals(input.EventTimestamp)
+                ) && 
+                (
+                    this.InitiatingEntity == input.InitiatingEntity ||
+                    this.InitiatingEntity.Equals(input.InitiatingEntity)
+                ) && 
+                (
+                    this.PreviousStatus == input.PreviousStatus ||
+                    this.PreviousStatus.Equals(input.PreviousStatus)
+                ) && 
+                (
+                    this.ReasonAdmin == input.ReasonAdmin ||
+                    (this.ReasonAdmin != null &&
+                    this.ReasonAdmin.Equals(input.ReasonAdmin))
+                ) && 
+                (
+                    this.ReasonUser == input.ReasonUser ||
+                    (this.ReasonUser != null &&
+                    this.ReasonUser.Equals(input.ReasonUser))
+                ) && 
+                (
+                    this.Subjects == input.Subjects ||
+                    (this.Subjects != null &&
+                    this.Subjects.Equals(input.Subjects))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.CurrentStatus != null)
+                {
+                    hashCode = (hashCode * 59) + this.CurrentStatus.GetHashCode();
+                }
+                hashCode = (hashCode * 59) + this.EventTimestamp.GetHashCode();
+                if (this.InitiatingEntity != null)
+                {
+                    hashCode = (hashCode * 59) + this.InitiatingEntity.GetHashCode();
+                }
+                if (this.PreviousStatus != null)
+                {
+                    hashCode = (hashCode * 59) + this.PreviousStatus.GetHashCode();
+                }
+                if (this.ReasonAdmin != null)
+                {
+                    hashCode = (hashCode * 59) + this.ReasonAdmin.GetHashCode();
+                }
+                if (this.ReasonUser != null)
+                {
+                    hashCode = (hashCode * 59) + this.ReasonUser.GetHashCode();
+                }
+                if (this.Subjects != null)
+                {
+                    hashCode = (hashCode * 59) + this.Subjects.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/CaepDeviceComplianceChangeEventReasonAdmin.cs b/src/Okta.Sdk/Model/CaepDeviceComplianceChangeEventReasonAdmin.cs
new file mode 100644
index 000000000..839cbce8b
--- /dev/null
+++ b/src/Okta.Sdk/Model/CaepDeviceComplianceChangeEventReasonAdmin.cs
@@ -0,0 +1,120 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// CaepDeviceComplianceChangeEventReasonAdmin
+    /// </summary>
+    [DataContract(Name = "CaepDeviceComplianceChangeEvent_reason_admin")]
+    
+    public partial class CaepDeviceComplianceChangeEventReasonAdmin : IEquatable<CaepDeviceComplianceChangeEventReasonAdmin>
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="CaepDeviceComplianceChangeEventReasonAdmin" /> class.
+        /// </summary>
+        [JsonConstructorAttribute]
+        public CaepDeviceComplianceChangeEventReasonAdmin() { }
+        
+        /// <summary>
+        /// The event reason in English
+        /// </summary>
+        /// <value>The event reason in English</value>
+        [DataMember(Name = "en", EmitDefaultValue = true)]
+        public string En { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class CaepDeviceComplianceChangeEventReasonAdmin {\n");
+            sb.Append("  En: ").Append(En).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as CaepDeviceComplianceChangeEventReasonAdmin);
+        }
+
+        /// <summary>
+        /// Returns true if CaepDeviceComplianceChangeEventReasonAdmin instances are equal
+        /// </summary>
+        /// <param name="input">Instance of CaepDeviceComplianceChangeEventReasonAdmin to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(CaepDeviceComplianceChangeEventReasonAdmin input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.En == input.En ||
+                    (this.En != null &&
+                    this.En.Equals(input.En))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.En != null)
+                {
+                    hashCode = (hashCode * 59) + this.En.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/CaepDeviceComplianceChangeEventReasonUser.cs b/src/Okta.Sdk/Model/CaepDeviceComplianceChangeEventReasonUser.cs
new file mode 100644
index 000000000..68173f9bb
--- /dev/null
+++ b/src/Okta.Sdk/Model/CaepDeviceComplianceChangeEventReasonUser.cs
@@ -0,0 +1,120 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// CaepDeviceComplianceChangeEventReasonUser
+    /// </summary>
+    [DataContract(Name = "CaepDeviceComplianceChangeEvent_reason_user")]
+    
+    public partial class CaepDeviceComplianceChangeEventReasonUser : IEquatable<CaepDeviceComplianceChangeEventReasonUser>
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="CaepDeviceComplianceChangeEventReasonUser" /> class.
+        /// </summary>
+        [JsonConstructorAttribute]
+        public CaepDeviceComplianceChangeEventReasonUser() { }
+        
+        /// <summary>
+        /// The event reason in English
+        /// </summary>
+        /// <value>The event reason in English</value>
+        [DataMember(Name = "en", EmitDefaultValue = true)]
+        public string En { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class CaepDeviceComplianceChangeEventReasonUser {\n");
+            sb.Append("  En: ").Append(En).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as CaepDeviceComplianceChangeEventReasonUser);
+        }
+
+        /// <summary>
+        /// Returns true if CaepDeviceComplianceChangeEventReasonUser instances are equal
+        /// </summary>
+        /// <param name="input">Instance of CaepDeviceComplianceChangeEventReasonUser to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(CaepDeviceComplianceChangeEventReasonUser input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.En == input.En ||
+                    (this.En != null &&
+                    this.En.Equals(input.En))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.En != null)
+                {
+                    hashCode = (hashCode * 59) + this.En.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/CaepSecurityEvent.cs b/src/Okta.Sdk/Model/CaepSecurityEvent.cs
new file mode 100644
index 000000000..4e46468cd
--- /dev/null
+++ b/src/Okta.Sdk/Model/CaepSecurityEvent.cs
@@ -0,0 +1,229 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// CaepSecurityEvent
+    /// </summary>
+    [DataContract(Name = "CaepSecurityEvent")]
+    
+    public partial class CaepSecurityEvent : IEquatable<CaepSecurityEvent>
+    {
+        /// <summary>
+        /// The entity that initiated the event
+        /// </summary>
+        /// <value>The entity that initiated the event</value>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class InitiatingEntityEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum Admin for value: admin
+            /// </summary>
+            
+            public static InitiatingEntityEnum Admin = new InitiatingEntityEnum("admin");
+
+            /// <summary>
+            /// StringEnum User for value: user
+            /// </summary>
+            
+            public static InitiatingEntityEnum User = new InitiatingEntityEnum("user");
+
+            /// <summary>
+            /// StringEnum Policy for value: policy
+            /// </summary>
+            
+            public static InitiatingEntityEnum Policy = new InitiatingEntityEnum("policy");
+
+            /// <summary>
+            /// StringEnum System for value: system
+            /// </summary>
+            
+            public static InitiatingEntityEnum System = new InitiatingEntityEnum("system");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="InitiatingEntityEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator InitiatingEntityEnum(string value) => new InitiatingEntityEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="InitiatingEntity"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public InitiatingEntityEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// The entity that initiated the event
+        /// </summary>
+        /// <value>The entity that initiated the event</value>
+        [DataMember(Name = "initiating_entity", EmitDefaultValue = true)]
+        
+        public InitiatingEntityEnum InitiatingEntity { get; set; }
+        /// <summary>
+        /// Initializes a new instance of the <see cref="CaepSecurityEvent" /> class.
+        /// </summary>
+        [JsonConstructorAttribute]
+        public CaepSecurityEvent() { }
+        
+        /// <summary>
+        /// The time of the event (UNIX timestamp)
+        /// </summary>
+        /// <value>The time of the event (UNIX timestamp)</value>
+        [DataMember(Name = "event_timestamp", EmitDefaultValue = true)]
+        public long EventTimestamp { get; set; }
+
+        /// <summary>
+        /// Gets or Sets ReasonAdmin
+        /// </summary>
+        [DataMember(Name = "reason_admin", EmitDefaultValue = true)]
+        public CaepDeviceComplianceChangeEventReasonAdmin ReasonAdmin { get; set; }
+
+        /// <summary>
+        /// Gets or Sets ReasonUser
+        /// </summary>
+        [DataMember(Name = "reason_user", EmitDefaultValue = true)]
+        public CaepDeviceComplianceChangeEventReasonUser ReasonUser { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Subjects
+        /// </summary>
+        [DataMember(Name = "subjects", EmitDefaultValue = true)]
+        public SecurityEventSubject Subjects { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class CaepSecurityEvent {\n");
+            sb.Append("  EventTimestamp: ").Append(EventTimestamp).Append("\n");
+            sb.Append("  InitiatingEntity: ").Append(InitiatingEntity).Append("\n");
+            sb.Append("  ReasonAdmin: ").Append(ReasonAdmin).Append("\n");
+            sb.Append("  ReasonUser: ").Append(ReasonUser).Append("\n");
+            sb.Append("  Subjects: ").Append(Subjects).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as CaepSecurityEvent);
+        }
+
+        /// <summary>
+        /// Returns true if CaepSecurityEvent instances are equal
+        /// </summary>
+        /// <param name="input">Instance of CaepSecurityEvent to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(CaepSecurityEvent input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.EventTimestamp == input.EventTimestamp ||
+                    this.EventTimestamp.Equals(input.EventTimestamp)
+                ) && 
+                (
+                    this.InitiatingEntity == input.InitiatingEntity ||
+                    this.InitiatingEntity.Equals(input.InitiatingEntity)
+                ) && 
+                (
+                    this.ReasonAdmin == input.ReasonAdmin ||
+                    (this.ReasonAdmin != null &&
+                    this.ReasonAdmin.Equals(input.ReasonAdmin))
+                ) && 
+                (
+                    this.ReasonUser == input.ReasonUser ||
+                    (this.ReasonUser != null &&
+                    this.ReasonUser.Equals(input.ReasonUser))
+                ) && 
+                (
+                    this.Subjects == input.Subjects ||
+                    (this.Subjects != null &&
+                    this.Subjects.Equals(input.Subjects))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                hashCode = (hashCode * 59) + this.EventTimestamp.GetHashCode();
+                if (this.InitiatingEntity != null)
+                {
+                    hashCode = (hashCode * 59) + this.InitiatingEntity.GetHashCode();
+                }
+                if (this.ReasonAdmin != null)
+                {
+                    hashCode = (hashCode * 59) + this.ReasonAdmin.GetHashCode();
+                }
+                if (this.ReasonUser != null)
+                {
+                    hashCode = (hashCode * 59) + this.ReasonUser.GetHashCode();
+                }
+                if (this.Subjects != null)
+                {
+                    hashCode = (hashCode * 59) + this.Subjects.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/CaepSessionRevokedEvent.cs b/src/Okta.Sdk/Model/CaepSessionRevokedEvent.cs
new file mode 100644
index 000000000..1520f69e2
--- /dev/null
+++ b/src/Okta.Sdk/Model/CaepSessionRevokedEvent.cs
@@ -0,0 +1,297 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// The session of the subject was revoked
+    /// </summary>
+    [DataContract(Name = "CaepSessionRevokedEvent")]
+    
+    public partial class CaepSessionRevokedEvent : IEquatable<CaepSessionRevokedEvent>
+    {
+        /// <summary>
+        /// The entity that initiated the event
+        /// </summary>
+        /// <value>The entity that initiated the event</value>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class InitiatingEntityEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum Admin for value: admin
+            /// </summary>
+            
+            public static InitiatingEntityEnum Admin = new InitiatingEntityEnum("admin");
+
+            /// <summary>
+            /// StringEnum User for value: user
+            /// </summary>
+            
+            public static InitiatingEntityEnum User = new InitiatingEntityEnum("user");
+
+            /// <summary>
+            /// StringEnum Policy for value: policy
+            /// </summary>
+            
+            public static InitiatingEntityEnum Policy = new InitiatingEntityEnum("policy");
+
+            /// <summary>
+            /// StringEnum System for value: system
+            /// </summary>
+            
+            public static InitiatingEntityEnum System = new InitiatingEntityEnum("system");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="InitiatingEntityEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator InitiatingEntityEnum(string value) => new InitiatingEntityEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="InitiatingEntity"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public InitiatingEntityEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// The entity that initiated the event
+        /// </summary>
+        /// <value>The entity that initiated the event</value>
+        [DataMember(Name = "initiating_entity", EmitDefaultValue = true)]
+        
+        public InitiatingEntityEnum InitiatingEntity { get; set; }
+        /// <summary>
+        /// Initializes a new instance of the <see cref="CaepSessionRevokedEvent" /> class.
+        /// </summary>
+        [JsonConstructorAttribute]
+        public CaepSessionRevokedEvent() { }
+        
+        /// <summary>
+        /// Current IP of the session
+        /// </summary>
+        /// <value>Current IP of the session</value>
+        [DataMember(Name = "current_ip", EmitDefaultValue = true)]
+        public string CurrentIp { get; set; }
+
+        /// <summary>
+        /// Current User Agent of the session
+        /// </summary>
+        /// <value>Current User Agent of the session</value>
+        [DataMember(Name = "current_user_agent", EmitDefaultValue = true)]
+        public string CurrentUserAgent { get; set; }
+
+        /// <summary>
+        /// The time of the event (UNIX timestamp)
+        /// </summary>
+        /// <value>The time of the event (UNIX timestamp)</value>
+        [DataMember(Name = "event_timestamp", EmitDefaultValue = true)]
+        public long EventTimestamp { get; set; }
+
+        /// <summary>
+        /// Last known IP of the session
+        /// </summary>
+        /// <value>Last known IP of the session</value>
+        [DataMember(Name = "last_known_ip", EmitDefaultValue = true)]
+        public string LastKnownIp { get; set; }
+
+        /// <summary>
+        /// Last known User Agent of the session
+        /// </summary>
+        /// <value>Last known User Agent of the session</value>
+        [DataMember(Name = "last_known_user_agent", EmitDefaultValue = true)]
+        public string LastKnownUserAgent { get; set; }
+
+        /// <summary>
+        /// Gets or Sets ReasonAdmin
+        /// </summary>
+        [DataMember(Name = "reason_admin", EmitDefaultValue = true)]
+        public CaepDeviceComplianceChangeEventReasonAdmin ReasonAdmin { get; set; }
+
+        /// <summary>
+        /// Gets or Sets ReasonUser
+        /// </summary>
+        [DataMember(Name = "reason_user", EmitDefaultValue = true)]
+        public CaepDeviceComplianceChangeEventReasonUser ReasonUser { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Subjects
+        /// </summary>
+        [DataMember(Name = "subjects", EmitDefaultValue = true)]
+        public SecurityEventSubject Subjects { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class CaepSessionRevokedEvent {\n");
+            sb.Append("  CurrentIp: ").Append(CurrentIp).Append("\n");
+            sb.Append("  CurrentUserAgent: ").Append(CurrentUserAgent).Append("\n");
+            sb.Append("  EventTimestamp: ").Append(EventTimestamp).Append("\n");
+            sb.Append("  InitiatingEntity: ").Append(InitiatingEntity).Append("\n");
+            sb.Append("  LastKnownIp: ").Append(LastKnownIp).Append("\n");
+            sb.Append("  LastKnownUserAgent: ").Append(LastKnownUserAgent).Append("\n");
+            sb.Append("  ReasonAdmin: ").Append(ReasonAdmin).Append("\n");
+            sb.Append("  ReasonUser: ").Append(ReasonUser).Append("\n");
+            sb.Append("  Subjects: ").Append(Subjects).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as CaepSessionRevokedEvent);
+        }
+
+        /// <summary>
+        /// Returns true if CaepSessionRevokedEvent instances are equal
+        /// </summary>
+        /// <param name="input">Instance of CaepSessionRevokedEvent to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(CaepSessionRevokedEvent input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.CurrentIp == input.CurrentIp ||
+                    (this.CurrentIp != null &&
+                    this.CurrentIp.Equals(input.CurrentIp))
+                ) && 
+                (
+                    this.CurrentUserAgent == input.CurrentUserAgent ||
+                    (this.CurrentUserAgent != null &&
+                    this.CurrentUserAgent.Equals(input.CurrentUserAgent))
+                ) && 
+                (
+                    this.EventTimestamp == input.EventTimestamp ||
+                    this.EventTimestamp.Equals(input.EventTimestamp)
+                ) && 
+                (
+                    this.InitiatingEntity == input.InitiatingEntity ||
+                    this.InitiatingEntity.Equals(input.InitiatingEntity)
+                ) && 
+                (
+                    this.LastKnownIp == input.LastKnownIp ||
+                    (this.LastKnownIp != null &&
+                    this.LastKnownIp.Equals(input.LastKnownIp))
+                ) && 
+                (
+                    this.LastKnownUserAgent == input.LastKnownUserAgent ||
+                    (this.LastKnownUserAgent != null &&
+                    this.LastKnownUserAgent.Equals(input.LastKnownUserAgent))
+                ) && 
+                (
+                    this.ReasonAdmin == input.ReasonAdmin ||
+                    (this.ReasonAdmin != null &&
+                    this.ReasonAdmin.Equals(input.ReasonAdmin))
+                ) && 
+                (
+                    this.ReasonUser == input.ReasonUser ||
+                    (this.ReasonUser != null &&
+                    this.ReasonUser.Equals(input.ReasonUser))
+                ) && 
+                (
+                    this.Subjects == input.Subjects ||
+                    (this.Subjects != null &&
+                    this.Subjects.Equals(input.Subjects))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.CurrentIp != null)
+                {
+                    hashCode = (hashCode * 59) + this.CurrentIp.GetHashCode();
+                }
+                if (this.CurrentUserAgent != null)
+                {
+                    hashCode = (hashCode * 59) + this.CurrentUserAgent.GetHashCode();
+                }
+                hashCode = (hashCode * 59) + this.EventTimestamp.GetHashCode();
+                if (this.InitiatingEntity != null)
+                {
+                    hashCode = (hashCode * 59) + this.InitiatingEntity.GetHashCode();
+                }
+                if (this.LastKnownIp != null)
+                {
+                    hashCode = (hashCode * 59) + this.LastKnownIp.GetHashCode();
+                }
+                if (this.LastKnownUserAgent != null)
+                {
+                    hashCode = (hashCode * 59) + this.LastKnownUserAgent.GetHashCode();
+                }
+                if (this.ReasonAdmin != null)
+                {
+                    hashCode = (hashCode * 59) + this.ReasonAdmin.GetHashCode();
+                }
+                if (this.ReasonUser != null)
+                {
+                    hashCode = (hashCode * 59) + this.ReasonUser.GetHashCode();
+                }
+                if (this.Subjects != null)
+                {
+                    hashCode = (hashCode * 59) + this.Subjects.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/Call.cs b/src/Okta.Sdk/Model/Call.cs
new file mode 100644
index 000000000..98d2fab25
--- /dev/null
+++ b/src/Okta.Sdk/Model/Call.cs
@@ -0,0 +1,115 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Attempts to activate a &#x60;call&#x60; Factor with the specified passcode.
+    /// </summary>
+    [DataContract(Name = "call")]
+    
+    public partial class Call : IEquatable<Call>
+    {
+        
+        /// <summary>
+        /// OTP for the current time window
+        /// </summary>
+        /// <value>OTP for the current time window</value>
+        [DataMember(Name = "passCode", EmitDefaultValue = true)]
+        public string PassCode { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class Call {\n");
+            sb.Append("  PassCode: ").Append(PassCode).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as Call);
+        }
+
+        /// <summary>
+        /// Returns true if Call instances are equal
+        /// </summary>
+        /// <param name="input">Instance of Call to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(Call input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.PassCode == input.PassCode ||
+                    (this.PassCode != null &&
+                    this.PassCode.Equals(input.PassCode))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.PassCode != null)
+                {
+                    hashCode = (hashCode * 59) + this.PassCode.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/Call1.cs b/src/Okta.Sdk/Model/Call1.cs
new file mode 100644
index 000000000..a0585a043
--- /dev/null
+++ b/src/Okta.Sdk/Model/Call1.cs
@@ -0,0 +1,115 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Verifies an OTP sent by a &#x60;call&#x60; Factor challenge. If you omit &#x60;passCode&#x60; in the request, a new OTP is sent to the phone.
+    /// </summary>
+    [DataContract(Name = "call_1")]
+    
+    public partial class Call1 : IEquatable<Call1>
+    {
+        
+        /// <summary>
+        /// OTP for the current time window
+        /// </summary>
+        /// <value>OTP for the current time window</value>
+        [DataMember(Name = "passCode", EmitDefaultValue = true)]
+        public string PassCode { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class Call1 {\n");
+            sb.Append("  PassCode: ").Append(PassCode).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as Call1);
+        }
+
+        /// <summary>
+        /// Returns true if Call1 instances are equal
+        /// </summary>
+        /// <param name="input">Instance of Call1 to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(Call1 input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.PassCode == input.PassCode ||
+                    (this.PassCode != null &&
+                    this.PassCode.Equals(input.PassCode))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.PassCode != null)
+                {
+                    hashCode = (hashCode * 59) + this.PassCode.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/CapabilitiesCreateObject.cs b/src/Okta.Sdk/Model/CapabilitiesCreateObject.cs
index 24dce509d..af2879e8a 100644
--- a/src/Okta.Sdk/Model/CapabilitiesCreateObject.cs
+++ b/src/Okta.Sdk/Model/CapabilitiesCreateObject.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/CapabilitiesImportRulesObject.cs b/src/Okta.Sdk/Model/CapabilitiesImportRulesObject.cs
new file mode 100644
index 000000000..197e17548
--- /dev/null
+++ b/src/Okta.Sdk/Model/CapabilitiesImportRulesObject.cs
@@ -0,0 +1,114 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Defines user import rules
+    /// </summary>
+    [DataContract(Name = "CapabilitiesImportRulesObject")]
+    
+    public partial class CapabilitiesImportRulesObject : IEquatable<CapabilitiesImportRulesObject>
+    {
+        
+        /// <summary>
+        /// Gets or Sets UserCreateAndMatch
+        /// </summary>
+        [DataMember(Name = "userCreateAndMatch", EmitDefaultValue = true)]
+        public CapabilitiesImportRulesUserCreateAndMatchObject UserCreateAndMatch { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class CapabilitiesImportRulesObject {\n");
+            sb.Append("  UserCreateAndMatch: ").Append(UserCreateAndMatch).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as CapabilitiesImportRulesObject);
+        }
+
+        /// <summary>
+        /// Returns true if CapabilitiesImportRulesObject instances are equal
+        /// </summary>
+        /// <param name="input">Instance of CapabilitiesImportRulesObject to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(CapabilitiesImportRulesObject input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.UserCreateAndMatch == input.UserCreateAndMatch ||
+                    (this.UserCreateAndMatch != null &&
+                    this.UserCreateAndMatch.Equals(input.UserCreateAndMatch))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.UserCreateAndMatch != null)
+                {
+                    hashCode = (hashCode * 59) + this.UserCreateAndMatch.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/CapabilitiesImportRulesUserCreateAndMatchObject.cs b/src/Okta.Sdk/Model/CapabilitiesImportRulesUserCreateAndMatchObject.cs
new file mode 100644
index 000000000..2072eadec
--- /dev/null
+++ b/src/Okta.Sdk/Model/CapabilitiesImportRulesUserCreateAndMatchObject.cs
@@ -0,0 +1,216 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Rules for matching and creating users
+    /// </summary>
+    [DataContract(Name = "CapabilitiesImportRulesUserCreateAndMatchObject")]
+    
+    public partial class CapabilitiesImportRulesUserCreateAndMatchObject : IEquatable<CapabilitiesImportRulesUserCreateAndMatchObject>
+    {
+        /// <summary>
+        /// Determines the attribute to match users
+        /// </summary>
+        /// <value>Determines the attribute to match users</value>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class ExactMatchCriteriaEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum EMAIL for value: EMAIL
+            /// </summary>
+            
+            public static ExactMatchCriteriaEnum EMAIL = new ExactMatchCriteriaEnum("EMAIL");
+
+            /// <summary>
+            /// StringEnum USERNAME for value: USERNAME
+            /// </summary>
+            
+            public static ExactMatchCriteriaEnum USERNAME = new ExactMatchCriteriaEnum("USERNAME");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="ExactMatchCriteriaEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator ExactMatchCriteriaEnum(string value) => new ExactMatchCriteriaEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="ExactMatchCriteria"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public ExactMatchCriteriaEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// Determines the attribute to match users
+        /// </summary>
+        /// <value>Determines the attribute to match users</value>
+        [DataMember(Name = "exactMatchCriteria", EmitDefaultValue = true)]
+        
+        public ExactMatchCriteriaEnum ExactMatchCriteria { get; set; }
+        
+        /// <summary>
+        /// Allows user import upon partial matching. Partial matching occurs when the first and last names of an imported user match those of an existing Okta user, even if the username or email attributes don&#39;t match.
+        /// </summary>
+        /// <value>Allows user import upon partial matching. Partial matching occurs when the first and last names of an imported user match those of an existing Okta user, even if the username or email attributes don&#39;t match.</value>
+        [DataMember(Name = "allowPartialMatch", EmitDefaultValue = true)]
+        public bool AllowPartialMatch { get; set; }
+
+        /// <summary>
+        /// If set to &#x60;true&#x60;, imported new users are automatically activated.
+        /// </summary>
+        /// <value>If set to &#x60;true&#x60;, imported new users are automatically activated.</value>
+        [DataMember(Name = "autoActivateNewUsers", EmitDefaultValue = true)]
+        public bool AutoActivateNewUsers { get; set; }
+
+        /// <summary>
+        /// If set to &#x60;true&#x60;, exact-matched users are automatically confirmed on activation. If set to &#x60;false&#x60;, exact-matched users need to be confirmed manually.
+        /// </summary>
+        /// <value>If set to &#x60;true&#x60;, exact-matched users are automatically confirmed on activation. If set to &#x60;false&#x60;, exact-matched users need to be confirmed manually.</value>
+        [DataMember(Name = "autoConfirmExactMatch", EmitDefaultValue = true)]
+        public bool AutoConfirmExactMatch { get; set; }
+
+        /// <summary>
+        /// If set to &#x60;true&#x60;, imported new users are automatically confirmed on activation. This doesn&#39;t apply to imported users that already exist in Okta.
+        /// </summary>
+        /// <value>If set to &#x60;true&#x60;, imported new users are automatically confirmed on activation. This doesn&#39;t apply to imported users that already exist in Okta.</value>
+        [DataMember(Name = "autoConfirmNewUsers", EmitDefaultValue = true)]
+        public bool AutoConfirmNewUsers { get; set; }
+
+        /// <summary>
+        /// If set to &#x60;true&#x60;, partially matched users are automatically confirmed on activation. If set to &#x60;false&#x60;, partially matched users need to be confirmed manually.
+        /// </summary>
+        /// <value>If set to &#x60;true&#x60;, partially matched users are automatically confirmed on activation. If set to &#x60;false&#x60;, partially matched users need to be confirmed manually.</value>
+        [DataMember(Name = "autoConfirmPartialMatch", EmitDefaultValue = true)]
+        public bool AutoConfirmPartialMatch { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class CapabilitiesImportRulesUserCreateAndMatchObject {\n");
+            sb.Append("  AllowPartialMatch: ").Append(AllowPartialMatch).Append("\n");
+            sb.Append("  AutoActivateNewUsers: ").Append(AutoActivateNewUsers).Append("\n");
+            sb.Append("  AutoConfirmExactMatch: ").Append(AutoConfirmExactMatch).Append("\n");
+            sb.Append("  AutoConfirmNewUsers: ").Append(AutoConfirmNewUsers).Append("\n");
+            sb.Append("  AutoConfirmPartialMatch: ").Append(AutoConfirmPartialMatch).Append("\n");
+            sb.Append("  ExactMatchCriteria: ").Append(ExactMatchCriteria).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as CapabilitiesImportRulesUserCreateAndMatchObject);
+        }
+
+        /// <summary>
+        /// Returns true if CapabilitiesImportRulesUserCreateAndMatchObject instances are equal
+        /// </summary>
+        /// <param name="input">Instance of CapabilitiesImportRulesUserCreateAndMatchObject to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(CapabilitiesImportRulesUserCreateAndMatchObject input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.AllowPartialMatch == input.AllowPartialMatch ||
+                    this.AllowPartialMatch.Equals(input.AllowPartialMatch)
+                ) && 
+                (
+                    this.AutoActivateNewUsers == input.AutoActivateNewUsers ||
+                    this.AutoActivateNewUsers.Equals(input.AutoActivateNewUsers)
+                ) && 
+                (
+                    this.AutoConfirmExactMatch == input.AutoConfirmExactMatch ||
+                    this.AutoConfirmExactMatch.Equals(input.AutoConfirmExactMatch)
+                ) && 
+                (
+                    this.AutoConfirmNewUsers == input.AutoConfirmNewUsers ||
+                    this.AutoConfirmNewUsers.Equals(input.AutoConfirmNewUsers)
+                ) && 
+                (
+                    this.AutoConfirmPartialMatch == input.AutoConfirmPartialMatch ||
+                    this.AutoConfirmPartialMatch.Equals(input.AutoConfirmPartialMatch)
+                ) && 
+                (
+                    this.ExactMatchCriteria == input.ExactMatchCriteria ||
+                    this.ExactMatchCriteria.Equals(input.ExactMatchCriteria)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                hashCode = (hashCode * 59) + this.AllowPartialMatch.GetHashCode();
+                hashCode = (hashCode * 59) + this.AutoActivateNewUsers.GetHashCode();
+                hashCode = (hashCode * 59) + this.AutoConfirmExactMatch.GetHashCode();
+                hashCode = (hashCode * 59) + this.AutoConfirmNewUsers.GetHashCode();
+                hashCode = (hashCode * 59) + this.AutoConfirmPartialMatch.GetHashCode();
+                if (this.ExactMatchCriteria != null)
+                {
+                    hashCode = (hashCode * 59) + this.ExactMatchCriteria.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/CapabilitiesImportSettingsObject.cs b/src/Okta.Sdk/Model/CapabilitiesImportSettingsObject.cs
new file mode 100644
index 000000000..1cbe56d3c
--- /dev/null
+++ b/src/Okta.Sdk/Model/CapabilitiesImportSettingsObject.cs
@@ -0,0 +1,130 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Defines import settings
+    /// </summary>
+    [DataContract(Name = "CapabilitiesImportSettingsObject")]
+    
+    public partial class CapabilitiesImportSettingsObject : IEquatable<CapabilitiesImportSettingsObject>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Schedule
+        /// </summary>
+        [DataMember(Name = "schedule", EmitDefaultValue = true)]
+        public ImportScheduleObject Schedule { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Username
+        /// </summary>
+        [DataMember(Name = "username", EmitDefaultValue = true)]
+        public ImportUsernameObject Username { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class CapabilitiesImportSettingsObject {\n");
+            sb.Append("  Schedule: ").Append(Schedule).Append("\n");
+            sb.Append("  Username: ").Append(Username).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as CapabilitiesImportSettingsObject);
+        }
+
+        /// <summary>
+        /// Returns true if CapabilitiesImportSettingsObject instances are equal
+        /// </summary>
+        /// <param name="input">Instance of CapabilitiesImportSettingsObject to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(CapabilitiesImportSettingsObject input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Schedule == input.Schedule ||
+                    (this.Schedule != null &&
+                    this.Schedule.Equals(input.Schedule))
+                ) && 
+                (
+                    this.Username == input.Username ||
+                    (this.Username != null &&
+                    this.Username.Equals(input.Username))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Schedule != null)
+                {
+                    hashCode = (hashCode * 59) + this.Schedule.GetHashCode();
+                }
+                if (this.Username != null)
+                {
+                    hashCode = (hashCode * 59) + this.Username.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/CapabilitiesInboundProvisioningObject.cs b/src/Okta.Sdk/Model/CapabilitiesInboundProvisioningObject.cs
new file mode 100644
index 000000000..24d289367
--- /dev/null
+++ b/src/Okta.Sdk/Model/CapabilitiesInboundProvisioningObject.cs
@@ -0,0 +1,135 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Defines the configuration for the INBOUND_PROVISIONING feature
+    /// </summary>
+    [DataContract(Name = "CapabilitiesInboundProvisioningObject")]
+    
+    public partial class CapabilitiesInboundProvisioningObject : IEquatable<CapabilitiesInboundProvisioningObject>
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="CapabilitiesInboundProvisioningObject" /> class.
+        /// </summary>
+        [JsonConstructorAttribute]
+        public CapabilitiesInboundProvisioningObject() { }
+        
+        /// <summary>
+        /// Gets or Sets ImportRules
+        /// </summary>
+        [DataMember(Name = "importRules", EmitDefaultValue = true)]
+        public CapabilitiesImportRulesObject ImportRules { get; set; }
+
+        /// <summary>
+        /// Gets or Sets ImportSettings
+        /// </summary>
+        [DataMember(Name = "importSettings", EmitDefaultValue = true)]
+        public CapabilitiesImportSettingsObject ImportSettings { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class CapabilitiesInboundProvisioningObject {\n");
+            sb.Append("  ImportRules: ").Append(ImportRules).Append("\n");
+            sb.Append("  ImportSettings: ").Append(ImportSettings).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as CapabilitiesInboundProvisioningObject);
+        }
+
+        /// <summary>
+        /// Returns true if CapabilitiesInboundProvisioningObject instances are equal
+        /// </summary>
+        /// <param name="input">Instance of CapabilitiesInboundProvisioningObject to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(CapabilitiesInboundProvisioningObject input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.ImportRules == input.ImportRules ||
+                    (this.ImportRules != null &&
+                    this.ImportRules.Equals(input.ImportRules))
+                ) && 
+                (
+                    this.ImportSettings == input.ImportSettings ||
+                    (this.ImportSettings != null &&
+                    this.ImportSettings.Equals(input.ImportSettings))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.ImportRules != null)
+                {
+                    hashCode = (hashCode * 59) + this.ImportRules.GetHashCode();
+                }
+                if (this.ImportSettings != null)
+                {
+                    hashCode = (hashCode * 59) + this.ImportSettings.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/CapabilitiesObject.cs b/src/Okta.Sdk/Model/CapabilitiesObject.cs
index 15b6a7e04..33e54d9a0 100644
--- a/src/Okta.Sdk/Model/CapabilitiesObject.cs
+++ b/src/Okta.Sdk/Model/CapabilitiesObject.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -27,7 +27,7 @@ namespace Okta.Sdk.Model
 {
     /// <summary>
     /// Template: ModelGeneric
-    /// Defines the configurations related to an application feature
+    /// Defines the configurations for the USER_PROVISIONING feature
     /// </summary>
     [DataContract(Name = "CapabilitiesObject")]
     
diff --git a/src/Okta.Sdk/Model/CapabilitiesUpdateObject.cs b/src/Okta.Sdk/Model/CapabilitiesUpdateObject.cs
index 937cacdb6..1f6522924 100644
--- a/src/Okta.Sdk/Model/CapabilitiesUpdateObject.cs
+++ b/src/Okta.Sdk/Model/CapabilitiesUpdateObject.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/CatalogApplication.cs b/src/Okta.Sdk/Model/CatalogApplication.cs
index 6532202b5..48ac3e597 100644
--- a/src/Okta.Sdk/Model/CatalogApplication.cs
+++ b/src/Okta.Sdk/Model/CatalogApplication.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/CatalogApplicationStatus.cs b/src/Okta.Sdk/Model/CatalogApplicationStatus.cs
index 1bf6e2aaa..388c271eb 100644
--- a/src/Okta.Sdk/Model/CatalogApplicationStatus.cs
+++ b/src/Okta.Sdk/Model/CatalogApplicationStatus.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/ChallengeType.cs b/src/Okta.Sdk/Model/ChallengeType.cs
new file mode 100644
index 000000000..e6519bd30
--- /dev/null
+++ b/src/Okta.Sdk/Model/ChallengeType.cs
@@ -0,0 +1,60 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Defines ChallengeType
+    /// </summary>
+    [JsonConverter(typeof(StringEnumSerializingConverter))]
+    public sealed class ChallengeType : StringEnum
+    {
+        /// <summary>
+        /// StringEnum ChallengeType for value: http://auth0.com/oauth/grant-type/mfa-oob
+        /// </summary>
+        public static ChallengeType Oob = new ChallengeType("http://auth0.com/oauth/grant-type/mfa-oob");
+        /// <summary>
+        /// StringEnum ChallengeType for value: http://auth0.com/oauth/grant-type/mfa-otp
+        /// </summary>
+        public static ChallengeType Otp = new ChallengeType("http://auth0.com/oauth/grant-type/mfa-otp");
+
+        /// <summary>
+        /// Implicit operator declaration to accept and convert a string value as a <see cref="ChallengeType"/>
+        /// </summary>
+        /// <param name="value">The value to use</param>
+        public static implicit operator ChallengeType(string value) => new ChallengeType(value);
+
+        /// <summary>
+        /// Creates a new <see cref="ChallengeType"/> instance.
+        /// </summary>
+        /// <param name="value">The value to use.</param>
+        public ChallengeType(string value)
+            : base(value)
+        {
+        }
+    }
+
+
+}
diff --git a/src/Okta.Sdk/Model/ChangeEnum.cs b/src/Okta.Sdk/Model/ChangeEnum.cs
index ae5c5eeb0..348821160 100644
--- a/src/Okta.Sdk/Model/ChangeEnum.cs
+++ b/src/Okta.Sdk/Model/ChangeEnum.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/ChangePasswordRequest.cs b/src/Okta.Sdk/Model/ChangePasswordRequest.cs
index 013b62a69..727dbab93 100644
--- a/src/Okta.Sdk/Model/ChangePasswordRequest.cs
+++ b/src/Okta.Sdk/Model/ChangePasswordRequest.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/Channel.cs b/src/Okta.Sdk/Model/Channel.cs
new file mode 100644
index 000000000..64710ee7c
--- /dev/null
+++ b/src/Okta.Sdk/Model/Channel.cs
@@ -0,0 +1,65 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// The out-of-band channel for use with authentication. Required for all &#x60;/oob-authenticate&#x60; requests and any &#x60;/challenge&#x60; request with an out-of-band authenticator.
+    /// </summary>
+    /// <value>The out-of-band channel for use with authentication. Required for all &#x60;/oob-authenticate&#x60; requests and any &#x60;/challenge&#x60; request with an out-of-band authenticator.</value>
+    [JsonConverter(typeof(StringEnumSerializingConverter))]
+    public sealed class Channel : StringEnum
+    {
+        /// <summary>
+        /// StringEnum Channel for value: push
+        /// </summary>
+        public static Channel Push = new Channel("push");
+        /// <summary>
+        /// StringEnum Channel for value: sms
+        /// </summary>
+        public static Channel Sms = new Channel("sms");
+        /// <summary>
+        /// StringEnum Channel for value: voice
+        /// </summary>
+        public static Channel Voice = new Channel("voice");
+
+        /// <summary>
+        /// Implicit operator declaration to accept and convert a string value as a <see cref="Channel"/>
+        /// </summary>
+        /// <param name="value">The value to use</param>
+        public static implicit operator Channel(string value) => new Channel(value);
+
+        /// <summary>
+        /// Creates a new <see cref="Channel"/> instance.
+        /// </summary>
+        /// <param name="value">The value to use.</param>
+        public Channel(string value)
+            : base(value)
+        {
+        }
+    }
+
+
+}
diff --git a/src/Okta.Sdk/Model/ChannelBinding.cs b/src/Okta.Sdk/Model/ChannelBinding.cs
index 66ee16521..5709ef3cc 100644
--- a/src/Okta.Sdk/Model/ChannelBinding.cs
+++ b/src/Okta.Sdk/Model/ChannelBinding.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -40,13 +40,43 @@ public partial class ChannelBinding : IEquatable<ChannelBinding>
         [DataMember(Name = "required", EmitDefaultValue = true)]
         
         public RequiredEnum Required { get; set; }
-        
+        /// <summary>
+        /// Defines Style
+        /// </summary>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class StyleEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum NUMBERCHALLENGE for value: NUMBER_CHALLENGE
+            /// </summary>
+            
+            public static StyleEnum NUMBERCHALLENGE = new StyleEnum("NUMBER_CHALLENGE");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="StyleEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator StyleEnum(string value) => new StyleEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="Style"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public StyleEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
         /// <summary>
         /// Gets or Sets Style
         /// </summary>
         [DataMember(Name = "style", EmitDefaultValue = true)]
-        public string Style { get; set; }
-
+        
+        public StyleEnum Style { get; set; }
+        
         /// <summary>
         /// Returns the string presentation of the object
         /// </summary>
@@ -98,8 +128,7 @@ public bool Equals(ChannelBinding input)
                 ) && 
                 (
                     this.Style == input.Style ||
-                    (this.Style != null &&
-                    this.Style.Equals(input.Style))
+                    this.Style.Equals(input.Style)
                 );
         }
 
diff --git a/src/Okta.Sdk/Model/ChromeBrowserVersion.cs b/src/Okta.Sdk/Model/ChromeBrowserVersion.cs
index e70e19f03..6908f5d9f 100644
--- a/src/Okta.Sdk/Model/ChromeBrowserVersion.cs
+++ b/src/Okta.Sdk/Model/ChromeBrowserVersion.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/ClientPolicyCondition.cs b/src/Okta.Sdk/Model/ClientPolicyCondition.cs
index 5538119ba..ad9d19f6b 100644
--- a/src/Okta.Sdk/Model/ClientPolicyCondition.cs
+++ b/src/Okta.Sdk/Model/ClientPolicyCondition.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/ClientPrivilegesSetting.cs b/src/Okta.Sdk/Model/ClientPrivilegesSetting.cs
new file mode 100644
index 000000000..397c85fdd
--- /dev/null
+++ b/src/Okta.Sdk/Model/ClientPrivilegesSetting.cs
@@ -0,0 +1,110 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// The org setting that assigns the super admin role by default to a public client app
+    /// </summary>
+    [DataContract(Name = "ClientPrivilegesSetting")]
+    
+    public partial class ClientPrivilegesSetting : IEquatable<ClientPrivilegesSetting>
+    {
+        
+        /// <summary>
+        /// Gets or Sets _ClientPrivilegesSetting
+        /// </summary>
+        [DataMember(Name = "clientPrivilegesSetting", EmitDefaultValue = true)]
+        public bool _ClientPrivilegesSetting { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class ClientPrivilegesSetting {\n");
+            sb.Append("  _ClientPrivilegesSetting: ").Append(_ClientPrivilegesSetting).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as ClientPrivilegesSetting);
+        }
+
+        /// <summary>
+        /// Returns true if ClientPrivilegesSetting instances are equal
+        /// </summary>
+        /// <param name="input">Instance of ClientPrivilegesSetting to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(ClientPrivilegesSetting input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this._ClientPrivilegesSetting == input._ClientPrivilegesSetting ||
+                    this._ClientPrivilegesSetting.Equals(input._ClientPrivilegesSetting)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                hashCode = (hashCode * 59) + this._ClientPrivilegesSetting.GetHashCode();
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/CodeChallengeMethod.cs b/src/Okta.Sdk/Model/CodeChallengeMethod.cs
new file mode 100644
index 000000000..b516d76b2
--- /dev/null
+++ b/src/Okta.Sdk/Model/CodeChallengeMethod.cs
@@ -0,0 +1,56 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Defines CodeChallengeMethod
+    /// </summary>
+    [JsonConverter(typeof(StringEnumSerializingConverter))]
+    public sealed class CodeChallengeMethod : StringEnum
+    {
+        /// <summary>
+        /// StringEnum CodeChallengeMethod for value: S256
+        /// </summary>
+        public static CodeChallengeMethod S256 = new CodeChallengeMethod("S256");
+
+        /// <summary>
+        /// Implicit operator declaration to accept and convert a string value as a <see cref="CodeChallengeMethod"/>
+        /// </summary>
+        /// <param name="value">The value to use</param>
+        public static implicit operator CodeChallengeMethod(string value) => new CodeChallengeMethod(value);
+
+        /// <summary>
+        /// Creates a new <see cref="CodeChallengeMethod"/> instance.
+        /// </summary>
+        /// <param name="value">The value to use.</param>
+        public CodeChallengeMethod(string value)
+            : base(value)
+        {
+        }
+    }
+
+
+}
diff --git a/src/Okta.Sdk/Model/Compliance.cs b/src/Okta.Sdk/Model/Compliance.cs
index 66a3dcabf..5fb579e8f 100644
--- a/src/Okta.Sdk/Model/Compliance.cs
+++ b/src/Okta.Sdk/Model/Compliance.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/Conditions.cs b/src/Okta.Sdk/Model/Conditions.cs
new file mode 100644
index 000000000..112125626
--- /dev/null
+++ b/src/Okta.Sdk/Model/Conditions.cs
@@ -0,0 +1,130 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Conditions
+    /// </summary>
+    [DataContract(Name = "Conditions")]
+    
+    public partial class Conditions : IEquatable<Conditions>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Expression
+        /// </summary>
+        [DataMember(Name = "expression", EmitDefaultValue = true)]
+        public Expression Expression { get; set; }
+
+        /// <summary>
+        /// Gets or Sets ProfileSourceId
+        /// </summary>
+        [DataMember(Name = "profileSourceId", EmitDefaultValue = true)]
+        public string ProfileSourceId { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class Conditions {\n");
+            sb.Append("  Expression: ").Append(Expression).Append("\n");
+            sb.Append("  ProfileSourceId: ").Append(ProfileSourceId).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as Conditions);
+        }
+
+        /// <summary>
+        /// Returns true if Conditions instances are equal
+        /// </summary>
+        /// <param name="input">Instance of Conditions to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(Conditions input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Expression == input.Expression ||
+                    (this.Expression != null &&
+                    this.Expression.Equals(input.Expression))
+                ) && 
+                (
+                    this.ProfileSourceId == input.ProfileSourceId ||
+                    (this.ProfileSourceId != null &&
+                    this.ProfileSourceId.Equals(input.ProfileSourceId))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Expression != null)
+                {
+                    hashCode = (hashCode * 59) + this.Expression.GetHashCode();
+                }
+                if (this.ProfileSourceId != null)
+                {
+                    hashCode = (hashCode * 59) + this.ProfileSourceId.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/ContentSecurityPolicySetting.cs b/src/Okta.Sdk/Model/ContentSecurityPolicySetting.cs
index 2e560ebec..d38f96a10 100644
--- a/src/Okta.Sdk/Model/ContentSecurityPolicySetting.cs
+++ b/src/Okta.Sdk/Model/ContentSecurityPolicySetting.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/ContextPolicyRuleCondition.cs b/src/Okta.Sdk/Model/ContextPolicyRuleCondition.cs
index 45c83a484..23384f3de 100644
--- a/src/Okta.Sdk/Model/ContextPolicyRuleCondition.cs
+++ b/src/Okta.Sdk/Model/ContextPolicyRuleCondition.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/ContinuousAccessFailureActionsObject.cs b/src/Okta.Sdk/Model/ContinuousAccessFailureActionsObject.cs
new file mode 100644
index 000000000..3934663fe
--- /dev/null
+++ b/src/Okta.Sdk/Model/ContinuousAccessFailureActionsObject.cs
@@ -0,0 +1,153 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using JsonSubTypes;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// ContinuousAccessFailureActionsObject
+    /// </summary>
+    [DataContract(Name = "ContinuousAccessFailureActionsObject")]
+    [JsonConverter(typeof(JsonSubtypes), "Action")]
+    [JsonSubtypes.KnownSubType(typeof(ContinuousAccessPolicyRuleRunWorkflow), "RUN_WORKFLOW")]
+    [JsonSubtypes.KnownSubType(typeof(ContinuousAccessPolicyRuleTerminateSession), "TERMINATE_SESSION")]
+    
+    public partial class ContinuousAccessFailureActionsObject : IEquatable<ContinuousAccessFailureActionsObject>
+    {
+        /// <summary>
+        /// Defines Action
+        /// </summary>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class ActionEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum RUNWORKFLOW for value: RUN_WORKFLOW
+            /// </summary>
+            
+            public static ActionEnum RUNWORKFLOW = new ActionEnum("RUN_WORKFLOW");
+
+            /// <summary>
+            /// StringEnum TERMINATESESSION for value: TERMINATE_SESSION
+            /// </summary>
+            
+            public static ActionEnum TERMINATESESSION = new ActionEnum("TERMINATE_SESSION");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="ActionEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator ActionEnum(string value) => new ActionEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="Action"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public ActionEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// Gets or Sets Action
+        /// </summary>
+        [DataMember(Name = "action", EmitDefaultValue = true)]
+        
+        public ActionEnum Action { get; set; }
+        
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class ContinuousAccessFailureActionsObject {\n");
+            sb.Append("  Action: ").Append(Action).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as ContinuousAccessFailureActionsObject);
+        }
+
+        /// <summary>
+        /// Returns true if ContinuousAccessFailureActionsObject instances are equal
+        /// </summary>
+        /// <param name="input">Instance of ContinuousAccessFailureActionsObject to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(ContinuousAccessFailureActionsObject input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Action == input.Action ||
+                    this.Action.Equals(input.Action)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Action != null)
+                {
+                    hashCode = (hashCode * 59) + this.Action.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/ContinuousAccessPolicy.cs b/src/Okta.Sdk/Model/ContinuousAccessPolicy.cs
new file mode 100644
index 000000000..1dd82f960
--- /dev/null
+++ b/src/Okta.Sdk/Model/ContinuousAccessPolicy.cs
@@ -0,0 +1,126 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using JsonSubTypes;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// ContinuousAccessPolicy
+    /// </summary>
+    [DataContract(Name = "ContinuousAccessPolicy")]
+    [JsonConverter(typeof(JsonSubtypes), "Type")]
+    [JsonSubtypes.KnownSubType(typeof(AccessPolicy), "ACCESS_POLICY")]
+    [JsonSubtypes.KnownSubType(typeof(ContinuousAccessPolicy), "CONTINUOUS_ACCESS")]
+    [JsonSubtypes.KnownSubType(typeof(EntityRiskPolicy), "ENTITY_RISK")]
+    [JsonSubtypes.KnownSubType(typeof(IdpDiscoveryPolicy), "IDP_DISCOVERY")]
+    [JsonSubtypes.KnownSubType(typeof(MultifactorEnrollmentPolicy), "MFA_ENROLL")]
+    [JsonSubtypes.KnownSubType(typeof(OktaSignOnPolicy), "OKTA_SIGN_ON")]
+    [JsonSubtypes.KnownSubType(typeof(PasswordPolicy), "PASSWORD")]
+    [JsonSubtypes.KnownSubType(typeof(ProfileEnrollmentPolicy), "PROFILE_ENROLLMENT")]
+    
+    public partial class ContinuousAccessPolicy : Policy, IEquatable<ContinuousAccessPolicy>
+    {
+        
+        /// <summary>
+        /// Policy conditions aren&#39;t supported for this policy type.
+        /// </summary>
+        /// <value>Policy conditions aren&#39;t supported for this policy type.</value>
+        [DataMember(Name = "conditions", EmitDefaultValue = true)]
+        public string Conditions { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class ContinuousAccessPolicy {\n");
+            sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
+            sb.Append("  Conditions: ").Append(Conditions).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as ContinuousAccessPolicy);
+        }
+
+        /// <summary>
+        /// Returns true if ContinuousAccessPolicy instances are equal
+        /// </summary>
+        /// <param name="input">Instance of ContinuousAccessPolicy to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(ContinuousAccessPolicy input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return base.Equals(input) && 
+                (
+                    this.Conditions == input.Conditions ||
+                    (this.Conditions != null &&
+                    this.Conditions.Equals(input.Conditions))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = base.GetHashCode();
+                
+                if (this.Conditions != null)
+                {
+                    hashCode = (hashCode * 59) + this.Conditions.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/ContinuousAccessPolicyRule.cs b/src/Okta.Sdk/Model/ContinuousAccessPolicyRule.cs
new file mode 100644
index 000000000..b71ab4da9
--- /dev/null
+++ b/src/Okta.Sdk/Model/ContinuousAccessPolicyRule.cs
@@ -0,0 +1,141 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using JsonSubTypes;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// ContinuousAccessPolicyRule
+    /// </summary>
+    [DataContract(Name = "ContinuousAccessPolicyRule")]
+    [JsonConverter(typeof(JsonSubtypes), "Type")]
+    [JsonSubtypes.KnownSubType(typeof(AccessPolicyRule), "ACCESS_POLICY")]
+    [JsonSubtypes.KnownSubType(typeof(ContinuousAccessPolicyRule), "CONTINUOUS_ACCESS")]
+    [JsonSubtypes.KnownSubType(typeof(EntityRiskPolicyRule), "ENTITY_RISK")]
+    [JsonSubtypes.KnownSubType(typeof(IdpDiscoveryPolicyRule), "IDP_DISCOVERY")]
+    [JsonSubtypes.KnownSubType(typeof(PasswordPolicyRule), "PASSWORD")]
+    [JsonSubtypes.KnownSubType(typeof(ProfileEnrollmentPolicyRule), "PROFILE_ENROLLMENT")]
+    [JsonSubtypes.KnownSubType(typeof(AuthorizationServerPolicyRule), "RESOURCE_ACCESS")]
+    [JsonSubtypes.KnownSubType(typeof(OktaSignOnPolicyRule), "SIGN_ON")]
+    
+    public partial class ContinuousAccessPolicyRule : PolicyRule, IEquatable<ContinuousAccessPolicyRule>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Actions
+        /// </summary>
+        [DataMember(Name = "actions", EmitDefaultValue = true)]
+        public ContinuousAccessPolicyRuleAllOfActions Actions { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Conditions
+        /// </summary>
+        [DataMember(Name = "conditions", EmitDefaultValue = true)]
+        public ContinuousAccessPolicyRuleAllOfConditions Conditions { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class ContinuousAccessPolicyRule {\n");
+            sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
+            sb.Append("  Actions: ").Append(Actions).Append("\n");
+            sb.Append("  Conditions: ").Append(Conditions).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as ContinuousAccessPolicyRule);
+        }
+
+        /// <summary>
+        /// Returns true if ContinuousAccessPolicyRule instances are equal
+        /// </summary>
+        /// <param name="input">Instance of ContinuousAccessPolicyRule to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(ContinuousAccessPolicyRule input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return base.Equals(input) && 
+                (
+                    this.Actions == input.Actions ||
+                    (this.Actions != null &&
+                    this.Actions.Equals(input.Actions))
+                ) && base.Equals(input) && 
+                (
+                    this.Conditions == input.Conditions ||
+                    (this.Conditions != null &&
+                    this.Conditions.Equals(input.Conditions))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = base.GetHashCode();
+                
+                if (this.Actions != null)
+                {
+                    hashCode = (hashCode * 59) + this.Actions.GetHashCode();
+                }
+                if (this.Conditions != null)
+                {
+                    hashCode = (hashCode * 59) + this.Conditions.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/ContinuousAccessPolicyRuleAllOfActions.cs b/src/Okta.Sdk/Model/ContinuousAccessPolicyRuleAllOfActions.cs
new file mode 100644
index 000000000..61e17a14f
--- /dev/null
+++ b/src/Okta.Sdk/Model/ContinuousAccessPolicyRuleAllOfActions.cs
@@ -0,0 +1,114 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// The action to take in response to a failure of the reevaluated global session policy or authentication polices.
+    /// </summary>
+    [DataContract(Name = "ContinuousAccessPolicyRule_allOf_actions")]
+    
+    public partial class ContinuousAccessPolicyRuleAllOfActions : IEquatable<ContinuousAccessPolicyRuleAllOfActions>
+    {
+        
+        /// <summary>
+        /// Gets or Sets ContinuousAccess
+        /// </summary>
+        [DataMember(Name = "continuousAccess", EmitDefaultValue = true)]
+        public ContinuousAccessPolicyRuleAllOfActionsContinuousAccess ContinuousAccess { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class ContinuousAccessPolicyRuleAllOfActions {\n");
+            sb.Append("  ContinuousAccess: ").Append(ContinuousAccess).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as ContinuousAccessPolicyRuleAllOfActions);
+        }
+
+        /// <summary>
+        /// Returns true if ContinuousAccessPolicyRuleAllOfActions instances are equal
+        /// </summary>
+        /// <param name="input">Instance of ContinuousAccessPolicyRuleAllOfActions to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(ContinuousAccessPolicyRuleAllOfActions input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.ContinuousAccess == input.ContinuousAccess ||
+                    (this.ContinuousAccess != null &&
+                    this.ContinuousAccess.Equals(input.ContinuousAccess))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.ContinuousAccess != null)
+                {
+                    hashCode = (hashCode * 59) + this.ContinuousAccess.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/ContinuousAccessPolicyRuleAllOfActionsContinuousAccess.cs b/src/Okta.Sdk/Model/ContinuousAccessPolicyRuleAllOfActionsContinuousAccess.cs
new file mode 100644
index 000000000..912ce5fef
--- /dev/null
+++ b/src/Okta.Sdk/Model/ContinuousAccessPolicyRuleAllOfActionsContinuousAccess.cs
@@ -0,0 +1,116 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// This object contains a &#x60;failureActions&#x60; array that defines the specific action to take when Continuous Access evaluation detects a failure.
+    /// </summary>
+    [DataContract(Name = "ContinuousAccessPolicyRule_allOf_actions_continuousAccess")]
+    
+    public partial class ContinuousAccessPolicyRuleAllOfActionsContinuousAccess : IEquatable<ContinuousAccessPolicyRuleAllOfActionsContinuousAccess>
+    {
+        
+        /// <summary>
+        /// An array of objects that define the action. It can be empty or contain two &#x60;action&#x60; value pairs.
+        /// </summary>
+        /// <value>An array of objects that define the action. It can be empty or contain two &#x60;action&#x60; value pairs.</value>
+        [DataMember(Name = "failureActions", EmitDefaultValue = true)]
+        public List<ContinuousAccessFailureActionsObject> FailureActions { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class ContinuousAccessPolicyRuleAllOfActionsContinuousAccess {\n");
+            sb.Append("  FailureActions: ").Append(FailureActions).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as ContinuousAccessPolicyRuleAllOfActionsContinuousAccess);
+        }
+
+        /// <summary>
+        /// Returns true if ContinuousAccessPolicyRuleAllOfActionsContinuousAccess instances are equal
+        /// </summary>
+        /// <param name="input">Instance of ContinuousAccessPolicyRuleAllOfActionsContinuousAccess to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(ContinuousAccessPolicyRuleAllOfActionsContinuousAccess input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.FailureActions == input.FailureActions ||
+                    this.FailureActions != null &&
+                    input.FailureActions != null &&
+                    this.FailureActions.SequenceEqual(input.FailureActions)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.FailureActions != null)
+                {
+                    hashCode = (hashCode * 59) + this.FailureActions.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/ContinuousAccessPolicyRuleAllOfConditions.cs b/src/Okta.Sdk/Model/ContinuousAccessPolicyRuleAllOfConditions.cs
new file mode 100644
index 000000000..b91754b9a
--- /dev/null
+++ b/src/Okta.Sdk/Model/ContinuousAccessPolicyRuleAllOfConditions.cs
@@ -0,0 +1,114 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// ContinuousAccessPolicyRuleAllOfConditions
+    /// </summary>
+    [DataContract(Name = "ContinuousAccessPolicyRule_allOf_conditions")]
+    
+    public partial class ContinuousAccessPolicyRuleAllOfConditions : IEquatable<ContinuousAccessPolicyRuleAllOfConditions>
+    {
+        
+        /// <summary>
+        /// Gets or Sets People
+        /// </summary>
+        [DataMember(Name = "people", EmitDefaultValue = true)]
+        public PolicyPeopleCondition People { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class ContinuousAccessPolicyRuleAllOfConditions {\n");
+            sb.Append("  People: ").Append(People).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as ContinuousAccessPolicyRuleAllOfConditions);
+        }
+
+        /// <summary>
+        /// Returns true if ContinuousAccessPolicyRuleAllOfConditions instances are equal
+        /// </summary>
+        /// <param name="input">Instance of ContinuousAccessPolicyRuleAllOfConditions to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(ContinuousAccessPolicyRuleAllOfConditions input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.People == input.People ||
+                    (this.People != null &&
+                    this.People.Equals(input.People))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.People != null)
+                {
+                    hashCode = (hashCode * 59) + this.People.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/ContinuousAccessPolicyRuleRunWorkflow.cs b/src/Okta.Sdk/Model/ContinuousAccessPolicyRuleRunWorkflow.cs
new file mode 100644
index 000000000..43be1ed5d
--- /dev/null
+++ b/src/Okta.Sdk/Model/ContinuousAccessPolicyRuleRunWorkflow.cs
@@ -0,0 +1,159 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// ContinuousAccessPolicyRuleRunWorkflow
+    /// </summary>
+    [DataContract(Name = "ContinuousAccessPolicyRuleRunWorkflow")]
+    
+    public partial class ContinuousAccessPolicyRuleRunWorkflow : IEquatable<ContinuousAccessPolicyRuleRunWorkflow>
+    {
+        /// <summary>
+        /// Defines Action
+        /// </summary>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class ActionEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum RUNWORKFLOW for value: RUN_WORKFLOW
+            /// </summary>
+            
+            public static ActionEnum RUNWORKFLOW = new ActionEnum("RUN_WORKFLOW");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="ActionEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator ActionEnum(string value) => new ActionEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="Action"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public ActionEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// Gets or Sets Action
+        /// </summary>
+        [DataMember(Name = "action", EmitDefaultValue = true)]
+        
+        public ActionEnum Action { get; set; }
+        
+        /// <summary>
+        /// Gets or Sets Workflow
+        /// </summary>
+        [DataMember(Name = "workflow", EmitDefaultValue = true)]
+        public ContinuousAccessPolicyRuleRunWorkflowWorkflow Workflow { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class ContinuousAccessPolicyRuleRunWorkflow {\n");
+            sb.Append("  Action: ").Append(Action).Append("\n");
+            sb.Append("  Workflow: ").Append(Workflow).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as ContinuousAccessPolicyRuleRunWorkflow);
+        }
+
+        /// <summary>
+        /// Returns true if ContinuousAccessPolicyRuleRunWorkflow instances are equal
+        /// </summary>
+        /// <param name="input">Instance of ContinuousAccessPolicyRuleRunWorkflow to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(ContinuousAccessPolicyRuleRunWorkflow input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Action == input.Action ||
+                    this.Action.Equals(input.Action)
+                ) && 
+                (
+                    this.Workflow == input.Workflow ||
+                    (this.Workflow != null &&
+                    this.Workflow.Equals(input.Workflow))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Action != null)
+                {
+                    hashCode = (hashCode * 59) + this.Action.GetHashCode();
+                }
+                if (this.Workflow != null)
+                {
+                    hashCode = (hashCode * 59) + this.Workflow.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/ContinuousAccessPolicyRuleRunWorkflowWorkflow.cs b/src/Okta.Sdk/Model/ContinuousAccessPolicyRuleRunWorkflowWorkflow.cs
new file mode 100644
index 000000000..489859c59
--- /dev/null
+++ b/src/Okta.Sdk/Model/ContinuousAccessPolicyRuleRunWorkflowWorkflow.cs
@@ -0,0 +1,111 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// This action runs a workflow
+    /// </summary>
+    [DataContract(Name = "ContinuousAccessPolicyRuleRunWorkflow_workflow")]
+    
+    public partial class ContinuousAccessPolicyRuleRunWorkflowWorkflow : IEquatable<ContinuousAccessPolicyRuleRunWorkflowWorkflow>
+    {
+        
+        /// <summary>
+        /// The &#x60;id&#x60; of the workflow that runs.
+        /// </summary>
+        /// <value>The &#x60;id&#x60; of the workflow that runs.</value>
+        [DataMember(Name = "id", EmitDefaultValue = true)]
+        public int Id { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class ContinuousAccessPolicyRuleRunWorkflowWorkflow {\n");
+            sb.Append("  Id: ").Append(Id).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as ContinuousAccessPolicyRuleRunWorkflowWorkflow);
+        }
+
+        /// <summary>
+        /// Returns true if ContinuousAccessPolicyRuleRunWorkflowWorkflow instances are equal
+        /// </summary>
+        /// <param name="input">Instance of ContinuousAccessPolicyRuleRunWorkflowWorkflow to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(ContinuousAccessPolicyRuleRunWorkflowWorkflow input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Id == input.Id ||
+                    this.Id.Equals(input.Id)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                hashCode = (hashCode * 59) + this.Id.GetHashCode();
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/ContinuousAccessPolicyRuleTerminateSession.cs b/src/Okta.Sdk/Model/ContinuousAccessPolicyRuleTerminateSession.cs
new file mode 100644
index 000000000..10709340f
--- /dev/null
+++ b/src/Okta.Sdk/Model/ContinuousAccessPolicyRuleTerminateSession.cs
@@ -0,0 +1,161 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// ContinuousAccessPolicyRuleTerminateSession
+    /// </summary>
+    [DataContract(Name = "ContinuousAccessPolicyRuleTerminateSession")]
+    
+    public partial class ContinuousAccessPolicyRuleTerminateSession : IEquatable<ContinuousAccessPolicyRuleTerminateSession>
+    {
+        /// <summary>
+        /// The action to take when Continuous Access evaluation detects a failure.
+        /// </summary>
+        /// <value>The action to take when Continuous Access evaluation detects a failure.</value>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class ActionEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum TERMINATESESSION for value: TERMINATE_SESSION
+            /// </summary>
+            
+            public static ActionEnum TERMINATESESSION = new ActionEnum("TERMINATE_SESSION");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="ActionEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator ActionEnum(string value) => new ActionEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="Action"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public ActionEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// The action to take when Continuous Access evaluation detects a failure.
+        /// </summary>
+        /// <value>The action to take when Continuous Access evaluation detects a failure.</value>
+        [DataMember(Name = "action", EmitDefaultValue = true)]
+        
+        public ActionEnum Action { get; set; }
+        
+        /// <summary>
+        /// Gets or Sets Slo
+        /// </summary>
+        [DataMember(Name = "slo", EmitDefaultValue = true)]
+        public ContinuousAccessPolicyRuleTerminateSessionSlo Slo { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class ContinuousAccessPolicyRuleTerminateSession {\n");
+            sb.Append("  Action: ").Append(Action).Append("\n");
+            sb.Append("  Slo: ").Append(Slo).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as ContinuousAccessPolicyRuleTerminateSession);
+        }
+
+        /// <summary>
+        /// Returns true if ContinuousAccessPolicyRuleTerminateSession instances are equal
+        /// </summary>
+        /// <param name="input">Instance of ContinuousAccessPolicyRuleTerminateSession to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(ContinuousAccessPolicyRuleTerminateSession input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Action == input.Action ||
+                    this.Action.Equals(input.Action)
+                ) && 
+                (
+                    this.Slo == input.Slo ||
+                    (this.Slo != null &&
+                    this.Slo.Equals(input.Slo))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Action != null)
+                {
+                    hashCode = (hashCode * 59) + this.Action.GetHashCode();
+                }
+                if (this.Slo != null)
+                {
+                    hashCode = (hashCode * 59) + this.Slo.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/ContinuousAccessPolicyRuleTerminateSessionSlo.cs b/src/Okta.Sdk/Model/ContinuousAccessPolicyRuleTerminateSessionSlo.cs
new file mode 100644
index 000000000..ae53a1def
--- /dev/null
+++ b/src/Okta.Sdk/Model/ContinuousAccessPolicyRuleTerminateSessionSlo.cs
@@ -0,0 +1,175 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// ContinuousAccessPolicyRuleTerminateSessionSlo
+    /// </summary>
+    [DataContract(Name = "ContinuousAccessPolicyRuleTerminateSession_slo")]
+    
+    public partial class ContinuousAccessPolicyRuleTerminateSessionSlo : IEquatable<ContinuousAccessPolicyRuleTerminateSessionSlo>
+    {
+        /// <summary>
+        /// This property defines the session to terminate - everyone, no one, or a specific app instance.
+        /// </summary>
+        /// <value>This property defines the session to terminate - everyone, no one, or a specific app instance.</value>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class AppSelectionModeEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum SPECIFIC for value: SPECIFIC
+            /// </summary>
+            
+            public static AppSelectionModeEnum SPECIFIC = new AppSelectionModeEnum("SPECIFIC");
+
+            /// <summary>
+            /// StringEnum ALL for value: ALL
+            /// </summary>
+            
+            public static AppSelectionModeEnum ALL = new AppSelectionModeEnum("ALL");
+
+            /// <summary>
+            /// StringEnum NONE for value: NONE
+            /// </summary>
+            
+            public static AppSelectionModeEnum NONE = new AppSelectionModeEnum("NONE");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="AppSelectionModeEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator AppSelectionModeEnum(string value) => new AppSelectionModeEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="AppSelectionMode"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public AppSelectionModeEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// This property defines the session to terminate - everyone, no one, or a specific app instance.
+        /// </summary>
+        /// <value>This property defines the session to terminate - everyone, no one, or a specific app instance.</value>
+        [DataMember(Name = "appSelectionMode", EmitDefaultValue = true)]
+        
+        public AppSelectionModeEnum AppSelectionMode { get; set; }
+        
+        /// <summary>
+        /// This property defines the app instance access to terminate. Only include this property when &#x60;appSelectionMode&#x60; is set to &#x60;SPECIFIC&#x60;.
+        /// </summary>
+        /// <value>This property defines the app instance access to terminate. Only include this property when &#x60;appSelectionMode&#x60; is set to &#x60;SPECIFIC&#x60;.</value>
+        [DataMember(Name = "appInstanceIds", EmitDefaultValue = true)]
+        public List<string> AppInstanceIds { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class ContinuousAccessPolicyRuleTerminateSessionSlo {\n");
+            sb.Append("  AppSelectionMode: ").Append(AppSelectionMode).Append("\n");
+            sb.Append("  AppInstanceIds: ").Append(AppInstanceIds).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as ContinuousAccessPolicyRuleTerminateSessionSlo);
+        }
+
+        /// <summary>
+        /// Returns true if ContinuousAccessPolicyRuleTerminateSessionSlo instances are equal
+        /// </summary>
+        /// <param name="input">Instance of ContinuousAccessPolicyRuleTerminateSessionSlo to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(ContinuousAccessPolicyRuleTerminateSessionSlo input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.AppSelectionMode == input.AppSelectionMode ||
+                    this.AppSelectionMode.Equals(input.AppSelectionMode)
+                ) && 
+                (
+                    this.AppInstanceIds == input.AppInstanceIds ||
+                    this.AppInstanceIds != null &&
+                    input.AppInstanceIds != null &&
+                    this.AppInstanceIds.SequenceEqual(input.AppInstanceIds)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.AppSelectionMode != null)
+                {
+                    hashCode = (hashCode * 59) + this.AppSelectionMode.GetHashCode();
+                }
+                if (this.AppInstanceIds != null)
+                {
+                    hashCode = (hashCode * 59) + this.AppInstanceIds.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/CreateBrandRequest.cs b/src/Okta.Sdk/Model/CreateBrandRequest.cs
index e133a7f1a..4b51b3012 100644
--- a/src/Okta.Sdk/Model/CreateBrandRequest.cs
+++ b/src/Okta.Sdk/Model/CreateBrandRequest.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -40,8 +40,9 @@ public partial class CreateBrandRequest : IEquatable<CreateBrandRequest>
         public CreateBrandRequest() { }
         
         /// <summary>
-        /// Gets or Sets Name
+        /// The name of the Brand
         /// </summary>
+        /// <value>The name of the Brand</value>
         [DataMember(Name = "name", EmitDefaultValue = true)]
         public string Name { get; set; }
 
diff --git a/src/Okta.Sdk/Model/CreateIamRoleRequest.cs b/src/Okta.Sdk/Model/CreateIamRoleRequest.cs
index 8455c3f2f..6efc8e4d0 100644
--- a/src/Okta.Sdk/Model/CreateIamRoleRequest.cs
+++ b/src/Okta.Sdk/Model/CreateIamRoleRequest.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -54,9 +54,9 @@ public CreateIamRoleRequest() { }
         public string Label { get; set; }
 
         /// <summary>
-        /// Array of permissions that the role will grant. See [Permission Types](https://developer.okta.com/docs/concepts/role-assignment/#permission-types).
+        /// Array of permissions that the role will grant. See [Permissions](/openapi/okta-management/guides/roles/#permission).
         /// </summary>
-        /// <value>Array of permissions that the role will grant. See [Permission Types](https://developer.okta.com/docs/concepts/role-assignment/#permission-types).</value>
+        /// <value>Array of permissions that the role will grant. See [Permissions](/openapi/okta-management/guides/roles/#permission).</value>
         [DataMember(Name = "permissions", EmitDefaultValue = true)]
         public List<RolePermissionType> Permissions { get; set; }
 
diff --git a/src/Okta.Sdk/Model/CreateRealmAssignmentRequest.cs b/src/Okta.Sdk/Model/CreateRealmAssignmentRequest.cs
new file mode 100644
index 000000000..6ab768793
--- /dev/null
+++ b/src/Okta.Sdk/Model/CreateRealmAssignmentRequest.cs
@@ -0,0 +1,158 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// CreateRealmAssignmentRequest
+    /// </summary>
+    [DataContract(Name = "CreateRealmAssignmentRequest")]
+    
+    public partial class CreateRealmAssignmentRequest : IEquatable<CreateRealmAssignmentRequest>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Actions
+        /// </summary>
+        [DataMember(Name = "actions", EmitDefaultValue = true)]
+        public Actions Actions { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Conditions
+        /// </summary>
+        [DataMember(Name = "conditions", EmitDefaultValue = true)]
+        public Conditions Conditions { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Name
+        /// </summary>
+        [DataMember(Name = "name", EmitDefaultValue = true)]
+        public string Name { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Priority
+        /// </summary>
+        [DataMember(Name = "priority", EmitDefaultValue = true)]
+        public int Priority { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class CreateRealmAssignmentRequest {\n");
+            sb.Append("  Actions: ").Append(Actions).Append("\n");
+            sb.Append("  Conditions: ").Append(Conditions).Append("\n");
+            sb.Append("  Name: ").Append(Name).Append("\n");
+            sb.Append("  Priority: ").Append(Priority).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as CreateRealmAssignmentRequest);
+        }
+
+        /// <summary>
+        /// Returns true if CreateRealmAssignmentRequest instances are equal
+        /// </summary>
+        /// <param name="input">Instance of CreateRealmAssignmentRequest to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(CreateRealmAssignmentRequest input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Actions == input.Actions ||
+                    (this.Actions != null &&
+                    this.Actions.Equals(input.Actions))
+                ) && 
+                (
+                    this.Conditions == input.Conditions ||
+                    (this.Conditions != null &&
+                    this.Conditions.Equals(input.Conditions))
+                ) && 
+                (
+                    this.Name == input.Name ||
+                    (this.Name != null &&
+                    this.Name.Equals(input.Name))
+                ) && 
+                (
+                    this.Priority == input.Priority ||
+                    this.Priority.Equals(input.Priority)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Actions != null)
+                {
+                    hashCode = (hashCode * 59) + this.Actions.GetHashCode();
+                }
+                if (this.Conditions != null)
+                {
+                    hashCode = (hashCode * 59) + this.Conditions.GetHashCode();
+                }
+                if (this.Name != null)
+                {
+                    hashCode = (hashCode * 59) + this.Name.GetHashCode();
+                }
+                hashCode = (hashCode * 59) + this.Priority.GetHashCode();
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/CreateRealmRequest.cs b/src/Okta.Sdk/Model/CreateRealmRequest.cs
new file mode 100644
index 000000000..e992def9b
--- /dev/null
+++ b/src/Okta.Sdk/Model/CreateRealmRequest.cs
@@ -0,0 +1,114 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// CreateRealmRequest
+    /// </summary>
+    [DataContract(Name = "CreateRealmRequest")]
+    
+    public partial class CreateRealmRequest : IEquatable<CreateRealmRequest>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Profile
+        /// </summary>
+        [DataMember(Name = "profile", EmitDefaultValue = true)]
+        public RealmProfile Profile { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class CreateRealmRequest {\n");
+            sb.Append("  Profile: ").Append(Profile).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as CreateRealmRequest);
+        }
+
+        /// <summary>
+        /// Returns true if CreateRealmRequest instances are equal
+        /// </summary>
+        /// <param name="input">Instance of CreateRealmRequest to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(CreateRealmRequest input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Profile == input.Profile ||
+                    (this.Profile != null &&
+                    this.Profile.Equals(input.Profile))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Profile != null)
+                {
+                    hashCode = (hashCode * 59) + this.Profile.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/CreateResourceSetRequest.cs b/src/Okta.Sdk/Model/CreateResourceSetRequest.cs
index 643a63b27..25bc10c3a 100644
--- a/src/Okta.Sdk/Model/CreateResourceSetRequest.cs
+++ b/src/Okta.Sdk/Model/CreateResourceSetRequest.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -42,15 +42,16 @@ public partial class CreateResourceSetRequest : IEquatable<CreateResourceSetRequ
         public string Description { get; set; }
 
         /// <summary>
-        /// Unique label for the Resource Set
+        /// Unique name for the Resource Set
         /// </summary>
-        /// <value>Unique label for the Resource Set</value>
+        /// <value>Unique name for the Resource Set</value>
         [DataMember(Name = "label", EmitDefaultValue = true)]
         public string Label { get; set; }
 
         /// <summary>
-        /// Gets or Sets Resources
+        /// The endpoint (URL) that references all resource objects included in the Resource Set. Resources are identified by either an Okta Resource Name (ORN) or by a REST URL format. See [Okta Resource Name](/openapi/okta-management/guides/roles/#okta-resource-name-orn).
         /// </summary>
+        /// <value>The endpoint (URL) that references all resource objects included in the Resource Set. Resources are identified by either an Okta Resource Name (ORN) or by a REST URL format. See [Okta Resource Name](/openapi/okta-management/guides/roles/#okta-resource-name-orn).</value>
         [DataMember(Name = "resources", EmitDefaultValue = true)]
         public List<string> Resources { get; set; }
 
diff --git a/src/Okta.Sdk/Model/CreateSessionRequest.cs b/src/Okta.Sdk/Model/CreateSessionRequest.cs
index bbfdbfa81..b50e9abac 100644
--- a/src/Okta.Sdk/Model/CreateSessionRequest.cs
+++ b/src/Okta.Sdk/Model/CreateSessionRequest.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/CreateUISchema.cs b/src/Okta.Sdk/Model/CreateUISchema.cs
index f64ae3020..82ef17f39 100644
--- a/src/Okta.Sdk/Model/CreateUISchema.cs
+++ b/src/Okta.Sdk/Model/CreateUISchema.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/CreateUpdateIamRolePermissionRequest.cs b/src/Okta.Sdk/Model/CreateUpdateIamRolePermissionRequest.cs
index 58e63e135..12e8f32ed 100644
--- a/src/Okta.Sdk/Model/CreateUpdateIamRolePermissionRequest.cs
+++ b/src/Okta.Sdk/Model/CreateUpdateIamRolePermissionRequest.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/CreateUserRequest.cs b/src/Okta.Sdk/Model/CreateUserRequest.cs
index 6a3c32b86..7c14d8f9c 100644
--- a/src/Okta.Sdk/Model/CreateUserRequest.cs
+++ b/src/Okta.Sdk/Model/CreateUserRequest.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -58,9 +58,9 @@ public CreateUserRequest() { }
         public UserProfile Profile { get; set; }
 
         /// <summary>
-        /// The ID of the realm in which the user is residing
+        /// &lt;div class&#x3D;\&quot;x-lifecycle-container\&quot;&gt;&lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt;&lt;/div&gt;The ID of the Realm in which the user is residing
         /// </summary>
-        /// <value>The ID of the realm in which the user is residing</value>
+        /// <value>&lt;div class&#x3D;\&quot;x-lifecycle-container\&quot;&gt;&lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt;&lt;/div&gt;The ID of the Realm in which the user is residing</value>
         [DataMember(Name = "realmId", EmitDefaultValue = true)]
         public string RealmId { get; set; }
 
@@ -68,7 +68,7 @@ public CreateUserRequest() { }
         /// Gets or Sets Type
         /// </summary>
         [DataMember(Name = "type", EmitDefaultValue = true)]
-        public UserType Type { get; set; }
+        public CreateUserRequestType Type { get; set; }
 
         /// <summary>
         /// Returns the string presentation of the object
diff --git a/src/Okta.Sdk/Model/CreateUserRequestType.cs b/src/Okta.Sdk/Model/CreateUserRequestType.cs
new file mode 100644
index 000000000..4f2204283
--- /dev/null
+++ b/src/Okta.Sdk/Model/CreateUserRequestType.cs
@@ -0,0 +1,115 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// The ID of the user type. Add this value if you want to create a user with a non-default [user type](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/UserType/). The user type determines which [schema](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Schema/) applies to that user. After a user has been created, the user can  only be assigned a different user type by an administrator through a full replacement (&#x60;PUT&#x60;) operation.
+    /// </summary>
+    [DataContract(Name = "CreateUserRequest_type")]
+    
+    public partial class CreateUserRequestType : IEquatable<CreateUserRequestType>
+    {
+        
+        /// <summary>
+        /// The ID of the user type
+        /// </summary>
+        /// <value>The ID of the user type</value>
+        [DataMember(Name = "id", EmitDefaultValue = true)]
+        public string Id { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class CreateUserRequestType {\n");
+            sb.Append("  Id: ").Append(Id).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as CreateUserRequestType);
+        }
+
+        /// <summary>
+        /// Returns true if CreateUserRequestType instances are equal
+        /// </summary>
+        /// <param name="input">Instance of CreateUserRequestType to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(CreateUserRequestType input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Id == input.Id ||
+                    (this.Id != null &&
+                    this.Id.Equals(input.Id))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Id != null)
+                {
+                    hashCode = (hashCode * 59) + this.Id.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/CredentialSyncState.cs b/src/Okta.Sdk/Model/CredentialSyncState.cs
new file mode 100644
index 000000000..3bab41270
--- /dev/null
+++ b/src/Okta.Sdk/Model/CredentialSyncState.cs
@@ -0,0 +1,69 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Current credential sync status of the privileged resource
+    /// </summary>
+    /// <value>Current credential sync status of the privileged resource</value>
+    [JsonConverter(typeof(StringEnumSerializingConverter))]
+    public sealed class CredentialSyncState : StringEnum
+    {
+        /// <summary>
+        /// StringEnum CredentialSyncState for value: NOT_SYNCED
+        /// </summary>
+        public static CredentialSyncState NOTSYNCED = new CredentialSyncState("NOT_SYNCED");
+        /// <summary>
+        /// StringEnum CredentialSyncState for value: SYNCED
+        /// </summary>
+        public static CredentialSyncState SYNCED = new CredentialSyncState("SYNCED");
+        /// <summary>
+        /// StringEnum CredentialSyncState for value: SYNCING
+        /// </summary>
+        public static CredentialSyncState SYNCING = new CredentialSyncState("SYNCING");
+        /// <summary>
+        /// StringEnum CredentialSyncState for value: SYNC_FAILED
+        /// </summary>
+        public static CredentialSyncState SYNCFAILED = new CredentialSyncState("SYNC_FAILED");
+
+        /// <summary>
+        /// Implicit operator declaration to accept and convert a string value as a <see cref="CredentialSyncState"/>
+        /// </summary>
+        /// <param name="value">The value to use</param>
+        public static implicit operator CredentialSyncState(string value) => new CredentialSyncState(value);
+
+        /// <summary>
+        /// Creates a new <see cref="CredentialSyncState"/> instance.
+        /// </summary>
+        /// <param name="value">The value to use.</param>
+        public CredentialSyncState(string value)
+            : base(value)
+        {
+        }
+    }
+
+
+}
diff --git a/src/Okta.Sdk/Model/Csr.cs b/src/Okta.Sdk/Model/Csr.cs
index d8d88e3aa..d5176218c 100644
--- a/src/Okta.Sdk/Model/Csr.cs
+++ b/src/Okta.Sdk/Model/Csr.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -35,8 +35,9 @@ public partial class Csr : IEquatable<Csr>
     {
         
         /// <summary>
-        /// Gets or Sets Created
+        /// Timestamp when the object was created
         /// </summary>
+        /// <value>Timestamp when the object was created</value>
         [DataMember(Name = "created", EmitDefaultValue = true)]
         public DateTimeOffset Created { get; private set; }
 
diff --git a/src/Okta.Sdk/Model/CsrMetadata.cs b/src/Okta.Sdk/Model/CsrMetadata.cs
index d06cb7896..a8dd4d697 100644
--- a/src/Okta.Sdk/Model/CsrMetadata.cs
+++ b/src/Okta.Sdk/Model/CsrMetadata.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/CsrMetadataSubject.cs b/src/Okta.Sdk/Model/CsrMetadataSubject.cs
index 71464d2f5..a21ce0e8c 100644
--- a/src/Okta.Sdk/Model/CsrMetadataSubject.cs
+++ b/src/Okta.Sdk/Model/CsrMetadataSubject.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/CsrMetadataSubjectAltNames.cs b/src/Okta.Sdk/Model/CsrMetadataSubjectAltNames.cs
index 90afdabe1..b8c8db07d 100644
--- a/src/Okta.Sdk/Model/CsrMetadataSubjectAltNames.cs
+++ b/src/Okta.Sdk/Model/CsrMetadataSubjectAltNames.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/CustomAppUserVerificationEnum.cs b/src/Okta.Sdk/Model/CustomAppUserVerificationEnum.cs
new file mode 100644
index 000000000..c5d7a2614
--- /dev/null
+++ b/src/Okta.Sdk/Model/CustomAppUserVerificationEnum.cs
@@ -0,0 +1,61 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// User verification setting
+    /// </summary>
+    /// <value>User verification setting</value>
+    [JsonConverter(typeof(StringEnumSerializingConverter))]
+    public sealed class CustomAppUserVerificationEnum : StringEnum
+    {
+        /// <summary>
+        /// StringEnum CustomAppUserVerificationEnum for value: PREFERRED
+        /// </summary>
+        public static CustomAppUserVerificationEnum PREFERRED = new CustomAppUserVerificationEnum("PREFERRED");
+        /// <summary>
+        /// StringEnum CustomAppUserVerificationEnum for value: REQUIRED
+        /// </summary>
+        public static CustomAppUserVerificationEnum REQUIRED = new CustomAppUserVerificationEnum("REQUIRED");
+
+        /// <summary>
+        /// Implicit operator declaration to accept and convert a string value as a <see cref="CustomAppUserVerificationEnum"/>
+        /// </summary>
+        /// <param name="value">The value to use</param>
+        public static implicit operator CustomAppUserVerificationEnum(string value) => new CustomAppUserVerificationEnum(value);
+
+        /// <summary>
+        /// Creates a new <see cref="CustomAppUserVerificationEnum"/> instance.
+        /// </summary>
+        /// <param name="value">The value to use.</param>
+        public CustomAppUserVerificationEnum(string value)
+            : base(value)
+        {
+        }
+    }
+
+
+}
diff --git a/src/Okta.Sdk/Model/CustomRoleAssignmentSchema.cs b/src/Okta.Sdk/Model/CustomRoleAssignmentSchema.cs
new file mode 100644
index 000000000..6848025fe
--- /dev/null
+++ b/src/Okta.Sdk/Model/CustomRoleAssignmentSchema.cs
@@ -0,0 +1,179 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// CustomRoleAssignmentSchema
+    /// </summary>
+    [DataContract(Name = "CustomRoleAssignmentSchema")]
+    
+    public partial class CustomRoleAssignmentSchema : IEquatable<CustomRoleAssignmentSchema>
+    {
+        /// <summary>
+        /// Standard role type
+        /// </summary>
+        /// <value>Standard role type</value>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class TypeEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum CUSTOM for value: CUSTOM
+            /// </summary>
+            
+            public static TypeEnum CUSTOM = new TypeEnum("CUSTOM");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="TypeEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator TypeEnum(string value) => new TypeEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="Type"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public TypeEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// Standard role type
+        /// </summary>
+        /// <value>Standard role type</value>
+        [DataMember(Name = "type", EmitDefaultValue = true)]
+        
+        public TypeEnum Type { get; set; }
+        
+        /// <summary>
+        /// Resource Set ID
+        /// </summary>
+        /// <value>Resource Set ID</value>
+        [DataMember(Name = "resource-set", EmitDefaultValue = true)]
+        public string ResourceSet { get; set; }
+
+        /// <summary>
+        /// Custom Role ID
+        /// </summary>
+        /// <value>Custom Role ID</value>
+        [DataMember(Name = "role", EmitDefaultValue = true)]
+        public string Role { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class CustomRoleAssignmentSchema {\n");
+            sb.Append("  ResourceSet: ").Append(ResourceSet).Append("\n");
+            sb.Append("  Role: ").Append(Role).Append("\n");
+            sb.Append("  Type: ").Append(Type).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as CustomRoleAssignmentSchema);
+        }
+
+        /// <summary>
+        /// Returns true if CustomRoleAssignmentSchema instances are equal
+        /// </summary>
+        /// <param name="input">Instance of CustomRoleAssignmentSchema to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(CustomRoleAssignmentSchema input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.ResourceSet == input.ResourceSet ||
+                    (this.ResourceSet != null &&
+                    this.ResourceSet.Equals(input.ResourceSet))
+                ) && 
+                (
+                    this.Role == input.Role ||
+                    (this.Role != null &&
+                    this.Role.Equals(input.Role))
+                ) && 
+                (
+                    this.Type == input.Type ||
+                    this.Type.Equals(input.Type)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.ResourceSet != null)
+                {
+                    hashCode = (hashCode * 59) + this.ResourceSet.GetHashCode();
+                }
+                if (this.Role != null)
+                {
+                    hashCode = (hashCode * 59) + this.Role.GetHashCode();
+                }
+                if (this.Type != null)
+                {
+                    hashCode = (hashCode * 59) + this.Type.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/CustomizablePage.cs b/src/Okta.Sdk/Model/CustomizablePage.cs
index 2f4824205..fda185650 100644
--- a/src/Okta.Sdk/Model/CustomizablePage.cs
+++ b/src/Okta.Sdk/Model/CustomizablePage.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -35,8 +35,9 @@ public partial class CustomizablePage : IEquatable<CustomizablePage>
     {
         
         /// <summary>
-        /// Gets or Sets PageContent
+        /// The HTML for the page
         /// </summary>
+        /// <value>The HTML for the page</value>
         [DataMember(Name = "pageContent", EmitDefaultValue = true)]
         public string PageContent { get; set; }
 
diff --git a/src/Okta.Sdk/Model/DNSRecord.cs b/src/Okta.Sdk/Model/DNSRecord.cs
index a265f6034..e0bf36c93 100644
--- a/src/Okta.Sdk/Model/DNSRecord.cs
+++ b/src/Okta.Sdk/Model/DNSRecord.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DNSRecordType.cs b/src/Okta.Sdk/Model/DNSRecordType.cs
index 070b54085..8089f6357 100644
--- a/src/Okta.Sdk/Model/DNSRecordType.cs
+++ b/src/Okta.Sdk/Model/DNSRecordType.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DTCChromeOS.cs b/src/Okta.Sdk/Model/DTCChromeOS.cs
index 3eaa38b9c..351d00cf8 100644
--- a/src/Okta.Sdk/Model/DTCChromeOS.cs
+++ b/src/Okta.Sdk/Model/DTCChromeOS.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -93,8 +93,15 @@ public partial class DTCChromeOS : IEquatable<DTCChromeOS>
         /// Indicates whether the main disk is encrypted
         /// </summary>
         /// <value>Indicates whether the main disk is encrypted</value>
-        [DataMember(Name = "diskEnrypted", EmitDefaultValue = true)]
-        public bool DiskEnrypted { get; set; }
+        [DataMember(Name = "diskEncrypted", EmitDefaultValue = true)]
+        public bool DiskEncrypted { get; set; }
+
+        /// <summary>
+        /// Indicates whether the device is enrolled in ChromeOS device management
+        /// </summary>
+        /// <value>Indicates whether the device is enrolled in ChromeOS device management</value>
+        [DataMember(Name = "managedDevice", EmitDefaultValue = true)]
+        public bool ManagedDevice { get; set; }
 
         /// <summary>
         /// Indicates whether a firewall is enabled at the OS-level on the device
@@ -107,7 +114,7 @@ public partial class DTCChromeOS : IEquatable<DTCChromeOS>
         /// Gets or Sets OsVersion
         /// </summary>
         [DataMember(Name = "osVersion", EmitDefaultValue = true)]
-        public OSVersion OsVersion { get; set; }
+        public OSVersionFourComponents OsVersion { get; set; }
 
         /// <summary>
         /// Indicates whether enterprise-grade (custom) unsafe URL scanning is enabled
@@ -143,8 +150,9 @@ public override string ToString()
             sb.Append("  BuiltInDnsClientEnabled: ").Append(BuiltInDnsClientEnabled).Append("\n");
             sb.Append("  ChromeRemoteDesktopAppBlocked: ").Append(ChromeRemoteDesktopAppBlocked).Append("\n");
             sb.Append("  DeviceEnrollmentDomain: ").Append(DeviceEnrollmentDomain).Append("\n");
-            sb.Append("  DiskEnrypted: ").Append(DiskEnrypted).Append("\n");
+            sb.Append("  DiskEncrypted: ").Append(DiskEncrypted).Append("\n");
             sb.Append("  KeyTrustLevel: ").Append(KeyTrustLevel).Append("\n");
+            sb.Append("  ManagedDevice: ").Append(ManagedDevice).Append("\n");
             sb.Append("  OsFirewall: ").Append(OsFirewall).Append("\n");
             sb.Append("  OsVersion: ").Append(OsVersion).Append("\n");
             sb.Append("  PasswordProtectionWarningTrigger: ").Append(PasswordProtectionWarningTrigger).Append("\n");
@@ -210,13 +218,17 @@ public bool Equals(DTCChromeOS input)
                     this.DeviceEnrollmentDomain.Equals(input.DeviceEnrollmentDomain))
                 ) && 
                 (
-                    this.DiskEnrypted == input.DiskEnrypted ||
-                    this.DiskEnrypted.Equals(input.DiskEnrypted)
+                    this.DiskEncrypted == input.DiskEncrypted ||
+                    this.DiskEncrypted.Equals(input.DiskEncrypted)
                 ) && 
                 (
                     this.KeyTrustLevel == input.KeyTrustLevel ||
                     this.KeyTrustLevel.Equals(input.KeyTrustLevel)
                 ) && 
+                (
+                    this.ManagedDevice == input.ManagedDevice ||
+                    this.ManagedDevice.Equals(input.ManagedDevice)
+                ) && 
                 (
                     this.OsFirewall == input.OsFirewall ||
                     this.OsFirewall.Equals(input.OsFirewall)
@@ -269,11 +281,12 @@ public override int GetHashCode()
                 {
                     hashCode = (hashCode * 59) + this.DeviceEnrollmentDomain.GetHashCode();
                 }
-                hashCode = (hashCode * 59) + this.DiskEnrypted.GetHashCode();
+                hashCode = (hashCode * 59) + this.DiskEncrypted.GetHashCode();
                 if (this.KeyTrustLevel != null)
                 {
                     hashCode = (hashCode * 59) + this.KeyTrustLevel.GetHashCode();
                 }
+                hashCode = (hashCode * 59) + this.ManagedDevice.GetHashCode();
                 hashCode = (hashCode * 59) + this.OsFirewall.GetHashCode();
                 if (this.OsVersion != null)
                 {
diff --git a/src/Okta.Sdk/Model/DTCMacOS.cs b/src/Okta.Sdk/Model/DTCMacOS.cs
index 124d2e052..ea56fc063 100644
--- a/src/Okta.Sdk/Model/DTCMacOS.cs
+++ b/src/Okta.Sdk/Model/DTCMacOS.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -86,8 +86,8 @@ public partial class DTCMacOS : IEquatable<DTCMacOS>
         /// Indicates whether the main disk is encrypted
         /// </summary>
         /// <value>Indicates whether the main disk is encrypted</value>
-        [DataMember(Name = "diskEnrypted", EmitDefaultValue = true)]
-        public bool DiskEnrypted { get; set; }
+        [DataMember(Name = "diskEncrypted", EmitDefaultValue = true)]
+        public bool DiskEncrypted { get; set; }
 
         /// <summary>
         /// Indicates whether a firewall is enabled at the OS-level on the device
@@ -100,7 +100,7 @@ public partial class DTCMacOS : IEquatable<DTCMacOS>
         /// Gets or Sets OsVersion
         /// </summary>
         [DataMember(Name = "osVersion", EmitDefaultValue = true)]
-        public OSVersion OsVersion { get; set; }
+        public OSVersionThreeComponents OsVersion { get; set; }
 
         /// <summary>
         /// Indicates whether enterprise-grade (custom) unsafe URL scanning is enabled
@@ -135,7 +135,7 @@ public override string ToString()
             sb.Append("  BuiltInDnsClientEnabled: ").Append(BuiltInDnsClientEnabled).Append("\n");
             sb.Append("  ChromeRemoteDesktopAppBlocked: ").Append(ChromeRemoteDesktopAppBlocked).Append("\n");
             sb.Append("  DeviceEnrollmentDomain: ").Append(DeviceEnrollmentDomain).Append("\n");
-            sb.Append("  DiskEnrypted: ").Append(DiskEnrypted).Append("\n");
+            sb.Append("  DiskEncrypted: ").Append(DiskEncrypted).Append("\n");
             sb.Append("  KeyTrustLevel: ").Append(KeyTrustLevel).Append("\n");
             sb.Append("  OsFirewall: ").Append(OsFirewall).Append("\n");
             sb.Append("  OsVersion: ").Append(OsVersion).Append("\n");
@@ -198,8 +198,8 @@ public bool Equals(DTCMacOS input)
                     this.DeviceEnrollmentDomain.Equals(input.DeviceEnrollmentDomain))
                 ) && 
                 (
-                    this.DiskEnrypted == input.DiskEnrypted ||
-                    this.DiskEnrypted.Equals(input.DiskEnrypted)
+                    this.DiskEncrypted == input.DiskEncrypted ||
+                    this.DiskEncrypted.Equals(input.DiskEncrypted)
                 ) && 
                 (
                     this.KeyTrustLevel == input.KeyTrustLevel ||
@@ -256,7 +256,7 @@ public override int GetHashCode()
                 {
                     hashCode = (hashCode * 59) + this.DeviceEnrollmentDomain.GetHashCode();
                 }
-                hashCode = (hashCode * 59) + this.DiskEnrypted.GetHashCode();
+                hashCode = (hashCode * 59) + this.DiskEncrypted.GetHashCode();
                 if (this.KeyTrustLevel != null)
                 {
                     hashCode = (hashCode * 59) + this.KeyTrustLevel.GetHashCode();
diff --git a/src/Okta.Sdk/Model/DTCWindows.cs b/src/Okta.Sdk/Model/DTCWindows.cs
index 05591bc73..941c09370 100644
--- a/src/Okta.Sdk/Model/DTCWindows.cs
+++ b/src/Okta.Sdk/Model/DTCWindows.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -100,8 +100,8 @@ public partial class DTCWindows : IEquatable<DTCWindows>
         /// Indicates whether the main disk is encrypted
         /// </summary>
         /// <value>Indicates whether the main disk is encrypted</value>
-        [DataMember(Name = "diskEnrypted", EmitDefaultValue = true)]
-        public bool DiskEnrypted { get; set; }
+        [DataMember(Name = "diskEncrypted", EmitDefaultValue = true)]
+        public bool DiskEncrypted { get; set; }
 
         /// <summary>
         /// Indicates whether a firewall is enabled at the OS-level on the device
@@ -114,7 +114,7 @@ public partial class DTCWindows : IEquatable<DTCWindows>
         /// Gets or Sets OsVersion
         /// </summary>
         [DataMember(Name = "osVersion", EmitDefaultValue = true)]
-        public OSVersion OsVersion { get; set; }
+        public OSVersionFourComponents OsVersion { get; set; }
 
         /// <summary>
         /// Indicates whether enterprise-grade (custom) unsafe URL scanning is enabled
@@ -179,7 +179,7 @@ public override string ToString()
             sb.Append("  CrowdStrikeAgentId: ").Append(CrowdStrikeAgentId).Append("\n");
             sb.Append("  CrowdStrikeCustomerId: ").Append(CrowdStrikeCustomerId).Append("\n");
             sb.Append("  DeviceEnrollmentDomain: ").Append(DeviceEnrollmentDomain).Append("\n");
-            sb.Append("  DiskEnrypted: ").Append(DiskEnrypted).Append("\n");
+            sb.Append("  DiskEncrypted: ").Append(DiskEncrypted).Append("\n");
             sb.Append("  KeyTrustLevel: ").Append(KeyTrustLevel).Append("\n");
             sb.Append("  OsFirewall: ").Append(OsFirewall).Append("\n");
             sb.Append("  OsVersion: ").Append(OsVersion).Append("\n");
@@ -256,8 +256,8 @@ public bool Equals(DTCWindows input)
                     this.DeviceEnrollmentDomain.Equals(input.DeviceEnrollmentDomain))
                 ) && 
                 (
-                    this.DiskEnrypted == input.DiskEnrypted ||
-                    this.DiskEnrypted.Equals(input.DiskEnrypted)
+                    this.DiskEncrypted == input.DiskEncrypted ||
+                    this.DiskEncrypted.Equals(input.DiskEncrypted)
                 ) && 
                 (
                     this.KeyTrustLevel == input.KeyTrustLevel ||
@@ -340,7 +340,7 @@ public override int GetHashCode()
                 {
                     hashCode = (hashCode * 59) + this.DeviceEnrollmentDomain.GetHashCode();
                 }
-                hashCode = (hashCode * 59) + this.DiskEnrypted.GetHashCode();
+                hashCode = (hashCode * 59) + this.DiskEncrypted.GetHashCode();
                 if (this.KeyTrustLevel != null)
                 {
                     hashCode = (hashCode * 59) + this.KeyTrustLevel.GetHashCode();
diff --git a/src/Okta.Sdk/Model/DefaultApp.cs b/src/Okta.Sdk/Model/DefaultApp.cs
index fb73105a8..b11ec5976 100644
--- a/src/Okta.Sdk/Model/DefaultApp.cs
+++ b/src/Okta.Sdk/Model/DefaultApp.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -35,20 +35,23 @@ public partial class DefaultApp : IEquatable<DefaultApp>
     {
         
         /// <summary>
-        /// Gets or Sets AppInstanceId
+        /// ID for the App instance
         /// </summary>
+        /// <value>ID for the App instance</value>
         [DataMember(Name = "appInstanceId", EmitDefaultValue = true)]
         public string AppInstanceId { get; set; }
 
         /// <summary>
-        /// Gets or Sets AppLinkName
+        /// Name for the app instance
         /// </summary>
+        /// <value>Name for the app instance</value>
         [DataMember(Name = "appLinkName", EmitDefaultValue = true)]
         public string AppLinkName { get; set; }
 
         /// <summary>
-        /// Gets or Sets ClassicApplicationUri
+        /// Application URI for classic Orgs
         /// </summary>
+        /// <value>Application URI for classic Orgs</value>
         [DataMember(Name = "classicApplicationUri", EmitDefaultValue = true)]
         public string ClassicApplicationUri { get; set; }
 
diff --git a/src/Okta.Sdk/Model/DetectedRiskEvents.cs b/src/Okta.Sdk/Model/DetectedRiskEvents.cs
new file mode 100644
index 000000000..6600c1eeb
--- /dev/null
+++ b/src/Okta.Sdk/Model/DetectedRiskEvents.cs
@@ -0,0 +1,84 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Defines DetectedRiskEvents
+    /// </summary>
+    [JsonConverter(typeof(StringEnumSerializingConverter))]
+    public sealed class DetectedRiskEvents : StringEnum
+    {
+        /// <summary>
+        /// StringEnum DetectedRiskEvents for value: ADMIN_REPORTED_USER_RISK
+        /// </summary>
+        public static DetectedRiskEvents ADMINREPORTEDUSERRISK = new DetectedRiskEvents("ADMIN_REPORTED_USER_RISK");
+        /// <summary>
+        /// StringEnum DetectedRiskEvents for value: BRUTE_FORCE_ATTACK
+        /// </summary>
+        public static DetectedRiskEvents BRUTEFORCEATTACK = new DetectedRiskEvents("BRUTE_FORCE_ATTACK");
+        /// <summary>
+        /// StringEnum DetectedRiskEvents for value: ENTITY_CRITICAL_ACTION_FROM_HIGH_THREAT_IP
+        /// </summary>
+        public static DetectedRiskEvents ENTITYCRITICALACTIONFROMHIGHTHREATIP = new DetectedRiskEvents("ENTITY_CRITICAL_ACTION_FROM_HIGH_THREAT_IP");
+        /// <summary>
+        /// StringEnum DetectedRiskEvents for value: OKTA_THREAT_INTELLIGENCE
+        /// </summary>
+        public static DetectedRiskEvents OKTATHREATINTELLIGENCE = new DetectedRiskEvents("OKTA_THREAT_INTELLIGENCE");
+        /// <summary>
+        /// StringEnum DetectedRiskEvents for value: SECURITY_EVENTS_PROVIDER_REPORTED_RISK
+        /// </summary>
+        public static DetectedRiskEvents SECURITYEVENTSPROVIDERREPORTEDRISK = new DetectedRiskEvents("SECURITY_EVENTS_PROVIDER_REPORTED_RISK");
+        /// <summary>
+        /// StringEnum DetectedRiskEvents for value: SESSION_INFLUENCED_USER_RISK
+        /// </summary>
+        public static DetectedRiskEvents SESSIONINFLUENCEDUSERRISK = new DetectedRiskEvents("SESSION_INFLUENCED_USER_RISK");
+        /// <summary>
+        /// StringEnum DetectedRiskEvents for value: SUSPICIOUS_APP_ACCESS
+        /// </summary>
+        public static DetectedRiskEvents SUSPICIOUSAPPACCESS = new DetectedRiskEvents("SUSPICIOUS_APP_ACCESS");
+        /// <summary>
+        /// StringEnum DetectedRiskEvents for value: USER_REPORTED_SUSPICIOUS_ACTIVITY
+        /// </summary>
+        public static DetectedRiskEvents USERREPORTEDSUSPICIOUSACTIVITY = new DetectedRiskEvents("USER_REPORTED_SUSPICIOUS_ACTIVITY");
+
+        /// <summary>
+        /// Implicit operator declaration to accept and convert a string value as a <see cref="DetectedRiskEvents"/>
+        /// </summary>
+        /// <param name="value">The value to use</param>
+        public static implicit operator DetectedRiskEvents(string value) => new DetectedRiskEvents(value);
+
+        /// <summary>
+        /// Creates a new <see cref="DetectedRiskEvents"/> instance.
+        /// </summary>
+        /// <param name="value">The value to use.</param>
+        public DetectedRiskEvents(string value)
+            : base(value)
+        {
+        }
+    }
+
+
+}
diff --git a/src/Okta.Sdk/Model/Device.cs b/src/Okta.Sdk/Model/Device.cs
index 31177842f..e9efb9aa5 100644
--- a/src/Okta.Sdk/Model/Device.cs
+++ b/src/Okta.Sdk/Model/Device.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DeviceAccessPolicyRuleCondition.cs b/src/Okta.Sdk/Model/DeviceAccessPolicyRuleCondition.cs
index bf29dd8b9..3e1969d7c 100644
--- a/src/Okta.Sdk/Model/DeviceAccessPolicyRuleCondition.cs
+++ b/src/Okta.Sdk/Model/DeviceAccessPolicyRuleCondition.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -59,6 +59,12 @@ public partial class DeviceAccessPolicyRuleCondition : IEquatable<DeviceAccessPo
         [DataMember(Name = "rooted", EmitDefaultValue = true)]
         public bool Rooted { get; set; }
 
+        /// <summary>
+        /// Gets or Sets Assurance
+        /// </summary>
+        [DataMember(Name = "assurance", EmitDefaultValue = true)]
+        public DevicePolicyRuleConditionAssurance Assurance { get; set; }
+
         /// <summary>
         /// Gets or Sets Managed
         /// </summary>
@@ -71,12 +77,6 @@ public partial class DeviceAccessPolicyRuleCondition : IEquatable<DeviceAccessPo
         [DataMember(Name = "registered", EmitDefaultValue = true)]
         public bool Registered { get; set; }
 
-        /// <summary>
-        /// Gets or Sets Assurance
-        /// </summary>
-        [DataMember(Name = "assurance", EmitDefaultValue = true)]
-        public DevicePolicyRuleConditionAssurance Assurance { get; set; }
-
         /// <summary>
         /// Returns the string presentation of the object
         /// </summary>
@@ -89,9 +89,9 @@ public override string ToString()
             sb.Append("  Platform: ").Append(Platform).Append("\n");
             sb.Append("  Rooted: ").Append(Rooted).Append("\n");
             sb.Append("  TrustLevel: ").Append(TrustLevel).Append("\n");
+            sb.Append("  Assurance: ").Append(Assurance).Append("\n");
             sb.Append("  Managed: ").Append(Managed).Append("\n");
             sb.Append("  Registered: ").Append(Registered).Append("\n");
-            sb.Append("  Assurance: ").Append(Assurance).Append("\n");
             sb.Append("}\n");
             return sb.ToString();
         }
@@ -144,6 +144,11 @@ public bool Equals(DeviceAccessPolicyRuleCondition input)
                     this.TrustLevel == input.TrustLevel ||
                     this.TrustLevel.Equals(input.TrustLevel)
                 ) && 
+                (
+                    this.Assurance == input.Assurance ||
+                    (this.Assurance != null &&
+                    this.Assurance.Equals(input.Assurance))
+                ) && 
                 (
                     this.Managed == input.Managed ||
                     this.Managed.Equals(input.Managed)
@@ -151,11 +156,6 @@ public bool Equals(DeviceAccessPolicyRuleCondition input)
                 (
                     this.Registered == input.Registered ||
                     this.Registered.Equals(input.Registered)
-                ) && 
-                (
-                    this.Assurance == input.Assurance ||
-                    (this.Assurance != null &&
-                    this.Assurance.Equals(input.Assurance))
                 );
         }
 
@@ -179,12 +179,12 @@ public override int GetHashCode()
                 {
                     hashCode = (hashCode * 59) + this.TrustLevel.GetHashCode();
                 }
-                hashCode = (hashCode * 59) + this.Managed.GetHashCode();
-                hashCode = (hashCode * 59) + this.Registered.GetHashCode();
                 if (this.Assurance != null)
                 {
                     hashCode = (hashCode * 59) + this.Assurance.GetHashCode();
                 }
+                hashCode = (hashCode * 59) + this.Managed.GetHashCode();
+                hashCode = (hashCode * 59) + this.Registered.GetHashCode();
                 return hashCode;
             }
         }
diff --git a/src/Okta.Sdk/Model/DeviceAssurance.cs b/src/Okta.Sdk/Model/DeviceAssurance.cs
index a4123e345..e0121a07d 100644
--- a/src/Okta.Sdk/Model/DeviceAssurance.cs
+++ b/src/Okta.Sdk/Model/DeviceAssurance.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -96,30 +96,30 @@ public bool ShouldSerializeId()
             return false;
         }
         /// <summary>
-        /// Gets or Sets LastUpdatedBy
+        /// Gets or Sets LastUpdate
         /// </summary>
-        [DataMember(Name = "lastUpdatedBy", EmitDefaultValue = true)]
-        public string LastUpdatedBy { get; private set; }
+        [DataMember(Name = "lastUpdate", EmitDefaultValue = true)]
+        public string LastUpdate { get; private set; }
 
         /// <summary>
-        /// Returns false as LastUpdatedBy should not be serialized given that it's read-only.
+        /// Returns false as LastUpdate should not be serialized given that it's read-only.
         /// </summary>
         /// <returns>false (boolean)</returns>
-        public bool ShouldSerializeLastUpdatedBy()
+        public bool ShouldSerializeLastUpdate()
         {
             return false;
         }
         /// <summary>
-        /// Gets or Sets LastUpdatedDate
+        /// Gets or Sets LastUpdatedBy
         /// </summary>
-        [DataMember(Name = "lastUpdatedDate", EmitDefaultValue = true)]
-        public string LastUpdatedDate { get; private set; }
+        [DataMember(Name = "lastUpdatedBy", EmitDefaultValue = true)]
+        public string LastUpdatedBy { get; private set; }
 
         /// <summary>
-        /// Returns false as LastUpdatedDate should not be serialized given that it's read-only.
+        /// Returns false as LastUpdatedBy should not be serialized given that it's read-only.
         /// </summary>
         /// <returns>false (boolean)</returns>
-        public bool ShouldSerializeLastUpdatedDate()
+        public bool ShouldSerializeLastUpdatedBy()
         {
             return false;
         }
@@ -147,8 +147,8 @@ public override string ToString()
             sb.Append("  CreatedBy: ").Append(CreatedBy).Append("\n");
             sb.Append("  CreatedDate: ").Append(CreatedDate).Append("\n");
             sb.Append("  Id: ").Append(Id).Append("\n");
+            sb.Append("  LastUpdate: ").Append(LastUpdate).Append("\n");
             sb.Append("  LastUpdatedBy: ").Append(LastUpdatedBy).Append("\n");
-            sb.Append("  LastUpdatedDate: ").Append(LastUpdatedDate).Append("\n");
             sb.Append("  Name: ").Append(Name).Append("\n");
             sb.Append("  Platform: ").Append(Platform).Append("\n");
             sb.Append("  Links: ").Append(Links).Append("\n");
@@ -202,16 +202,16 @@ public bool Equals(DeviceAssurance input)
                     (this.Id != null &&
                     this.Id.Equals(input.Id))
                 ) && 
+                (
+                    this.LastUpdate == input.LastUpdate ||
+                    (this.LastUpdate != null &&
+                    this.LastUpdate.Equals(input.LastUpdate))
+                ) && 
                 (
                     this.LastUpdatedBy == input.LastUpdatedBy ||
                     (this.LastUpdatedBy != null &&
                     this.LastUpdatedBy.Equals(input.LastUpdatedBy))
                 ) && 
-                (
-                    this.LastUpdatedDate == input.LastUpdatedDate ||
-                    (this.LastUpdatedDate != null &&
-                    this.LastUpdatedDate.Equals(input.LastUpdatedDate))
-                ) && 
                 (
                     this.Name == input.Name ||
                     (this.Name != null &&
@@ -250,13 +250,13 @@ public override int GetHashCode()
                 {
                     hashCode = (hashCode * 59) + this.Id.GetHashCode();
                 }
-                if (this.LastUpdatedBy != null)
+                if (this.LastUpdate != null)
                 {
-                    hashCode = (hashCode * 59) + this.LastUpdatedBy.GetHashCode();
+                    hashCode = (hashCode * 59) + this.LastUpdate.GetHashCode();
                 }
-                if (this.LastUpdatedDate != null)
+                if (this.LastUpdatedBy != null)
                 {
-                    hashCode = (hashCode * 59) + this.LastUpdatedDate.GetHashCode();
+                    hashCode = (hashCode * 59) + this.LastUpdatedBy.GetHashCode();
                 }
                 if (this.Name != null)
                 {
diff --git a/src/Okta.Sdk/Model/DeviceAssuranceAndroidPlatform.cs b/src/Okta.Sdk/Model/DeviceAssuranceAndroidPlatform.cs
index 5c97de219..8bc42fab9 100644
--- a/src/Okta.Sdk/Model/DeviceAssuranceAndroidPlatform.cs
+++ b/src/Okta.Sdk/Model/DeviceAssuranceAndroidPlatform.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType.cs b/src/Okta.Sdk/Model/DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType.cs
index c383d942c..559d770ac 100644
--- a/src/Okta.Sdk/Model/DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType.cs
+++ b/src/Okta.Sdk/Model/DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -38,7 +38,7 @@ public partial class DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType : IEq
         /// Gets or Sets Include
         /// </summary>
         [DataMember(Name = "include", EmitDefaultValue = true)]
-        public List<DiskEncryptionType> Include { get; set; }
+        public List<DiskEncryptionTypeAndroid> Include { get; set; }
 
         /// <summary>
         /// Returns the string presentation of the object
diff --git a/src/Okta.Sdk/Model/DeviceAssuranceAndroidPlatformAllOfScreenLockType.cs b/src/Okta.Sdk/Model/DeviceAssuranceAndroidPlatformAllOfScreenLockType.cs
index fab1cd190..2d77f8193 100644
--- a/src/Okta.Sdk/Model/DeviceAssuranceAndroidPlatformAllOfScreenLockType.cs
+++ b/src/Okta.Sdk/Model/DeviceAssuranceAndroidPlatformAllOfScreenLockType.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DeviceAssuranceChromeOSPlatform.cs b/src/Okta.Sdk/Model/DeviceAssuranceChromeOSPlatform.cs
index 8caa567e0..ebd6c6414 100644
--- a/src/Okta.Sdk/Model/DeviceAssuranceChromeOSPlatform.cs
+++ b/src/Okta.Sdk/Model/DeviceAssuranceChromeOSPlatform.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders.cs b/src/Okta.Sdk/Model/DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders.cs
index 1445d70de..41991ad90 100644
--- a/src/Okta.Sdk/Model/DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders.cs
+++ b/src/Okta.Sdk/Model/DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DeviceAssuranceIOSPlatform.cs b/src/Okta.Sdk/Model/DeviceAssuranceIOSPlatform.cs
index 8ed514dd4..5bc72b350 100644
--- a/src/Okta.Sdk/Model/DeviceAssuranceIOSPlatform.cs
+++ b/src/Okta.Sdk/Model/DeviceAssuranceIOSPlatform.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -41,12 +41,6 @@ namespace Okta.Sdk.Model
     public partial class DeviceAssuranceIOSPlatform : DeviceAssurance, IEquatable<DeviceAssuranceIOSPlatform>
     {
         
-        /// <summary>
-        /// Gets or Sets DiskEncryptionType
-        /// </summary>
-        [DataMember(Name = "diskEncryptionType", EmitDefaultValue = true)]
-        public DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType DiskEncryptionType { get; set; }
-
         /// <summary>
         /// Gets or Sets Jailbreak
         /// </summary>
@@ -65,12 +59,6 @@ public partial class DeviceAssuranceIOSPlatform : DeviceAssurance, IEquatable<De
         [DataMember(Name = "screenLockType", EmitDefaultValue = true)]
         public DeviceAssuranceAndroidPlatformAllOfScreenLockType ScreenLockType { get; set; }
 
-        /// <summary>
-        /// Gets or Sets SecureHardwarePresent
-        /// </summary>
-        [DataMember(Name = "secureHardwarePresent", EmitDefaultValue = true)]
-        public bool SecureHardwarePresent { get; set; }
-
         /// <summary>
         /// Returns the string presentation of the object
         /// </summary>
@@ -80,11 +68,9 @@ public override string ToString()
             StringBuilder sb = new StringBuilder();
             sb.Append("class DeviceAssuranceIOSPlatform {\n");
             sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
-            sb.Append("  DiskEncryptionType: ").Append(DiskEncryptionType).Append("\n");
             sb.Append("  Jailbreak: ").Append(Jailbreak).Append("\n");
             sb.Append("  OsVersion: ").Append(OsVersion).Append("\n");
             sb.Append("  ScreenLockType: ").Append(ScreenLockType).Append("\n");
-            sb.Append("  SecureHardwarePresent: ").Append(SecureHardwarePresent).Append("\n");
             sb.Append("}\n");
             return sb.ToString();
         }
@@ -120,11 +106,6 @@ public bool Equals(DeviceAssuranceIOSPlatform input)
                 return false;
             }
             return base.Equals(input) && 
-                (
-                    this.DiskEncryptionType == input.DiskEncryptionType ||
-                    (this.DiskEncryptionType != null &&
-                    this.DiskEncryptionType.Equals(input.DiskEncryptionType))
-                ) && base.Equals(input) && 
                 (
                     this.Jailbreak == input.Jailbreak ||
                     this.Jailbreak.Equals(input.Jailbreak)
@@ -138,10 +119,6 @@ public bool Equals(DeviceAssuranceIOSPlatform input)
                     this.ScreenLockType == input.ScreenLockType ||
                     (this.ScreenLockType != null &&
                     this.ScreenLockType.Equals(input.ScreenLockType))
-                ) && base.Equals(input) && 
-                (
-                    this.SecureHardwarePresent == input.SecureHardwarePresent ||
-                    this.SecureHardwarePresent.Equals(input.SecureHardwarePresent)
                 );
         }
 
@@ -155,10 +132,6 @@ public override int GetHashCode()
             {
                 int hashCode = base.GetHashCode();
                 
-                if (this.DiskEncryptionType != null)
-                {
-                    hashCode = (hashCode * 59) + this.DiskEncryptionType.GetHashCode();
-                }
                 hashCode = (hashCode * 59) + this.Jailbreak.GetHashCode();
                 if (this.OsVersion != null)
                 {
@@ -168,7 +141,6 @@ public override int GetHashCode()
                 {
                     hashCode = (hashCode * 59) + this.ScreenLockType.GetHashCode();
                 }
-                hashCode = (hashCode * 59) + this.SecureHardwarePresent.GetHashCode();
                 return hashCode;
             }
         }
diff --git a/src/Okta.Sdk/Model/DeviceAssuranceMacOSPlatform.cs b/src/Okta.Sdk/Model/DeviceAssuranceMacOSPlatform.cs
index ae177980a..4e5832bd1 100644
--- a/src/Okta.Sdk/Model/DeviceAssuranceMacOSPlatform.cs
+++ b/src/Okta.Sdk/Model/DeviceAssuranceMacOSPlatform.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -45,13 +45,7 @@ public partial class DeviceAssuranceMacOSPlatform : DeviceAssurance, IEquatable<
         /// Gets or Sets DiskEncryptionType
         /// </summary>
         [DataMember(Name = "diskEncryptionType", EmitDefaultValue = true)]
-        public DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType DiskEncryptionType { get; set; }
-
-        /// <summary>
-        /// Gets or Sets Jailbreak
-        /// </summary>
-        [DataMember(Name = "jailbreak", EmitDefaultValue = true)]
-        public bool Jailbreak { get; set; }
+        public DeviceAssuranceMacOSPlatformAllOfDiskEncryptionType DiskEncryptionType { get; set; }
 
         /// <summary>
         /// Gets or Sets OsVersion
@@ -87,7 +81,6 @@ public override string ToString()
             sb.Append("class DeviceAssuranceMacOSPlatform {\n");
             sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
             sb.Append("  DiskEncryptionType: ").Append(DiskEncryptionType).Append("\n");
-            sb.Append("  Jailbreak: ").Append(Jailbreak).Append("\n");
             sb.Append("  OsVersion: ").Append(OsVersion).Append("\n");
             sb.Append("  ScreenLockType: ").Append(ScreenLockType).Append("\n");
             sb.Append("  SecureHardwarePresent: ").Append(SecureHardwarePresent).Append("\n");
@@ -132,10 +125,6 @@ public bool Equals(DeviceAssuranceMacOSPlatform input)
                     (this.DiskEncryptionType != null &&
                     this.DiskEncryptionType.Equals(input.DiskEncryptionType))
                 ) && base.Equals(input) && 
-                (
-                    this.Jailbreak == input.Jailbreak ||
-                    this.Jailbreak.Equals(input.Jailbreak)
-                ) && base.Equals(input) && 
                 (
                     this.OsVersion == input.OsVersion ||
                     (this.OsVersion != null &&
@@ -171,7 +160,6 @@ public override int GetHashCode()
                 {
                     hashCode = (hashCode * 59) + this.DiskEncryptionType.GetHashCode();
                 }
-                hashCode = (hashCode * 59) + this.Jailbreak.GetHashCode();
                 if (this.OsVersion != null)
                 {
                     hashCode = (hashCode * 59) + this.OsVersion.GetHashCode();
diff --git a/src/Okta.Sdk/Model/DeviceAssuranceMacOSPlatformAllOfDiskEncryptionType.cs b/src/Okta.Sdk/Model/DeviceAssuranceMacOSPlatformAllOfDiskEncryptionType.cs
new file mode 100644
index 000000000..a4b45f5fc
--- /dev/null
+++ b/src/Okta.Sdk/Model/DeviceAssuranceMacOSPlatformAllOfDiskEncryptionType.cs
@@ -0,0 +1,115 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// DeviceAssuranceMacOSPlatformAllOfDiskEncryptionType
+    /// </summary>
+    [DataContract(Name = "DeviceAssuranceMacOSPlatform_allOf_diskEncryptionType")]
+    
+    public partial class DeviceAssuranceMacOSPlatformAllOfDiskEncryptionType : IEquatable<DeviceAssuranceMacOSPlatformAllOfDiskEncryptionType>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Include
+        /// </summary>
+        [DataMember(Name = "include", EmitDefaultValue = true)]
+        public List<DiskEncryptionTypeDesktop> Include { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class DeviceAssuranceMacOSPlatformAllOfDiskEncryptionType {\n");
+            sb.Append("  Include: ").Append(Include).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as DeviceAssuranceMacOSPlatformAllOfDiskEncryptionType);
+        }
+
+        /// <summary>
+        /// Returns true if DeviceAssuranceMacOSPlatformAllOfDiskEncryptionType instances are equal
+        /// </summary>
+        /// <param name="input">Instance of DeviceAssuranceMacOSPlatformAllOfDiskEncryptionType to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(DeviceAssuranceMacOSPlatformAllOfDiskEncryptionType input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Include == input.Include ||
+                    this.Include != null &&
+                    input.Include != null &&
+                    this.Include.SequenceEqual(input.Include)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Include != null)
+                {
+                    hashCode = (hashCode * 59) + this.Include.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders.cs b/src/Okta.Sdk/Model/DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders.cs
index 94e520a67..59e64fba5 100644
--- a/src/Okta.Sdk/Model/DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders.cs
+++ b/src/Okta.Sdk/Model/DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DeviceAssuranceWindowsPlatform.cs b/src/Okta.Sdk/Model/DeviceAssuranceWindowsPlatform.cs
index cb96db9a4..194124391 100644
--- a/src/Okta.Sdk/Model/DeviceAssuranceWindowsPlatform.cs
+++ b/src/Okta.Sdk/Model/DeviceAssuranceWindowsPlatform.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -45,19 +45,20 @@ public partial class DeviceAssuranceWindowsPlatform : DeviceAssurance, IEquatabl
         /// Gets or Sets DiskEncryptionType
         /// </summary>
         [DataMember(Name = "diskEncryptionType", EmitDefaultValue = true)]
-        public DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType DiskEncryptionType { get; set; }
+        public DeviceAssuranceMacOSPlatformAllOfDiskEncryptionType DiskEncryptionType { get; set; }
 
         /// <summary>
-        /// Gets or Sets Jailbreak
+        /// Gets or Sets OsVersion
         /// </summary>
-        [DataMember(Name = "jailbreak", EmitDefaultValue = true)]
-        public bool Jailbreak { get; set; }
+        [DataMember(Name = "osVersion", EmitDefaultValue = true)]
+        public OSVersionFourComponents OsVersion { get; set; }
 
         /// <summary>
-        /// Gets or Sets OsVersion
+        /// &lt;div class&#x3D;\&quot;x-lifecycle-container\&quot;&gt;&lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt;&lt;/div&gt;Specifies the Windows version requirements for the assurance policy. Each requirement must correspond to a different major version (Windows 11 or Windows 10). If a requirement isn&#39;t specified for a major version, then devices on that major version satisfy the condition.  There are two types of OS requirements: * **Static**: A specific Windows version requirement that doesn&#39;t change until you update the policy. A static OS Windows requirement is specified with &#x60;majorVersionConstraint&#x60; and &#x60;minimum&#x60;. * **Dynamic**: A Windows version requirement that is relative to the latest major release and security patch. A dynamic OS Windows requirement is specified with &#x60;majorVersionConstraint&#x60; and &#x60;dynamicVersionRequirement&#x60;.  &gt; **Note:** Dynamic OS requirements are available only if the **Dynamic OS version compliance** [self-service EA](/openapi/okta-management/guides/release-lifecycle/#early-access-ea) feature is enabled. The &#x60;osVersionConstraints&#x60; property is only supported for the Windows platform. You can&#39;t specify both &#x60;osVersion.minimum&#x60; and &#x60;osVersionConstraints&#x60; properties at the same time. 
         /// </summary>
-        [DataMember(Name = "osVersion", EmitDefaultValue = true)]
-        public OSVersion OsVersion { get; set; }
+        /// <value>&lt;div class&#x3D;\&quot;x-lifecycle-container\&quot;&gt;&lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt;&lt;/div&gt;Specifies the Windows version requirements for the assurance policy. Each requirement must correspond to a different major version (Windows 11 or Windows 10). If a requirement isn&#39;t specified for a major version, then devices on that major version satisfy the condition.  There are two types of OS requirements: * **Static**: A specific Windows version requirement that doesn&#39;t change until you update the policy. A static OS Windows requirement is specified with &#x60;majorVersionConstraint&#x60; and &#x60;minimum&#x60;. * **Dynamic**: A Windows version requirement that is relative to the latest major release and security patch. A dynamic OS Windows requirement is specified with &#x60;majorVersionConstraint&#x60; and &#x60;dynamicVersionRequirement&#x60;.  &gt; **Note:** Dynamic OS requirements are available only if the **Dynamic OS version compliance** [self-service EA](/openapi/okta-management/guides/release-lifecycle/#early-access-ea) feature is enabled. The &#x60;osVersionConstraints&#x60; property is only supported for the Windows platform. You can&#39;t specify both &#x60;osVersion.minimum&#x60; and &#x60;osVersionConstraints&#x60; properties at the same time. </value>
+        [DataMember(Name = "osVersionConstraints", EmitDefaultValue = true)]
+        public List<OSVersionConstraint> OsVersionConstraints { get; set; }
 
         /// <summary>
         /// Gets or Sets ScreenLockType
@@ -87,8 +88,8 @@ public override string ToString()
             sb.Append("class DeviceAssuranceWindowsPlatform {\n");
             sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
             sb.Append("  DiskEncryptionType: ").Append(DiskEncryptionType).Append("\n");
-            sb.Append("  Jailbreak: ").Append(Jailbreak).Append("\n");
             sb.Append("  OsVersion: ").Append(OsVersion).Append("\n");
+            sb.Append("  OsVersionConstraints: ").Append(OsVersionConstraints).Append("\n");
             sb.Append("  ScreenLockType: ").Append(ScreenLockType).Append("\n");
             sb.Append("  SecureHardwarePresent: ").Append(SecureHardwarePresent).Append("\n");
             sb.Append("  ThirdPartySignalProviders: ").Append(ThirdPartySignalProviders).Append("\n");
@@ -132,15 +133,17 @@ public bool Equals(DeviceAssuranceWindowsPlatform input)
                     (this.DiskEncryptionType != null &&
                     this.DiskEncryptionType.Equals(input.DiskEncryptionType))
                 ) && base.Equals(input) && 
-                (
-                    this.Jailbreak == input.Jailbreak ||
-                    this.Jailbreak.Equals(input.Jailbreak)
-                ) && base.Equals(input) && 
                 (
                     this.OsVersion == input.OsVersion ||
                     (this.OsVersion != null &&
                     this.OsVersion.Equals(input.OsVersion))
                 ) && base.Equals(input) && 
+                (
+                    this.OsVersionConstraints == input.OsVersionConstraints ||
+                    this.OsVersionConstraints != null &&
+                    input.OsVersionConstraints != null &&
+                    this.OsVersionConstraints.SequenceEqual(input.OsVersionConstraints)
+                ) && base.Equals(input) && 
                 (
                     this.ScreenLockType == input.ScreenLockType ||
                     (this.ScreenLockType != null &&
@@ -171,11 +174,14 @@ public override int GetHashCode()
                 {
                     hashCode = (hashCode * 59) + this.DiskEncryptionType.GetHashCode();
                 }
-                hashCode = (hashCode * 59) + this.Jailbreak.GetHashCode();
                 if (this.OsVersion != null)
                 {
                     hashCode = (hashCode * 59) + this.OsVersion.GetHashCode();
                 }
+                if (this.OsVersionConstraints != null)
+                {
+                    hashCode = (hashCode * 59) + this.OsVersionConstraints.GetHashCode();
+                }
                 if (this.ScreenLockType != null)
                 {
                     hashCode = (hashCode * 59) + this.ScreenLockType.GetHashCode();
diff --git a/src/Okta.Sdk/Model/DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders.cs b/src/Okta.Sdk/Model/DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders.cs
index 25e7b3ac4..527776e22 100644
--- a/src/Okta.Sdk/Model/DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders.cs
+++ b/src/Okta.Sdk/Model/DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DeviceDisplayName.cs b/src/Okta.Sdk/Model/DeviceDisplayName.cs
index e0a2f0d85..0f7a87528 100644
--- a/src/Okta.Sdk/Model/DeviceDisplayName.cs
+++ b/src/Okta.Sdk/Model/DeviceDisplayName.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DeviceList.cs b/src/Okta.Sdk/Model/DeviceList.cs
new file mode 100644
index 000000000..005dfcf53
--- /dev/null
+++ b/src/Okta.Sdk/Model/DeviceList.cs
@@ -0,0 +1,326 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// DeviceList
+    /// </summary>
+    [DataContract(Name = "DeviceList")]
+    
+    public partial class DeviceList : IEquatable<DeviceList>
+    {
+
+        /// <summary>
+        /// Gets or Sets Status
+        /// </summary>
+        [DataMember(Name = "status", EmitDefaultValue = true)]
+        
+        public DeviceStatus Status { get; set; }
+        
+        /// <summary>
+        /// Timestamp when the device was created
+        /// </summary>
+        /// <value>Timestamp when the device was created</value>
+        [DataMember(Name = "created", EmitDefaultValue = true)]
+        public DateTimeOffset Created { get; private set; }
+
+        /// <summary>
+        /// Returns false as Created should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeCreated()
+        {
+            return false;
+        }
+        /// <summary>
+        /// Unique key for the device
+        /// </summary>
+        /// <value>Unique key for the device</value>
+        [DataMember(Name = "id", EmitDefaultValue = true)]
+        public string Id { get; private set; }
+
+        /// <summary>
+        /// Returns false as Id should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeId()
+        {
+            return false;
+        }
+        /// <summary>
+        /// Timestamp when the device record was last updated. Updates occur when Okta collects and saves device signals during authentication, and when the lifecycle state of the device changes.
+        /// </summary>
+        /// <value>Timestamp when the device record was last updated. Updates occur when Okta collects and saves device signals during authentication, and when the lifecycle state of the device changes.</value>
+        [DataMember(Name = "lastUpdated", EmitDefaultValue = true)]
+        public DateTimeOffset LastUpdated { get; private set; }
+
+        /// <summary>
+        /// Returns false as LastUpdated should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeLastUpdated()
+        {
+            return false;
+        }
+        /// <summary>
+        /// Gets or Sets Profile
+        /// </summary>
+        [DataMember(Name = "profile", EmitDefaultValue = true)]
+        public DeviceProfile Profile { get; set; }
+
+        /// <summary>
+        /// Gets or Sets ResourceAlternateId
+        /// </summary>
+        [DataMember(Name = "resourceAlternateId", EmitDefaultValue = true)]
+        public string ResourceAlternateId { get; private set; }
+
+        /// <summary>
+        /// Returns false as ResourceAlternateId should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeResourceAlternateId()
+        {
+            return false;
+        }
+        /// <summary>
+        /// Gets or Sets ResourceDisplayName
+        /// </summary>
+        [DataMember(Name = "resourceDisplayName", EmitDefaultValue = true)]
+        public DeviceDisplayName ResourceDisplayName { get; set; }
+
+        /// <summary>
+        /// Alternate key for the &#x60;id&#x60;
+        /// </summary>
+        /// <value>Alternate key for the &#x60;id&#x60;</value>
+        [DataMember(Name = "resourceId", EmitDefaultValue = true)]
+        public string ResourceId { get; private set; }
+
+        /// <summary>
+        /// Returns false as ResourceId should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeResourceId()
+        {
+            return false;
+        }
+        /// <summary>
+        /// Gets or Sets ResourceType
+        /// </summary>
+        [DataMember(Name = "resourceType", EmitDefaultValue = true)]
+        public string ResourceType { get; private set; }
+
+        /// <summary>
+        /// Returns false as ResourceType should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeResourceType()
+        {
+            return false;
+        }
+        /// <summary>
+        /// Gets or Sets Links
+        /// </summary>
+        [DataMember(Name = "_links", EmitDefaultValue = true)]
+        public LinksSelfAndFullUsersLifecycle Links { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Embedded
+        /// </summary>
+        [DataMember(Name = "_embedded", EmitDefaultValue = true)]
+        public DeviceListAllOfEmbedded Embedded { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class DeviceList {\n");
+            sb.Append("  Created: ").Append(Created).Append("\n");
+            sb.Append("  Id: ").Append(Id).Append("\n");
+            sb.Append("  LastUpdated: ").Append(LastUpdated).Append("\n");
+            sb.Append("  Profile: ").Append(Profile).Append("\n");
+            sb.Append("  ResourceAlternateId: ").Append(ResourceAlternateId).Append("\n");
+            sb.Append("  ResourceDisplayName: ").Append(ResourceDisplayName).Append("\n");
+            sb.Append("  ResourceId: ").Append(ResourceId).Append("\n");
+            sb.Append("  ResourceType: ").Append(ResourceType).Append("\n");
+            sb.Append("  Status: ").Append(Status).Append("\n");
+            sb.Append("  Links: ").Append(Links).Append("\n");
+            sb.Append("  Embedded: ").Append(Embedded).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as DeviceList);
+        }
+
+        /// <summary>
+        /// Returns true if DeviceList instances are equal
+        /// </summary>
+        /// <param name="input">Instance of DeviceList to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(DeviceList input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Created == input.Created ||
+                    (this.Created != null &&
+                    this.Created.Equals(input.Created))
+                ) && 
+                (
+                    this.Id == input.Id ||
+                    (this.Id != null &&
+                    this.Id.Equals(input.Id))
+                ) && 
+                (
+                    this.LastUpdated == input.LastUpdated ||
+                    (this.LastUpdated != null &&
+                    this.LastUpdated.Equals(input.LastUpdated))
+                ) && 
+                (
+                    this.Profile == input.Profile ||
+                    (this.Profile != null &&
+                    this.Profile.Equals(input.Profile))
+                ) && 
+                (
+                    this.ResourceAlternateId == input.ResourceAlternateId ||
+                    (this.ResourceAlternateId != null &&
+                    this.ResourceAlternateId.Equals(input.ResourceAlternateId))
+                ) && 
+                (
+                    this.ResourceDisplayName == input.ResourceDisplayName ||
+                    (this.ResourceDisplayName != null &&
+                    this.ResourceDisplayName.Equals(input.ResourceDisplayName))
+                ) && 
+                (
+                    this.ResourceId == input.ResourceId ||
+                    (this.ResourceId != null &&
+                    this.ResourceId.Equals(input.ResourceId))
+                ) && 
+                (
+                    this.ResourceType == input.ResourceType ||
+                    (this.ResourceType != null &&
+                    this.ResourceType.Equals(input.ResourceType))
+                ) && 
+                (
+                    this.Status == input.Status ||
+                    this.Status.Equals(input.Status)
+                ) && 
+                (
+                    this.Links == input.Links ||
+                    (this.Links != null &&
+                    this.Links.Equals(input.Links))
+                ) && 
+                (
+                    this.Embedded == input.Embedded ||
+                    (this.Embedded != null &&
+                    this.Embedded.Equals(input.Embedded))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Created != null)
+                {
+                    hashCode = (hashCode * 59) + this.Created.GetHashCode();
+                }
+                if (this.Id != null)
+                {
+                    hashCode = (hashCode * 59) + this.Id.GetHashCode();
+                }
+                if (this.LastUpdated != null)
+                {
+                    hashCode = (hashCode * 59) + this.LastUpdated.GetHashCode();
+                }
+                if (this.Profile != null)
+                {
+                    hashCode = (hashCode * 59) + this.Profile.GetHashCode();
+                }
+                if (this.ResourceAlternateId != null)
+                {
+                    hashCode = (hashCode * 59) + this.ResourceAlternateId.GetHashCode();
+                }
+                if (this.ResourceDisplayName != null)
+                {
+                    hashCode = (hashCode * 59) + this.ResourceDisplayName.GetHashCode();
+                }
+                if (this.ResourceId != null)
+                {
+                    hashCode = (hashCode * 59) + this.ResourceId.GetHashCode();
+                }
+                if (this.ResourceType != null)
+                {
+                    hashCode = (hashCode * 59) + this.ResourceType.GetHashCode();
+                }
+                if (this.Status != null)
+                {
+                    hashCode = (hashCode * 59) + this.Status.GetHashCode();
+                }
+                if (this.Links != null)
+                {
+                    hashCode = (hashCode * 59) + this.Links.GetHashCode();
+                }
+                if (this.Embedded != null)
+                {
+                    hashCode = (hashCode * 59) + this.Embedded.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/DeviceListAllOfEmbedded.cs b/src/Okta.Sdk/Model/DeviceListAllOfEmbedded.cs
new file mode 100644
index 000000000..458ce4ac4
--- /dev/null
+++ b/src/Okta.Sdk/Model/DeviceListAllOfEmbedded.cs
@@ -0,0 +1,116 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// List of associated users for the device if the &#x60;expand&#x3D;user&#x60; query parameter is specified in the request. Use &#x60;expand&#x3D;userSummary&#x60; to get only a summary of each associated user for the device.
+    /// </summary>
+    [DataContract(Name = "DeviceList_allOf__embedded")]
+    
+    public partial class DeviceListAllOfEmbedded : IEquatable<DeviceListAllOfEmbedded>
+    {
+        
+        /// <summary>
+        /// Users for the device
+        /// </summary>
+        /// <value>Users for the device</value>
+        [DataMember(Name = "users", EmitDefaultValue = true)]
+        public List<DeviceUser> Users { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class DeviceListAllOfEmbedded {\n");
+            sb.Append("  Users: ").Append(Users).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as DeviceListAllOfEmbedded);
+        }
+
+        /// <summary>
+        /// Returns true if DeviceListAllOfEmbedded instances are equal
+        /// </summary>
+        /// <param name="input">Instance of DeviceListAllOfEmbedded to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(DeviceListAllOfEmbedded input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Users == input.Users ||
+                    this.Users != null &&
+                    input.Users != null &&
+                    this.Users.SequenceEqual(input.Users)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Users != null)
+                {
+                    hashCode = (hashCode * 59) + this.Users.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/DevicePlatform.cs b/src/Okta.Sdk/Model/DevicePlatform.cs
index 1bcfcf0fc..ed1636d46 100644
--- a/src/Okta.Sdk/Model/DevicePlatform.cs
+++ b/src/Okta.Sdk/Model/DevicePlatform.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DevicePolicyMDMFramework.cs b/src/Okta.Sdk/Model/DevicePolicyMDMFramework.cs
index d4ff1a064..b05cb9c1c 100644
--- a/src/Okta.Sdk/Model/DevicePolicyMDMFramework.cs
+++ b/src/Okta.Sdk/Model/DevicePolicyMDMFramework.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DevicePolicyPlatformType.cs b/src/Okta.Sdk/Model/DevicePolicyPlatformType.cs
index 2a1ead5b3..21bf01cc3 100644
--- a/src/Okta.Sdk/Model/DevicePolicyPlatformType.cs
+++ b/src/Okta.Sdk/Model/DevicePolicyPlatformType.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DevicePolicyRuleCondition.cs b/src/Okta.Sdk/Model/DevicePolicyRuleCondition.cs
index a5d598927..8b9b49758 100644
--- a/src/Okta.Sdk/Model/DevicePolicyRuleCondition.cs
+++ b/src/Okta.Sdk/Model/DevicePolicyRuleCondition.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DevicePolicyRuleConditionAssurance.cs b/src/Okta.Sdk/Model/DevicePolicyRuleConditionAssurance.cs
index 37f6ec3bc..c8441e750 100644
--- a/src/Okta.Sdk/Model/DevicePolicyRuleConditionAssurance.cs
+++ b/src/Okta.Sdk/Model/DevicePolicyRuleConditionAssurance.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DevicePolicyRuleConditionPlatform.cs b/src/Okta.Sdk/Model/DevicePolicyRuleConditionPlatform.cs
index d2fea9e5e..889d87182 100644
--- a/src/Okta.Sdk/Model/DevicePolicyRuleConditionPlatform.cs
+++ b/src/Okta.Sdk/Model/DevicePolicyRuleConditionPlatform.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DevicePolicyTrustLevel.cs b/src/Okta.Sdk/Model/DevicePolicyTrustLevel.cs
index 5a8d904d3..38062caf0 100644
--- a/src/Okta.Sdk/Model/DevicePolicyTrustLevel.cs
+++ b/src/Okta.Sdk/Model/DevicePolicyTrustLevel.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DeviceProfile.cs b/src/Okta.Sdk/Model/DeviceProfile.cs
index c2895bcda..b4660697a 100644
--- a/src/Okta.Sdk/Model/DeviceProfile.cs
+++ b/src/Okta.Sdk/Model/DeviceProfile.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -131,9 +131,9 @@ public DeviceProfile() { }
         public string Sid { get; set; }
 
         /// <summary>
-        /// Windows Trsted Platform Module hash value
+        /// Windows Trusted Platform Module hash value
         /// </summary>
-        /// <value>Windows Trsted Platform Module hash value</value>
+        /// <value>Windows Trusted Platform Module hash value</value>
         [DataMember(Name = "tpmPublicKeyHash", EmitDefaultValue = true)]
         public string TpmPublicKeyHash { get; set; }
 
diff --git a/src/Okta.Sdk/Model/DeviceStatus.cs b/src/Okta.Sdk/Model/DeviceStatus.cs
index 65bf7bfb5..0e1b1b58c 100644
--- a/src/Okta.Sdk/Model/DeviceStatus.cs
+++ b/src/Okta.Sdk/Model/DeviceStatus.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DeviceUser.cs b/src/Okta.Sdk/Model/DeviceUser.cs
index 5ec075c95..b7897998e 100644
--- a/src/Okta.Sdk/Model/DeviceUser.cs
+++ b/src/Okta.Sdk/Model/DeviceUser.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DigestAlgorithm.cs b/src/Okta.Sdk/Model/DigestAlgorithm.cs
index 838bcb6ad..7ff1cc0da 100644
--- a/src/Okta.Sdk/Model/DigestAlgorithm.cs
+++ b/src/Okta.Sdk/Model/DigestAlgorithm.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -26,8 +26,9 @@
 namespace Okta.Sdk.Model
 {
     /// <summary>
-    /// Defines DigestAlgorithm
+    /// Algorithm used to generate the key. Only required for the PBKDF2 algorithm.
     /// </summary>
+    /// <value>Algorithm used to generate the key. Only required for the PBKDF2 algorithm.</value>
     [JsonConverter(typeof(StringEnumSerializingConverter))]
     public sealed class DigestAlgorithm : StringEnum
     {
diff --git a/src/Okta.Sdk/Model/DiskEncryptionTypeAndroid.cs b/src/Okta.Sdk/Model/DiskEncryptionTypeAndroid.cs
new file mode 100644
index 000000000..ca6fa942e
--- /dev/null
+++ b/src/Okta.Sdk/Model/DiskEncryptionTypeAndroid.cs
@@ -0,0 +1,60 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Defines DiskEncryptionTypeAndroid
+    /// </summary>
+    [JsonConverter(typeof(StringEnumSerializingConverter))]
+    public sealed class DiskEncryptionTypeAndroid : StringEnum
+    {
+        /// <summary>
+        /// StringEnum DiskEncryptionTypeAndroid for value: FULL
+        /// </summary>
+        public static DiskEncryptionTypeAndroid FULL = new DiskEncryptionTypeAndroid("FULL");
+        /// <summary>
+        /// StringEnum DiskEncryptionTypeAndroid for value: USER
+        /// </summary>
+        public static DiskEncryptionTypeAndroid USER = new DiskEncryptionTypeAndroid("USER");
+
+        /// <summary>
+        /// Implicit operator declaration to accept and convert a string value as a <see cref="DiskEncryptionTypeAndroid"/>
+        /// </summary>
+        /// <param name="value">The value to use</param>
+        public static implicit operator DiskEncryptionTypeAndroid(string value) => new DiskEncryptionTypeAndroid(value);
+
+        /// <summary>
+        /// Creates a new <see cref="DiskEncryptionTypeAndroid"/> instance.
+        /// </summary>
+        /// <param name="value">The value to use.</param>
+        public DiskEncryptionTypeAndroid(string value)
+            : base(value)
+        {
+        }
+    }
+
+
+}
diff --git a/src/Okta.Sdk/Model/DiskEncryptionTypeDef.cs b/src/Okta.Sdk/Model/DiskEncryptionTypeDef.cs
index b4ae1d620..364328006 100644
--- a/src/Okta.Sdk/Model/DiskEncryptionTypeDef.cs
+++ b/src/Okta.Sdk/Model/DiskEncryptionTypeDef.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DiskEncryptionTypeDesktop.cs b/src/Okta.Sdk/Model/DiskEncryptionTypeDesktop.cs
new file mode 100644
index 000000000..190b49a48
--- /dev/null
+++ b/src/Okta.Sdk/Model/DiskEncryptionTypeDesktop.cs
@@ -0,0 +1,56 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Defines DiskEncryptionTypeDesktop
+    /// </summary>
+    [JsonConverter(typeof(StringEnumSerializingConverter))]
+    public sealed class DiskEncryptionTypeDesktop : StringEnum
+    {
+        /// <summary>
+        /// StringEnum DiskEncryptionTypeDesktop for value: ALL_INTERNAL_VOLUMES
+        /// </summary>
+        public static DiskEncryptionTypeDesktop ALLINTERNALVOLUMES = new DiskEncryptionTypeDesktop("ALL_INTERNAL_VOLUMES");
+
+        /// <summary>
+        /// Implicit operator declaration to accept and convert a string value as a <see cref="DiskEncryptionTypeDesktop"/>
+        /// </summary>
+        /// <param name="value">The value to use</param>
+        public static implicit operator DiskEncryptionTypeDesktop(string value) => new DiskEncryptionTypeDesktop(value);
+
+        /// <summary>
+        /// Creates a new <see cref="DiskEncryptionTypeDesktop"/> instance.
+        /// </summary>
+        /// <param name="value">The value to use.</param>
+        public DiskEncryptionTypeDesktop(string value)
+            : base(value)
+        {
+        }
+    }
+
+
+}
diff --git a/src/Okta.Sdk/Model/DomainCertificate.cs b/src/Okta.Sdk/Model/DomainCertificate.cs
index 50f492ff8..9d66cea19 100644
--- a/src/Okta.Sdk/Model/DomainCertificate.cs
+++ b/src/Okta.Sdk/Model/DomainCertificate.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DomainCertificateMetadata.cs b/src/Okta.Sdk/Model/DomainCertificateMetadata.cs
index 204d88a70..cb7ec2eb8 100644
--- a/src/Okta.Sdk/Model/DomainCertificateMetadata.cs
+++ b/src/Okta.Sdk/Model/DomainCertificateMetadata.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DomainCertificateSourceType.cs b/src/Okta.Sdk/Model/DomainCertificateSourceType.cs
index 638c2083e..322c18363 100644
--- a/src/Okta.Sdk/Model/DomainCertificateSourceType.cs
+++ b/src/Okta.Sdk/Model/DomainCertificateSourceType.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DomainCertificateType.cs b/src/Okta.Sdk/Model/DomainCertificateType.cs
index 46a49c930..2dd530e3c 100644
--- a/src/Okta.Sdk/Model/DomainCertificateType.cs
+++ b/src/Okta.Sdk/Model/DomainCertificateType.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DomainLinks.cs b/src/Okta.Sdk/Model/DomainLinks.cs
index 8b9b2f693..683801c64 100644
--- a/src/Okta.Sdk/Model/DomainLinks.cs
+++ b/src/Okta.Sdk/Model/DomainLinks.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DomainListResponse.cs b/src/Okta.Sdk/Model/DomainListResponse.cs
index eb4957bd8..365f7e8f7 100644
--- a/src/Okta.Sdk/Model/DomainListResponse.cs
+++ b/src/Okta.Sdk/Model/DomainListResponse.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DomainRequest.cs b/src/Okta.Sdk/Model/DomainRequest.cs
index 5b6964f59..4953f1fc5 100644
--- a/src/Okta.Sdk/Model/DomainRequest.cs
+++ b/src/Okta.Sdk/Model/DomainRequest.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DomainResponse.cs b/src/Okta.Sdk/Model/DomainResponse.cs
index ae3f5388b..b16c66735 100644
--- a/src/Okta.Sdk/Model/DomainResponse.cs
+++ b/src/Okta.Sdk/Model/DomainResponse.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DomainValidationStatus.cs b/src/Okta.Sdk/Model/DomainValidationStatus.cs
index 5002017db..45b46c19f 100644
--- a/src/Okta.Sdk/Model/DomainValidationStatus.cs
+++ b/src/Okta.Sdk/Model/DomainValidationStatus.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/Duration.cs b/src/Okta.Sdk/Model/Duration.cs
index e89b28eef..ec0e743ca 100644
--- a/src/Okta.Sdk/Model/Duration.cs
+++ b/src/Okta.Sdk/Model/Duration.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/DynamicNetworkZone.cs b/src/Okta.Sdk/Model/DynamicNetworkZone.cs
new file mode 100644
index 000000000..ce794867e
--- /dev/null
+++ b/src/Okta.Sdk/Model/DynamicNetworkZone.cs
@@ -0,0 +1,206 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using JsonSubTypes;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// DynamicNetworkZone
+    /// </summary>
+    [DataContract(Name = "DynamicNetworkZone")]
+    [JsonConverter(typeof(JsonSubtypes), "Type")]
+    [JsonSubtypes.KnownSubType(typeof(DynamicNetworkZone), "DYNAMIC")]
+    [JsonSubtypes.KnownSubType(typeof(EnhancedDynamicNetworkZone), "DYNAMIC_V2")]
+    [JsonSubtypes.KnownSubType(typeof(IPNetworkZone), "IP")]
+    
+    public partial class DynamicNetworkZone : NetworkZone, IEquatable<DynamicNetworkZone>
+    {
+        /// <summary>
+        /// The proxy type used for a Dynamic Network Zone
+        /// </summary>
+        /// <value>The proxy type used for a Dynamic Network Zone</value>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class ProxyTypeEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum Null for value: null
+            /// </summary>
+            
+            public static ProxyTypeEnum Null = new ProxyTypeEnum("null");
+
+            /// <summary>
+            /// StringEnum Any for value: Any
+            /// </summary>
+            
+            public static ProxyTypeEnum Any = new ProxyTypeEnum("Any");
+
+            /// <summary>
+            /// StringEnum Tor for value: Tor
+            /// </summary>
+            
+            public static ProxyTypeEnum Tor = new ProxyTypeEnum("Tor");
+
+            /// <summary>
+            /// StringEnum NotTorAnonymizer for value: NotTorAnonymizer
+            /// </summary>
+            
+            public static ProxyTypeEnum NotTorAnonymizer = new ProxyTypeEnum("NotTorAnonymizer");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="ProxyTypeEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator ProxyTypeEnum(string value) => new ProxyTypeEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="ProxyType"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public ProxyTypeEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// The proxy type used for a Dynamic Network Zone
+        /// </summary>
+        /// <value>The proxy type used for a Dynamic Network Zone</value>
+        [DataMember(Name = "proxyType", EmitDefaultValue = true)]
+        
+        public ProxyTypeEnum ProxyType { get; set; }
+        /// <summary>
+        /// Initializes a new instance of the <see cref="DynamicNetworkZone" /> class.
+        /// </summary>
+        [JsonConstructorAttribute]
+        public DynamicNetworkZone() { }
+        
+        /// <summary>
+        /// Gets or Sets Asns
+        /// </summary>
+        [DataMember(Name = "asns", EmitDefaultValue = true)]
+        public List Asns { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Locations
+        /// </summary>
+        [DataMember(Name = "locations", EmitDefaultValue = true)]
+        public List Locations { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class DynamicNetworkZone {\n");
+            sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
+            sb.Append("  Asns: ").Append(Asns).Append("\n");
+            sb.Append("  ProxyType: ").Append(ProxyType).Append("\n");
+            sb.Append("  Locations: ").Append(Locations).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as DynamicNetworkZone);
+        }
+
+        /// <summary>
+        /// Returns true if DynamicNetworkZone instances are equal
+        /// </summary>
+        /// <param name="input">Instance of DynamicNetworkZone to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(DynamicNetworkZone input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return base.Equals(input) && 
+                (
+                    this.Asns == input.Asns ||
+                    (this.Asns != null &&
+                    this.Asns.Equals(input.Asns))
+                ) && base.Equals(input) && 
+                (
+                    this.ProxyType == input.ProxyType ||
+                    this.ProxyType.Equals(input.ProxyType)
+                ) && base.Equals(input) && 
+                (
+                    this.Locations == input.Locations ||
+                    (this.Locations != null &&
+                    this.Locations.Equals(input.Locations))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = base.GetHashCode();
+                
+                if (this.Asns != null)
+                {
+                    hashCode = (hashCode * 59) + this.Asns.GetHashCode();
+                }
+                if (this.ProxyType != null)
+                {
+                    hashCode = (hashCode * 59) + this.ProxyType.GetHashCode();
+                }
+                if (this.Locations != null)
+                {
+                    hashCode = (hashCode * 59) + this.Locations.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/ECKeyJWK.cs b/src/Okta.Sdk/Model/ECKeyJWK.cs
new file mode 100644
index 000000000..f324b4319
--- /dev/null
+++ b/src/Okta.Sdk/Model/ECKeyJWK.cs
@@ -0,0 +1,293 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Elliptic Curve Key in JWK format, currently used during enrollment to encrypt fulfillment requests to Yubico, or during activation to verify Yubico&#39;s JWS objects in fulfillment responses. The currently agreed protocol uses P-384.
+    /// </summary>
+    [DataContract(Name = "ECKeyJWK")]
+    
+    public partial class ECKeyJWK : IEquatable<ECKeyJWK>
+    {
+        /// <summary>
+        /// Defines Crv
+        /// </summary>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class CrvEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum P384 for value: P-384
+            /// </summary>
+            
+            public static CrvEnum P384 = new CrvEnum("P-384");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="CrvEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator CrvEnum(string value) => new CrvEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="Crv"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public CrvEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// Gets or Sets Crv
+        /// </summary>
+        [DataMember(Name = "crv", EmitDefaultValue = true)]
+        
+        public CrvEnum Crv { get; set; }
+        /// <summary>
+        /// The type of public key
+        /// </summary>
+        /// <value>The type of public key</value>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class KtyEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum EC for value: EC
+            /// </summary>
+            
+            public static KtyEnum EC = new KtyEnum("EC");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="KtyEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator KtyEnum(string value) => new KtyEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="Kty"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public KtyEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// The type of public key
+        /// </summary>
+        /// <value>The type of public key</value>
+        [DataMember(Name = "kty", EmitDefaultValue = true)]
+        
+        public KtyEnum Kty { get; set; }
+        /// <summary>
+        /// The intended use for the key. The ECKeyJWK is always &#x60;enc&#x60; because Okta uses it to encrypt requests to Yubico.
+        /// </summary>
+        /// <value>The intended use for the key. The ECKeyJWK is always &#x60;enc&#x60; because Okta uses it to encrypt requests to Yubico.</value>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class UseEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum Enc for value: enc
+            /// </summary>
+            
+            public static UseEnum Enc = new UseEnum("enc");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="UseEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator UseEnum(string value) => new UseEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="Use"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public UseEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// The intended use for the key. The ECKeyJWK is always &#x60;enc&#x60; because Okta uses it to encrypt requests to Yubico.
+        /// </summary>
+        /// <value>The intended use for the key. The ECKeyJWK is always &#x60;enc&#x60; because Okta uses it to encrypt requests to Yubico.</value>
+        [DataMember(Name = "use", EmitDefaultValue = true)]
+        
+        public UseEnum Use { get; set; }
+        /// <summary>
+        /// Initializes a new instance of the <see cref="ECKeyJWK" /> class.
+        /// </summary>
+        [JsonConstructorAttribute]
+        public ECKeyJWK() { }
+        
+        /// <summary>
+        /// The unique identifier of the key
+        /// </summary>
+        /// <value>The unique identifier of the key</value>
+        [DataMember(Name = "kid", EmitDefaultValue = true)]
+        public string Kid { get; set; }
+
+        /// <summary>
+        /// The public x coordinate for the elliptic curve point
+        /// </summary>
+        /// <value>The public x coordinate for the elliptic curve point</value>
+        [DataMember(Name = "x", EmitDefaultValue = true)]
+        public string X { get; set; }
+
+        /// <summary>
+        /// The public y coordinate for the elliptic curve point
+        /// </summary>
+        /// <value>The public y coordinate for the elliptic curve point</value>
+        [DataMember(Name = "y", EmitDefaultValue = true)]
+        public string Y { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class ECKeyJWK {\n");
+            sb.Append("  Crv: ").Append(Crv).Append("\n");
+            sb.Append("  Kid: ").Append(Kid).Append("\n");
+            sb.Append("  Kty: ").Append(Kty).Append("\n");
+            sb.Append("  Use: ").Append(Use).Append("\n");
+            sb.Append("  X: ").Append(X).Append("\n");
+            sb.Append("  Y: ").Append(Y).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as ECKeyJWK);
+        }
+
+        /// <summary>
+        /// Returns true if ECKeyJWK instances are equal
+        /// </summary>
+        /// <param name="input">Instance of ECKeyJWK to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(ECKeyJWK input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Crv == input.Crv ||
+                    this.Crv.Equals(input.Crv)
+                ) && 
+                (
+                    this.Kid == input.Kid ||
+                    (this.Kid != null &&
+                    this.Kid.Equals(input.Kid))
+                ) && 
+                (
+                    this.Kty == input.Kty ||
+                    this.Kty.Equals(input.Kty)
+                ) && 
+                (
+                    this.Use == input.Use ||
+                    this.Use.Equals(input.Use)
+                ) && 
+                (
+                    this.X == input.X ||
+                    (this.X != null &&
+                    this.X.Equals(input.X))
+                ) && 
+                (
+                    this.Y == input.Y ||
+                    (this.Y != null &&
+                    this.Y.Equals(input.Y))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Crv != null)
+                {
+                    hashCode = (hashCode * 59) + this.Crv.GetHashCode();
+                }
+                if (this.Kid != null)
+                {
+                    hashCode = (hashCode * 59) + this.Kid.GetHashCode();
+                }
+                if (this.Kty != null)
+                {
+                    hashCode = (hashCode * 59) + this.Kty.GetHashCode();
+                }
+                if (this.Use != null)
+                {
+                    hashCode = (hashCode * 59) + this.Use.GetHashCode();
+                }
+                if (this.X != null)
+                {
+                    hashCode = (hashCode * 59) + this.X.GetHashCode();
+                }
+                if (this.Y != null)
+                {
+                    hashCode = (hashCode * 59) + this.Y.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/Email.cs b/src/Okta.Sdk/Model/Email.cs
new file mode 100644
index 000000000..bcb1c33e2
--- /dev/null
+++ b/src/Okta.Sdk/Model/Email.cs
@@ -0,0 +1,115 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Attempts to activate a &#x60;email&#x60; Factor with the specified passcode.
+    /// </summary>
+    [DataContract(Name = "email")]
+    
+    public partial class Email : IEquatable<Email>
+    {
+        
+        /// <summary>
+        /// OTP for the current time window
+        /// </summary>
+        /// <value>OTP for the current time window</value>
+        [DataMember(Name = "passCode", EmitDefaultValue = true)]
+        public string PassCode { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class Email {\n");
+            sb.Append("  PassCode: ").Append(PassCode).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as Email);
+        }
+
+        /// <summary>
+        /// Returns true if Email instances are equal
+        /// </summary>
+        /// <param name="input">Instance of Email to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(Email input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.PassCode == input.PassCode ||
+                    (this.PassCode != null &&
+                    this.PassCode.Equals(input.PassCode))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.PassCode != null)
+                {
+                    hashCode = (hashCode * 59) + this.PassCode.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/Email1.cs b/src/Okta.Sdk/Model/Email1.cs
new file mode 100644
index 000000000..e6e85c389
--- /dev/null
+++ b/src/Okta.Sdk/Model/Email1.cs
@@ -0,0 +1,115 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Verifies an OTP sent by a &#x60;email&#x60; Factor challenge. If you omit &#x60;passCode&#x60; in the request, a new OTP is sent to the phone.
+    /// </summary>
+    [DataContract(Name = "email_1")]
+    
+    public partial class Email1 : IEquatable<Email1>
+    {
+        
+        /// <summary>
+        /// OTP for the current time window
+        /// </summary>
+        /// <value>OTP for the current time window</value>
+        [DataMember(Name = "passCode", EmitDefaultValue = true)]
+        public string PassCode { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class Email1 {\n");
+            sb.Append("  PassCode: ").Append(PassCode).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as Email1);
+        }
+
+        /// <summary>
+        /// Returns true if Email1 instances are equal
+        /// </summary>
+        /// <param name="input">Instance of Email1 to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(Email1 input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.PassCode == input.PassCode ||
+                    (this.PassCode != null &&
+                    this.PassCode.Equals(input.PassCode))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.PassCode != null)
+                {
+                    hashCode = (hashCode * 59) + this.PassCode.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EmailContent.cs b/src/Okta.Sdk/Model/EmailContent.cs
index 8997c9a11..769da2807 100644
--- a/src/Okta.Sdk/Model/EmailContent.cs
+++ b/src/Okta.Sdk/Model/EmailContent.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -40,16 +40,16 @@ public partial class EmailContent : IEquatable<EmailContent>
         public EmailContent() { }
         
         /// <summary>
-        /// The email&#39;s HTML body. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
+        /// The HTML body of the email. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).   &lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt; Not required if Custom languages for Okta Email Templates is enabled. A &#x60;null&#x60; body is replaced with a default value from one of the following in priority order:  1. An existing default email customization, if one exists 2. Okta-provided translated content for the specified language, if one exists 3. Okta-provided translated content for the brand locale, if it&#39;s set  4. Okta-provided content in English 
         /// </summary>
-        /// <value>The email&#39;s HTML body. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).</value>
+        /// <value>The HTML body of the email. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).   &lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt; Not required if Custom languages for Okta Email Templates is enabled. A &#x60;null&#x60; body is replaced with a default value from one of the following in priority order:  1. An existing default email customization, if one exists 2. Okta-provided translated content for the specified language, if one exists 3. Okta-provided translated content for the brand locale, if it&#39;s set  4. Okta-provided content in English </value>
         [DataMember(Name = "body", EmitDefaultValue = true)]
         public string Body { get; set; }
 
         /// <summary>
-        /// The email&#39;s subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
+        /// The email subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).  &lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt; Not required if Custom languages for Okta Email Templates is enabled. A &#x60;null&#x60; subject is replaced with a default value from one of the following in priority order:  1. An existing default email customization, if one exists 2. Okta-provided translated content for the specified language, if one exists 3. Okta-provided translated content for the brand locale, if it&#39;s set 4. Okta-provided content in English 
         /// </summary>
-        /// <value>The email&#39;s subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).</value>
+        /// <value>The email subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).  &lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt; Not required if Custom languages for Okta Email Templates is enabled. A &#x60;null&#x60; subject is replaced with a default value from one of the following in priority order:  1. An existing default email customization, if one exists 2. Okta-provided translated content for the specified language, if one exists 3. Okta-provided translated content for the brand locale, if it&#39;s set 4. Okta-provided content in English </value>
         [DataMember(Name = "subject", EmitDefaultValue = true)]
         public string Subject { get; set; }
 
diff --git a/src/Okta.Sdk/Model/EmailCustomization.cs b/src/Okta.Sdk/Model/EmailCustomization.cs
index 2c76e84a9..606d1c017 100644
--- a/src/Okta.Sdk/Model/EmailCustomization.cs
+++ b/src/Okta.Sdk/Model/EmailCustomization.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -40,16 +40,16 @@ public partial class EmailCustomization : IEquatable<EmailCustomization>
         public EmailCustomization() { }
         
         /// <summary>
-        /// The email&#39;s HTML body. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
+        /// The HTML body of the email. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).   &lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt; Not required if Custom languages for Okta Email Templates is enabled. A &#x60;null&#x60; body is replaced with a default value from one of the following in priority order:  1. An existing default email customization, if one exists 2. Okta-provided translated content for the specified language, if one exists 3. Okta-provided translated content for the brand locale, if it&#39;s set  4. Okta-provided content in English 
         /// </summary>
-        /// <value>The email&#39;s HTML body. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).</value>
+        /// <value>The HTML body of the email. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).   &lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt; Not required if Custom languages for Okta Email Templates is enabled. A &#x60;null&#x60; body is replaced with a default value from one of the following in priority order:  1. An existing default email customization, if one exists 2. Okta-provided translated content for the specified language, if one exists 3. Okta-provided translated content for the brand locale, if it&#39;s set  4. Okta-provided content in English </value>
         [DataMember(Name = "body", EmitDefaultValue = true)]
         public string Body { get; set; }
 
         /// <summary>
-        /// The email&#39;s subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
+        /// The email subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).  &lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt; Not required if Custom languages for Okta Email Templates is enabled. A &#x60;null&#x60; subject is replaced with a default value from one of the following in priority order:  1. An existing default email customization, if one exists 2. Okta-provided translated content for the specified language, if one exists 3. Okta-provided translated content for the brand locale, if it&#39;s set 4. Okta-provided content in English 
         /// </summary>
-        /// <value>The email&#39;s subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).</value>
+        /// <value>The email subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).  &lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt; Not required if Custom languages for Okta Email Templates is enabled. A &#x60;null&#x60; subject is replaced with a default value from one of the following in priority order:  1. An existing default email customization, if one exists 2. Okta-provided translated content for the specified language, if one exists 3. Okta-provided translated content for the brand locale, if it&#39;s set 4. Okta-provided content in English </value>
         [DataMember(Name = "subject", EmitDefaultValue = true)]
         public string Subject { get; set; }
 
diff --git a/src/Okta.Sdk/Model/EmailDefaultContent.cs b/src/Okta.Sdk/Model/EmailDefaultContent.cs
index 6bac731f7..9d11ce8b0 100644
--- a/src/Okta.Sdk/Model/EmailDefaultContent.cs
+++ b/src/Okta.Sdk/Model/EmailDefaultContent.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -40,16 +40,16 @@ public partial class EmailDefaultContent : IEquatable<EmailDefaultContent>
         public EmailDefaultContent() { }
         
         /// <summary>
-        /// The email&#39;s HTML body. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
+        /// The HTML body of the email. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).   &lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt; Not required if Custom languages for Okta Email Templates is enabled. A &#x60;null&#x60; body is replaced with a default value from one of the following in priority order:  1. An existing default email customization, if one exists 2. Okta-provided translated content for the specified language, if one exists 3. Okta-provided translated content for the brand locale, if it&#39;s set  4. Okta-provided content in English 
         /// </summary>
-        /// <value>The email&#39;s HTML body. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).</value>
+        /// <value>The HTML body of the email. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).   &lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt; Not required if Custom languages for Okta Email Templates is enabled. A &#x60;null&#x60; body is replaced with a default value from one of the following in priority order:  1. An existing default email customization, if one exists 2. Okta-provided translated content for the specified language, if one exists 3. Okta-provided translated content for the brand locale, if it&#39;s set  4. Okta-provided content in English </value>
         [DataMember(Name = "body", EmitDefaultValue = true)]
         public string Body { get; set; }
 
         /// <summary>
-        /// The email&#39;s subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
+        /// The email subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).  &lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt; Not required if Custom languages for Okta Email Templates is enabled. A &#x60;null&#x60; subject is replaced with a default value from one of the following in priority order:  1. An existing default email customization, if one exists 2. Okta-provided translated content for the specified language, if one exists 3. Okta-provided translated content for the brand locale, if it&#39;s set 4. Okta-provided content in English 
         /// </summary>
-        /// <value>The email&#39;s subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).</value>
+        /// <value>The email subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).  &lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt; Not required if Custom languages for Okta Email Templates is enabled. A &#x60;null&#x60; subject is replaced with a default value from one of the following in priority order:  1. An existing default email customization, if one exists 2. Okta-provided translated content for the specified language, if one exists 3. Okta-provided translated content for the brand locale, if it&#39;s set 4. Okta-provided content in English </value>
         [DataMember(Name = "subject", EmitDefaultValue = true)]
         public string Subject { get; set; }
 
diff --git a/src/Okta.Sdk/Model/EmailDomain.cs b/src/Okta.Sdk/Model/EmailDomain.cs
index 13d0fc166..65e759314 100644
--- a/src/Okta.Sdk/Model/EmailDomain.cs
+++ b/src/Okta.Sdk/Model/EmailDomain.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -51,6 +51,13 @@ public EmailDomain() { }
         [DataMember(Name = "domain", EmitDefaultValue = true)]
         public string Domain { get; set; }
 
+        /// <summary>
+        /// Subdomain for the email sender&#39;s custom mail domain. Specify your subdomain when you configure a custom mail domain.
+        /// </summary>
+        /// <value>Subdomain for the email sender&#39;s custom mail domain. Specify your subdomain when you configure a custom mail domain.</value>
+        [DataMember(Name = "validationSubdomain", EmitDefaultValue = true)]
+        public string ValidationSubdomain { get; set; }
+
         /// <summary>
         /// Gets or Sets DisplayName
         /// </summary>
@@ -73,6 +80,7 @@ public override string ToString()
             sb.Append("class EmailDomain {\n");
             sb.Append("  BrandId: ").Append(BrandId).Append("\n");
             sb.Append("  Domain: ").Append(Domain).Append("\n");
+            sb.Append("  ValidationSubdomain: ").Append(ValidationSubdomain).Append("\n");
             sb.Append("  DisplayName: ").Append(DisplayName).Append("\n");
             sb.Append("  UserName: ").Append(UserName).Append("\n");
             sb.Append("}\n");
@@ -120,6 +128,11 @@ public bool Equals(EmailDomain input)
                     (this.Domain != null &&
                     this.Domain.Equals(input.Domain))
                 ) && 
+                (
+                    this.ValidationSubdomain == input.ValidationSubdomain ||
+                    (this.ValidationSubdomain != null &&
+                    this.ValidationSubdomain.Equals(input.ValidationSubdomain))
+                ) && 
                 (
                     this.DisplayName == input.DisplayName ||
                     (this.DisplayName != null &&
@@ -150,6 +163,10 @@ public override int GetHashCode()
                 {
                     hashCode = (hashCode * 59) + this.Domain.GetHashCode();
                 }
+                if (this.ValidationSubdomain != null)
+                {
+                    hashCode = (hashCode * 59) + this.ValidationSubdomain.GetHashCode();
+                }
                 if (this.DisplayName != null)
                 {
                     hashCode = (hashCode * 59) + this.DisplayName.GetHashCode();
diff --git a/src/Okta.Sdk/Model/EmailDomainDNSRecord.cs b/src/Okta.Sdk/Model/EmailDomainDNSRecord.cs
index a44a48575..271b40354 100644
--- a/src/Okta.Sdk/Model/EmailDomainDNSRecord.cs
+++ b/src/Okta.Sdk/Model/EmailDomainDNSRecord.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/EmailDomainDNSRecordType.cs b/src/Okta.Sdk/Model/EmailDomainDNSRecordType.cs
index f81daf482..259b60e73 100644
--- a/src/Okta.Sdk/Model/EmailDomainDNSRecordType.cs
+++ b/src/Okta.Sdk/Model/EmailDomainDNSRecordType.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/EmailDomainResponse.cs b/src/Okta.Sdk/Model/EmailDomainResponse.cs
index 54b7989fd..f0caefdc8 100644
--- a/src/Okta.Sdk/Model/EmailDomainResponse.cs
+++ b/src/Okta.Sdk/Model/EmailDomainResponse.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -64,6 +64,13 @@ public EmailDomainResponse() { }
         [DataMember(Name = "id", EmitDefaultValue = true)]
         public string Id { get; set; }
 
+        /// <summary>
+        /// The subdomain for the email sender&#39;s custom mail domain
+        /// </summary>
+        /// <value>The subdomain for the email sender&#39;s custom mail domain</value>
+        [DataMember(Name = "validationSubdomain", EmitDefaultValue = true)]
+        public string ValidationSubdomain { get; set; }
+
         /// <summary>
         /// Gets or Sets DisplayName
         /// </summary>
@@ -88,6 +95,7 @@ public override string ToString()
             sb.Append("  Domain: ").Append(Domain).Append("\n");
             sb.Append("  Id: ").Append(Id).Append("\n");
             sb.Append("  ValidationStatus: ").Append(ValidationStatus).Append("\n");
+            sb.Append("  ValidationSubdomain: ").Append(ValidationSubdomain).Append("\n");
             sb.Append("  DisplayName: ").Append(DisplayName).Append("\n");
             sb.Append("  UserName: ").Append(UserName).Append("\n");
             sb.Append("}\n");
@@ -145,6 +153,11 @@ public bool Equals(EmailDomainResponse input)
                     this.ValidationStatus == input.ValidationStatus ||
                     this.ValidationStatus.Equals(input.ValidationStatus)
                 ) && 
+                (
+                    this.ValidationSubdomain == input.ValidationSubdomain ||
+                    (this.ValidationSubdomain != null &&
+                    this.ValidationSubdomain.Equals(input.ValidationSubdomain))
+                ) && 
                 (
                     this.DisplayName == input.DisplayName ||
                     (this.DisplayName != null &&
@@ -183,6 +196,10 @@ public override int GetHashCode()
                 {
                     hashCode = (hashCode * 59) + this.ValidationStatus.GetHashCode();
                 }
+                if (this.ValidationSubdomain != null)
+                {
+                    hashCode = (hashCode * 59) + this.ValidationSubdomain.GetHashCode();
+                }
                 if (this.DisplayName != null)
                 {
                     hashCode = (hashCode * 59) + this.DisplayName.GetHashCode();
diff --git a/src/Okta.Sdk/Model/EmailDomainResponseWithEmbedded.cs b/src/Okta.Sdk/Model/EmailDomainResponseWithEmbedded.cs
index 111dba797..5daed6382 100644
--- a/src/Okta.Sdk/Model/EmailDomainResponseWithEmbedded.cs
+++ b/src/Okta.Sdk/Model/EmailDomainResponseWithEmbedded.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/EmailDomainStatus.cs b/src/Okta.Sdk/Model/EmailDomainStatus.cs
index 2fe0171f7..6516f7199 100644
--- a/src/Okta.Sdk/Model/EmailDomainStatus.cs
+++ b/src/Okta.Sdk/Model/EmailDomainStatus.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/EmailPreview.cs b/src/Okta.Sdk/Model/EmailPreview.cs
index 9174232e0..a77dd8345 100644
--- a/src/Okta.Sdk/Model/EmailPreview.cs
+++ b/src/Okta.Sdk/Model/EmailPreview.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/EmailPreviewLinks.cs b/src/Okta.Sdk/Model/EmailPreviewLinks.cs
index 59b03aa8b..cbe9b0415 100644
--- a/src/Okta.Sdk/Model/EmailPreviewLinks.cs
+++ b/src/Okta.Sdk/Model/EmailPreviewLinks.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/EmailServerListResponse.cs b/src/Okta.Sdk/Model/EmailServerListResponse.cs
index b21b569d8..c8e15f85d 100644
--- a/src/Okta.Sdk/Model/EmailServerListResponse.cs
+++ b/src/Okta.Sdk/Model/EmailServerListResponse.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/EmailServerPost.cs b/src/Okta.Sdk/Model/EmailServerPost.cs
index cf144fb4e..32e8937f3 100644
--- a/src/Okta.Sdk/Model/EmailServerPost.cs
+++ b/src/Okta.Sdk/Model/EmailServerPost.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -40,44 +40,44 @@ public partial class EmailServerPost : IEquatable<EmailServerPost>
         public EmailServerPost() { }
         
         /// <summary>
-        /// A name to identify this configuration
+        /// Human-readable name for your SMTP server
         /// </summary>
-        /// <value>A name to identify this configuration</value>
+        /// <value>Human-readable name for your SMTP server</value>
         [DataMember(Name = "alias", EmitDefaultValue = true)]
         public string Alias { get; set; }
 
         /// <summary>
-        /// True if and only if all email traffic should be routed through this SMTP Server
+        /// If &#x60;true&#x60;, routes all email traffic through your SMTP server
         /// </summary>
-        /// <value>True if and only if all email traffic should be routed through this SMTP Server</value>
+        /// <value>If &#x60;true&#x60;, routes all email traffic through your SMTP server</value>
         [DataMember(Name = "enabled", EmitDefaultValue = true)]
         public bool Enabled { get; set; }
 
         /// <summary>
-        /// The address of the SMTP Server
+        /// Hostname or IP address of your SMTP server
         /// </summary>
-        /// <value>The address of the SMTP Server</value>
+        /// <value>Hostname or IP address of your SMTP server</value>
         [DataMember(Name = "host", EmitDefaultValue = true)]
         public string Host { get; set; }
 
         /// <summary>
-        /// The port number of the SMTP Server
+        /// Port number of your SMTP server
         /// </summary>
-        /// <value>The port number of the SMTP Server</value>
+        /// <value>Port number of your SMTP server</value>
         [DataMember(Name = "port", EmitDefaultValue = true)]
         public int Port { get; set; }
 
         /// <summary>
-        /// The username to use with your SMTP Server
+        /// Username used to access your SMTP server
         /// </summary>
-        /// <value>The username to use with your SMTP Server</value>
+        /// <value>Username used to access your SMTP server</value>
         [DataMember(Name = "username", EmitDefaultValue = true)]
         public string Username { get; set; }
 
         /// <summary>
-        /// The password to use with your SMTP server
+        /// Password used to access your SMTP server
         /// </summary>
-        /// <value>The password to use with your SMTP server</value>
+        /// <value>Password used to access your SMTP server</value>
         [DataMember(Name = "password", EmitDefaultValue = true)]
         public string Password { get; set; }
 
diff --git a/src/Okta.Sdk/Model/EmailServerRequest.cs b/src/Okta.Sdk/Model/EmailServerRequest.cs
index a9348ba9e..601fc7aa9 100644
--- a/src/Okta.Sdk/Model/EmailServerRequest.cs
+++ b/src/Okta.Sdk/Model/EmailServerRequest.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -35,44 +35,44 @@ public partial class EmailServerRequest : IEquatable<EmailServerRequest>
     {
         
         /// <summary>
-        /// A name to identify this configuration
+        /// Human-readable name for your SMTP server
         /// </summary>
-        /// <value>A name to identify this configuration</value>
+        /// <value>Human-readable name for your SMTP server</value>
         [DataMember(Name = "alias", EmitDefaultValue = true)]
         public string Alias { get; set; }
 
         /// <summary>
-        /// True if and only if all email traffic should be routed through this SMTP Server
+        /// If &#x60;true&#x60;, routes all email traffic through your SMTP server
         /// </summary>
-        /// <value>True if and only if all email traffic should be routed through this SMTP Server</value>
+        /// <value>If &#x60;true&#x60;, routes all email traffic through your SMTP server</value>
         [DataMember(Name = "enabled", EmitDefaultValue = true)]
         public bool Enabled { get; set; }
 
         /// <summary>
-        /// The address of the SMTP Server
+        /// Hostname or IP address of your SMTP server
         /// </summary>
-        /// <value>The address of the SMTP Server</value>
+        /// <value>Hostname or IP address of your SMTP server</value>
         [DataMember(Name = "host", EmitDefaultValue = true)]
         public string Host { get; set; }
 
         /// <summary>
-        /// The port number of the SMTP Server
+        /// Port number of your SMTP server
         /// </summary>
-        /// <value>The port number of the SMTP Server</value>
+        /// <value>Port number of your SMTP server</value>
         [DataMember(Name = "port", EmitDefaultValue = true)]
         public int Port { get; set; }
 
         /// <summary>
-        /// The username to use with your SMTP Server
+        /// Username used to access your SMTP server
         /// </summary>
-        /// <value>The username to use with your SMTP Server</value>
+        /// <value>Username used to access your SMTP server</value>
         [DataMember(Name = "username", EmitDefaultValue = true)]
         public string Username { get; set; }
 
         /// <summary>
-        /// The password to use with your SMTP server
+        /// Password used to access your SMTP server
         /// </summary>
-        /// <value>The password to use with your SMTP server</value>
+        /// <value>Password used to access your SMTP server</value>
         [DataMember(Name = "password", EmitDefaultValue = true)]
         public string Password { get; set; }
 
diff --git a/src/Okta.Sdk/Model/EmailServerResponse.cs b/src/Okta.Sdk/Model/EmailServerResponse.cs
index 790fb779e..037133422 100644
--- a/src/Okta.Sdk/Model/EmailServerResponse.cs
+++ b/src/Okta.Sdk/Model/EmailServerResponse.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -35,43 +35,44 @@ public partial class EmailServerResponse : IEquatable<EmailServerResponse>
     {
         
         /// <summary>
-        /// A name to identify this configuration
+        /// Human-readable name for your SMTP server
         /// </summary>
-        /// <value>A name to identify this configuration</value>
+        /// <value>Human-readable name for your SMTP server</value>
         [DataMember(Name = "alias", EmitDefaultValue = true)]
         public string Alias { get; set; }
 
         /// <summary>
-        /// True if and only if all email traffic should be routed through this SMTP Server
+        /// If &#x60;true&#x60;, routes all email traffic through your SMTP server
         /// </summary>
-        /// <value>True if and only if all email traffic should be routed through this SMTP Server</value>
+        /// <value>If &#x60;true&#x60;, routes all email traffic through your SMTP server</value>
         [DataMember(Name = "enabled", EmitDefaultValue = true)]
         public bool Enabled { get; set; }
 
         /// <summary>
-        /// The address of the SMTP Server
+        /// Hostname or IP address of your SMTP server
         /// </summary>
-        /// <value>The address of the SMTP Server</value>
+        /// <value>Hostname or IP address of your SMTP server</value>
         [DataMember(Name = "host", EmitDefaultValue = true)]
         public string Host { get; set; }
 
         /// <summary>
-        /// The port number of the SMTP Server
+        /// Port number of your SMTP server
         /// </summary>
-        /// <value>The port number of the SMTP Server</value>
+        /// <value>Port number of your SMTP server</value>
         [DataMember(Name = "port", EmitDefaultValue = true)]
         public int Port { get; set; }
 
         /// <summary>
-        /// The username to use with your SMTP Server
+        /// Username used to access your SMTP server
         /// </summary>
-        /// <value>The username to use with your SMTP Server</value>
+        /// <value>Username used to access your SMTP server</value>
         [DataMember(Name = "username", EmitDefaultValue = true)]
         public string Username { get; set; }
 
         /// <summary>
-        /// Gets or Sets Id
+        /// ID of your SMTP server
         /// </summary>
+        /// <value>ID of your SMTP server</value>
         [DataMember(Name = "id", EmitDefaultValue = true)]
         public string Id { get; set; }
 
diff --git a/src/Okta.Sdk/Model/EmailSettings.cs b/src/Okta.Sdk/Model/EmailSettings.cs
index 84ec2a849..1e9922375 100644
--- a/src/Okta.Sdk/Model/EmailSettings.cs
+++ b/src/Okta.Sdk/Model/EmailSettings.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/EmailSettingsResponse.cs b/src/Okta.Sdk/Model/EmailSettingsResponse.cs
new file mode 100644
index 000000000..f8323d7fa
--- /dev/null
+++ b/src/Okta.Sdk/Model/EmailSettingsResponse.cs
@@ -0,0 +1,171 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// EmailSettingsResponse
+    /// </summary>
+    [DataContract(Name = "EmailSettingsResponse")]
+    
+    public partial class EmailSettingsResponse : IEquatable<EmailSettingsResponse>
+    {
+        /// <summary>
+        /// Defines Recipients
+        /// </summary>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class RecipientsEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum ALLUSERS for value: ALL_USERS
+            /// </summary>
+            
+            public static RecipientsEnum ALLUSERS = new RecipientsEnum("ALL_USERS");
+
+            /// <summary>
+            /// StringEnum ADMINSONLY for value: ADMINS_ONLY
+            /// </summary>
+            
+            public static RecipientsEnum ADMINSONLY = new RecipientsEnum("ADMINS_ONLY");
+
+            /// <summary>
+            /// StringEnum NOUSERS for value: NO_USERS
+            /// </summary>
+            
+            public static RecipientsEnum NOUSERS = new RecipientsEnum("NO_USERS");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="RecipientsEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator RecipientsEnum(string value) => new RecipientsEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="Recipients"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public RecipientsEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// Gets or Sets Recipients
+        /// </summary>
+        [DataMember(Name = "recipients", EmitDefaultValue = true)]
+        
+        public RecipientsEnum Recipients { get; set; }
+        
+        /// <summary>
+        /// Gets or Sets Links
+        /// </summary>
+        [DataMember(Name = "_links", EmitDefaultValue = true)]
+        public EmailSettingsResponseLinks Links { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EmailSettingsResponse {\n");
+            sb.Append("  Recipients: ").Append(Recipients).Append("\n");
+            sb.Append("  Links: ").Append(Links).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EmailSettingsResponse);
+        }
+
+        /// <summary>
+        /// Returns true if EmailSettingsResponse instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EmailSettingsResponse to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EmailSettingsResponse input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Recipients == input.Recipients ||
+                    this.Recipients.Equals(input.Recipients)
+                ) && 
+                (
+                    this.Links == input.Links ||
+                    (this.Links != null &&
+                    this.Links.Equals(input.Links))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Recipients != null)
+                {
+                    hashCode = (hashCode * 59) + this.Recipients.GetHashCode();
+                }
+                if (this.Links != null)
+                {
+                    hashCode = (hashCode * 59) + this.Links.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EmailSettingsResponseLinks.cs b/src/Okta.Sdk/Model/EmailSettingsResponseLinks.cs
new file mode 100644
index 000000000..6e5ee1802
--- /dev/null
+++ b/src/Okta.Sdk/Model/EmailSettingsResponseLinks.cs
@@ -0,0 +1,130 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// EmailSettingsResponseLinks
+    /// </summary>
+    [DataContract(Name = "EmailSettingsResponse__links")]
+    
+    public partial class EmailSettingsResponseLinks : IEquatable<EmailSettingsResponseLinks>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Self
+        /// </summary>
+        [DataMember(Name = "self", EmitDefaultValue = true)]
+        public HrefObject Self { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Template
+        /// </summary>
+        [DataMember(Name = "template", EmitDefaultValue = true)]
+        public HrefObject Template { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EmailSettingsResponseLinks {\n");
+            sb.Append("  Self: ").Append(Self).Append("\n");
+            sb.Append("  Template: ").Append(Template).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EmailSettingsResponseLinks);
+        }
+
+        /// <summary>
+        /// Returns true if EmailSettingsResponseLinks instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EmailSettingsResponseLinks to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EmailSettingsResponseLinks input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Self == input.Self ||
+                    (this.Self != null &&
+                    this.Self.Equals(input.Self))
+                ) && 
+                (
+                    this.Template == input.Template ||
+                    (this.Template != null &&
+                    this.Template.Equals(input.Template))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Self != null)
+                {
+                    hashCode = (hashCode * 59) + this.Self.GetHashCode();
+                }
+                if (this.Template != null)
+                {
+                    hashCode = (hashCode * 59) + this.Template.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EmailTemplateResponse.cs b/src/Okta.Sdk/Model/EmailTemplateResponse.cs
new file mode 100644
index 000000000..494bd117d
--- /dev/null
+++ b/src/Okta.Sdk/Model/EmailTemplateResponse.cs
@@ -0,0 +1,155 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// EmailTemplateResponse
+    /// </summary>
+    [DataContract(Name = "EmailTemplateResponse")]
+    
+    public partial class EmailTemplateResponse : IEquatable<EmailTemplateResponse>
+    {
+        
+        /// <summary>
+        /// The name of this email template
+        /// </summary>
+        /// <value>The name of this email template</value>
+        [DataMember(Name = "name", EmitDefaultValue = true)]
+        public string Name { get; private set; }
+
+        /// <summary>
+        /// Returns false as Name should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeName()
+        {
+            return false;
+        }
+        /// <summary>
+        /// Gets or Sets Embedded
+        /// </summary>
+        [DataMember(Name = "_embedded", EmitDefaultValue = true)]
+        public EmailTemplateResponseEmbedded Embedded { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Links
+        /// </summary>
+        [DataMember(Name = "_links", EmitDefaultValue = true)]
+        public EmailTemplateResponseLinks Links { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EmailTemplateResponse {\n");
+            sb.Append("  Name: ").Append(Name).Append("\n");
+            sb.Append("  Embedded: ").Append(Embedded).Append("\n");
+            sb.Append("  Links: ").Append(Links).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EmailTemplateResponse);
+        }
+
+        /// <summary>
+        /// Returns true if EmailTemplateResponse instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EmailTemplateResponse to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EmailTemplateResponse input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Name == input.Name ||
+                    (this.Name != null &&
+                    this.Name.Equals(input.Name))
+                ) && 
+                (
+                    this.Embedded == input.Embedded ||
+                    (this.Embedded != null &&
+                    this.Embedded.Equals(input.Embedded))
+                ) && 
+                (
+                    this.Links == input.Links ||
+                    (this.Links != null &&
+                    this.Links.Equals(input.Links))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Name != null)
+                {
+                    hashCode = (hashCode * 59) + this.Name.GetHashCode();
+                }
+                if (this.Embedded != null)
+                {
+                    hashCode = (hashCode * 59) + this.Embedded.GetHashCode();
+                }
+                if (this.Links != null)
+                {
+                    hashCode = (hashCode * 59) + this.Links.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EmailTemplateResponseEmbedded.cs b/src/Okta.Sdk/Model/EmailTemplateResponseEmbedded.cs
new file mode 100644
index 000000000..0b0f6b6f7
--- /dev/null
+++ b/src/Okta.Sdk/Model/EmailTemplateResponseEmbedded.cs
@@ -0,0 +1,126 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// EmailTemplateResponseEmbedded
+    /// </summary>
+    [DataContract(Name = "EmailTemplateResponse__embedded")]
+    
+    public partial class EmailTemplateResponseEmbedded : IEquatable<EmailTemplateResponseEmbedded>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Settings
+        /// </summary>
+        [DataMember(Name = "settings", EmitDefaultValue = true)]
+        public EmailSettingsResponse Settings { get; set; }
+
+        /// <summary>
+        /// Gets or Sets CustomizationCount
+        /// </summary>
+        [DataMember(Name = "customizationCount", EmitDefaultValue = true)]
+        public int CustomizationCount { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EmailTemplateResponseEmbedded {\n");
+            sb.Append("  Settings: ").Append(Settings).Append("\n");
+            sb.Append("  CustomizationCount: ").Append(CustomizationCount).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EmailTemplateResponseEmbedded);
+        }
+
+        /// <summary>
+        /// Returns true if EmailTemplateResponseEmbedded instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EmailTemplateResponseEmbedded to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EmailTemplateResponseEmbedded input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Settings == input.Settings ||
+                    (this.Settings != null &&
+                    this.Settings.Equals(input.Settings))
+                ) && 
+                (
+                    this.CustomizationCount == input.CustomizationCount ||
+                    this.CustomizationCount.Equals(input.CustomizationCount)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Settings != null)
+                {
+                    hashCode = (hashCode * 59) + this.Settings.GetHashCode();
+                }
+                hashCode = (hashCode * 59) + this.CustomizationCount.GetHashCode();
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EmailTemplateResponseLinks.cs b/src/Okta.Sdk/Model/EmailTemplateResponseLinks.cs
new file mode 100644
index 000000000..f5287a034
--- /dev/null
+++ b/src/Okta.Sdk/Model/EmailTemplateResponseLinks.cs
@@ -0,0 +1,178 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// EmailTemplateResponseLinks
+    /// </summary>
+    [DataContract(Name = "EmailTemplateResponse__links")]
+    
+    public partial class EmailTemplateResponseLinks : IEquatable<EmailTemplateResponseLinks>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Self
+        /// </summary>
+        [DataMember(Name = "self", EmitDefaultValue = true)]
+        public HrefObjectSelfLink Self { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Settings
+        /// </summary>
+        [DataMember(Name = "settings", EmitDefaultValue = true)]
+        public HrefObject Settings { get; set; }
+
+        /// <summary>
+        /// Gets or Sets DefaultContent
+        /// </summary>
+        [DataMember(Name = "defaultContent", EmitDefaultValue = true)]
+        public HrefObject DefaultContent { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Customizations
+        /// </summary>
+        [DataMember(Name = "customizations", EmitDefaultValue = true)]
+        public HrefObject Customizations { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Test
+        /// </summary>
+        [DataMember(Name = "test", EmitDefaultValue = true)]
+        public HrefObject Test { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EmailTemplateResponseLinks {\n");
+            sb.Append("  Self: ").Append(Self).Append("\n");
+            sb.Append("  Settings: ").Append(Settings).Append("\n");
+            sb.Append("  DefaultContent: ").Append(DefaultContent).Append("\n");
+            sb.Append("  Customizations: ").Append(Customizations).Append("\n");
+            sb.Append("  Test: ").Append(Test).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EmailTemplateResponseLinks);
+        }
+
+        /// <summary>
+        /// Returns true if EmailTemplateResponseLinks instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EmailTemplateResponseLinks to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EmailTemplateResponseLinks input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Self == input.Self ||
+                    (this.Self != null &&
+                    this.Self.Equals(input.Self))
+                ) && 
+                (
+                    this.Settings == input.Settings ||
+                    (this.Settings != null &&
+                    this.Settings.Equals(input.Settings))
+                ) && 
+                (
+                    this.DefaultContent == input.DefaultContent ||
+                    (this.DefaultContent != null &&
+                    this.DefaultContent.Equals(input.DefaultContent))
+                ) && 
+                (
+                    this.Customizations == input.Customizations ||
+                    (this.Customizations != null &&
+                    this.Customizations.Equals(input.Customizations))
+                ) && 
+                (
+                    this.Test == input.Test ||
+                    (this.Test != null &&
+                    this.Test.Equals(input.Test))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Self != null)
+                {
+                    hashCode = (hashCode * 59) + this.Self.GetHashCode();
+                }
+                if (this.Settings != null)
+                {
+                    hashCode = (hashCode * 59) + this.Settings.GetHashCode();
+                }
+                if (this.DefaultContent != null)
+                {
+                    hashCode = (hashCode * 59) + this.DefaultContent.GetHashCode();
+                }
+                if (this.Customizations != null)
+                {
+                    hashCode = (hashCode * 59) + this.Customizations.GetHashCode();
+                }
+                if (this.Test != null)
+                {
+                    hashCode = (hashCode * 59) + this.Test.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EmailTemplateTouchPointVariant.cs b/src/Okta.Sdk/Model/EmailTemplateTouchPointVariant.cs
index cf9e82d61..ff8bf83b8 100644
--- a/src/Okta.Sdk/Model/EmailTemplateTouchPointVariant.cs
+++ b/src/Okta.Sdk/Model/EmailTemplateTouchPointVariant.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -26,8 +26,9 @@
 namespace Okta.Sdk.Model
 {
     /// <summary>
-    /// Defines EmailTemplateTouchPointVariant
+    /// Variant for email templates. You can publish a theme for email templates with different combinations of assets. Variants are preset combinations of those assets. 
     /// </summary>
+    /// <value>Variant for email templates. You can publish a theme for email templates with different combinations of assets. Variants are preset combinations of those assets. </value>
     [JsonConverter(typeof(StringEnumSerializingConverter))]
     public sealed class EmailTemplateTouchPointVariant : StringEnum
     {
diff --git a/src/Okta.Sdk/Model/EmailTestAddresses.cs b/src/Okta.Sdk/Model/EmailTestAddresses.cs
index 71c4afd90..6305c2343 100644
--- a/src/Okta.Sdk/Model/EmailTestAddresses.cs
+++ b/src/Okta.Sdk/Model/EmailTestAddresses.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -40,16 +40,16 @@ public partial class EmailTestAddresses : IEquatable<EmailTestAddresses>
         public EmailTestAddresses() { }
         
         /// <summary>
-        /// An email address to send the test email from
+        /// Email address that sends test emails
         /// </summary>
-        /// <value>An email address to send the test email from</value>
+        /// <value>Email address that sends test emails</value>
         [DataMember(Name = "from", EmitDefaultValue = true)]
         public string From { get; set; }
 
         /// <summary>
-        /// An email address to send the test email to
+        /// Email address that receives test emails
         /// </summary>
-        /// <value>An email address to send the test email to</value>
+        /// <value>Email address that receives test emails</value>
         [DataMember(Name = "to", EmitDefaultValue = true)]
         public string To { get; set; }
 
diff --git a/src/Okta.Sdk/Model/EnabledPagesType.cs b/src/Okta.Sdk/Model/EnabledPagesType.cs
index a0b621298..5734ef590 100644
--- a/src/Okta.Sdk/Model/EnabledPagesType.cs
+++ b/src/Okta.Sdk/Model/EnabledPagesType.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/EnabledStatus.cs b/src/Okta.Sdk/Model/EnabledStatus.cs
index ddfe14815..dc8edfef0 100644
--- a/src/Okta.Sdk/Model/EnabledStatus.cs
+++ b/src/Okta.Sdk/Model/EnabledStatus.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/EndUserDashboardTouchPointVariant.cs b/src/Okta.Sdk/Model/EndUserDashboardTouchPointVariant.cs
index 5cfdf216d..e4838258f 100644
--- a/src/Okta.Sdk/Model/EndUserDashboardTouchPointVariant.cs
+++ b/src/Okta.Sdk/Model/EndUserDashboardTouchPointVariant.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -26,8 +26,9 @@
 namespace Okta.Sdk.Model
 {
     /// <summary>
-    /// Defines EndUserDashboardTouchPointVariant
+    /// Variant for the Okta End-User Dashboard. You can publish a theme for end-user dashboard with different combinations of assets. Variants are preset combinations of those assets. 
     /// </summary>
+    /// <value>Variant for the Okta End-User Dashboard. You can publish a theme for end-user dashboard with different combinations of assets. Variants are preset combinations of those assets. </value>
     [JsonConverter(typeof(StringEnumSerializingConverter))]
     public sealed class EndUserDashboardTouchPointVariant : StringEnum
     {
diff --git a/src/Okta.Sdk/Model/EndpointAuthMethod.cs b/src/Okta.Sdk/Model/EndpointAuthMethod.cs
new file mode 100644
index 000000000..0c6c919cb
--- /dev/null
+++ b/src/Okta.Sdk/Model/EndpointAuthMethod.cs
@@ -0,0 +1,73 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Requested authentication method for OAuth 2.0 endpoints.
+    /// </summary>
+    /// <value>Requested authentication method for OAuth 2.0 endpoints.</value>
+    [JsonConverter(typeof(StringEnumSerializingConverter))]
+    public sealed class EndpointAuthMethod : StringEnum
+    {
+        /// <summary>
+        /// StringEnum EndpointAuthMethod for value: client_secret_basic
+        /// </summary>
+        public static EndpointAuthMethod ClientSecretBasic = new EndpointAuthMethod("client_secret_basic");
+        /// <summary>
+        /// StringEnum EndpointAuthMethod for value: client_secret_jwt
+        /// </summary>
+        public static EndpointAuthMethod ClientSecretJwt = new EndpointAuthMethod("client_secret_jwt");
+        /// <summary>
+        /// StringEnum EndpointAuthMethod for value: client_secret_post
+        /// </summary>
+        public static EndpointAuthMethod ClientSecretPost = new EndpointAuthMethod("client_secret_post");
+        /// <summary>
+        /// StringEnum EndpointAuthMethod for value: none
+        /// </summary>
+        public static EndpointAuthMethod None = new EndpointAuthMethod("none");
+        /// <summary>
+        /// StringEnum EndpointAuthMethod for value: private_key_jwt
+        /// </summary>
+        public static EndpointAuthMethod PrivateKeyJwt = new EndpointAuthMethod("private_key_jwt");
+
+        /// <summary>
+        /// Implicit operator declaration to accept and convert a string value as a <see cref="EndpointAuthMethod"/>
+        /// </summary>
+        /// <param name="value">The value to use</param>
+        public static implicit operator EndpointAuthMethod(string value) => new EndpointAuthMethod(value);
+
+        /// <summary>
+        /// Creates a new <see cref="EndpointAuthMethod"/> instance.
+        /// </summary>
+        /// <param name="value">The value to use.</param>
+        public EndpointAuthMethod(string value)
+            : base(value)
+        {
+        }
+    }
+
+
+}
diff --git a/src/Okta.Sdk/Model/EnhancedDynamicNetworkZone.cs b/src/Okta.Sdk/Model/EnhancedDynamicNetworkZone.cs
new file mode 100644
index 000000000..872d37a49
--- /dev/null
+++ b/src/Okta.Sdk/Model/EnhancedDynamicNetworkZone.cs
@@ -0,0 +1,157 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using JsonSubTypes;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// EnhancedDynamicNetworkZone
+    /// </summary>
+    [DataContract(Name = "EnhancedDynamicNetworkZone")]
+    [JsonConverter(typeof(JsonSubtypes), "Type")]
+    [JsonSubtypes.KnownSubType(typeof(DynamicNetworkZone), "DYNAMIC")]
+    [JsonSubtypes.KnownSubType(typeof(EnhancedDynamicNetworkZone), "DYNAMIC_V2")]
+    [JsonSubtypes.KnownSubType(typeof(IPNetworkZone), "IP")]
+    
+    public partial class EnhancedDynamicNetworkZone : NetworkZone, IEquatable<EnhancedDynamicNetworkZone>
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="EnhancedDynamicNetworkZone" /> class.
+        /// </summary>
+        [JsonConstructorAttribute]
+        public EnhancedDynamicNetworkZone() { }
+        
+        /// <summary>
+        /// Gets or Sets Asns
+        /// </summary>
+        [DataMember(Name = "asns", EmitDefaultValue = true)]
+        public EnhancedDynamicNetworkZoneAllOfAsns Asns { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Locations
+        /// </summary>
+        [DataMember(Name = "locations", EmitDefaultValue = true)]
+        public EnhancedDynamicNetworkZoneAllOfLocations Locations { get; set; }
+
+        /// <summary>
+        /// Gets or Sets IpServiceCategories
+        /// </summary>
+        [DataMember(Name = "ipServiceCategories", EmitDefaultValue = true)]
+        public EnhancedDynamicNetworkZoneAllOfIpServiceCategories IpServiceCategories { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EnhancedDynamicNetworkZone {\n");
+            sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
+            sb.Append("  Asns: ").Append(Asns).Append("\n");
+            sb.Append("  Locations: ").Append(Locations).Append("\n");
+            sb.Append("  IpServiceCategories: ").Append(IpServiceCategories).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EnhancedDynamicNetworkZone);
+        }
+
+        /// <summary>
+        /// Returns true if EnhancedDynamicNetworkZone instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EnhancedDynamicNetworkZone to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EnhancedDynamicNetworkZone input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return base.Equals(input) && 
+                (
+                    this.Asns == input.Asns ||
+                    (this.Asns != null &&
+                    this.Asns.Equals(input.Asns))
+                ) && base.Equals(input) && 
+                (
+                    this.Locations == input.Locations ||
+                    (this.Locations != null &&
+                    this.Locations.Equals(input.Locations))
+                ) && base.Equals(input) && 
+                (
+                    this.IpServiceCategories == input.IpServiceCategories ||
+                    (this.IpServiceCategories != null &&
+                    this.IpServiceCategories.Equals(input.IpServiceCategories))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = base.GetHashCode();
+                
+                if (this.Asns != null)
+                {
+                    hashCode = (hashCode * 59) + this.Asns.GetHashCode();
+                }
+                if (this.Locations != null)
+                {
+                    hashCode = (hashCode * 59) + this.Locations.GetHashCode();
+                }
+                if (this.IpServiceCategories != null)
+                {
+                    hashCode = (hashCode * 59) + this.IpServiceCategories.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EnhancedDynamicNetworkZoneAllOfAsns.cs b/src/Okta.Sdk/Model/EnhancedDynamicNetworkZoneAllOfAsns.cs
new file mode 100644
index 000000000..b5ca55ecf
--- /dev/null
+++ b/src/Okta.Sdk/Model/EnhancedDynamicNetworkZoneAllOfAsns.cs
@@ -0,0 +1,114 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// &lt;div class&#x3D;\&quot;x-lifecycle-container\&quot;&gt;&lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt;&lt;/div&gt;The list of ASNs associated with an Enhanced Dynamic Network Zone
+    /// </summary>
+    [DataContract(Name = "EnhancedDynamicNetworkZone_allOf_asns")]
+    
+    public partial class EnhancedDynamicNetworkZoneAllOfAsns : IEquatable<EnhancedDynamicNetworkZoneAllOfAsns>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Include
+        /// </summary>
+        [DataMember(Name = "include", EmitDefaultValue = true)]
+        public List Include { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EnhancedDynamicNetworkZoneAllOfAsns {\n");
+            sb.Append("  Include: ").Append(Include).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EnhancedDynamicNetworkZoneAllOfAsns);
+        }
+
+        /// <summary>
+        /// Returns true if EnhancedDynamicNetworkZoneAllOfAsns instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EnhancedDynamicNetworkZoneAllOfAsns to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EnhancedDynamicNetworkZoneAllOfAsns input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Include == input.Include ||
+                    (this.Include != null &&
+                    this.Include.Equals(input.Include))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Include != null)
+                {
+                    hashCode = (hashCode * 59) + this.Include.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EnhancedDynamicNetworkZoneAllOfIpServiceCategories.cs b/src/Okta.Sdk/Model/EnhancedDynamicNetworkZoneAllOfIpServiceCategories.cs
new file mode 100644
index 000000000..65237a42b
--- /dev/null
+++ b/src/Okta.Sdk/Model/EnhancedDynamicNetworkZoneAllOfIpServiceCategories.cs
@@ -0,0 +1,134 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// &lt;div class&#x3D;\&quot;x-lifecycle-container\&quot;&gt;&lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt;&lt;/div&gt;IP services, such as a proxy or VPN, to include or exclude for an Enhanced Dynamic Network Zone
+    /// </summary>
+    [DataContract(Name = "EnhancedDynamicNetworkZone_allOf_ipServiceCategories")]
+    
+    public partial class EnhancedDynamicNetworkZoneAllOfIpServiceCategories : IEquatable<EnhancedDynamicNetworkZoneAllOfIpServiceCategories>
+    {
+        
+        /// <summary>
+        /// IP services to include for an Enhanced Dynamic Network Zone
+        /// </summary>
+        /// <value>IP services to include for an Enhanced Dynamic Network Zone</value>
+        [DataMember(Name = "include", EmitDefaultValue = true)]
+        public List<IPServiceCategory> Include { get; set; }
+
+        /// <summary>
+        /// IP services to exclude for an Enhanced Dynamic Network Zone
+        /// </summary>
+        /// <value>IP services to exclude for an Enhanced Dynamic Network Zone</value>
+        [DataMember(Name = "exclude", EmitDefaultValue = true)]
+        public List<IPServiceCategory> Exclude { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EnhancedDynamicNetworkZoneAllOfIpServiceCategories {\n");
+            sb.Append("  Include: ").Append(Include).Append("\n");
+            sb.Append("  Exclude: ").Append(Exclude).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EnhancedDynamicNetworkZoneAllOfIpServiceCategories);
+        }
+
+        /// <summary>
+        /// Returns true if EnhancedDynamicNetworkZoneAllOfIpServiceCategories instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EnhancedDynamicNetworkZoneAllOfIpServiceCategories to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EnhancedDynamicNetworkZoneAllOfIpServiceCategories input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Include == input.Include ||
+                    this.Include != null &&
+                    input.Include != null &&
+                    this.Include.SequenceEqual(input.Include)
+                ) && 
+                (
+                    this.Exclude == input.Exclude ||
+                    this.Exclude != null &&
+                    input.Exclude != null &&
+                    this.Exclude.SequenceEqual(input.Exclude)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Include != null)
+                {
+                    hashCode = (hashCode * 59) + this.Include.GetHashCode();
+                }
+                if (this.Exclude != null)
+                {
+                    hashCode = (hashCode * 59) + this.Exclude.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EnhancedDynamicNetworkZoneAllOfLocations.cs b/src/Okta.Sdk/Model/EnhancedDynamicNetworkZoneAllOfLocations.cs
new file mode 100644
index 000000000..5e8d60d56
--- /dev/null
+++ b/src/Okta.Sdk/Model/EnhancedDynamicNetworkZoneAllOfLocations.cs
@@ -0,0 +1,130 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// &lt;div class&#x3D;\&quot;x-lifecycle-container\&quot;&gt;&lt;x-lifecycle class&#x3D;\&quot;ea\&quot;&gt;&lt;/x-lifecycle&gt;&lt;/div&gt;The list of geolocations to include or exclude for an Enhanced Dynamic Network Zone
+    /// </summary>
+    [DataContract(Name = "EnhancedDynamicNetworkZone_allOf_locations")]
+    
+    public partial class EnhancedDynamicNetworkZoneAllOfLocations : IEquatable<EnhancedDynamicNetworkZoneAllOfLocations>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Include
+        /// </summary>
+        [DataMember(Name = "include", EmitDefaultValue = true)]
+        public List Include { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Exclude
+        /// </summary>
+        [DataMember(Name = "exclude", EmitDefaultValue = true)]
+        public List Exclude { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EnhancedDynamicNetworkZoneAllOfLocations {\n");
+            sb.Append("  Include: ").Append(Include).Append("\n");
+            sb.Append("  Exclude: ").Append(Exclude).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EnhancedDynamicNetworkZoneAllOfLocations);
+        }
+
+        /// <summary>
+        /// Returns true if EnhancedDynamicNetworkZoneAllOfLocations instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EnhancedDynamicNetworkZoneAllOfLocations to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EnhancedDynamicNetworkZoneAllOfLocations input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Include == input.Include ||
+                    (this.Include != null &&
+                    this.Include.Equals(input.Include))
+                ) && 
+                (
+                    this.Exclude == input.Exclude ||
+                    (this.Exclude != null &&
+                    this.Exclude.Equals(input.Exclude))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Include != null)
+                {
+                    hashCode = (hashCode * 59) + this.Include.GetHashCode();
+                }
+                if (this.Exclude != null)
+                {
+                    hashCode = (hashCode * 59) + this.Exclude.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EnrollmentActivationRequest.cs b/src/Okta.Sdk/Model/EnrollmentActivationRequest.cs
new file mode 100644
index 000000000..11b36cb2d
--- /dev/null
+++ b/src/Okta.Sdk/Model/EnrollmentActivationRequest.cs
@@ -0,0 +1,249 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Enrollment Initialization Request
+    /// </summary>
+    [DataContract(Name = "EnrollmentActivationRequest")]
+    
+    public partial class EnrollmentActivationRequest : IEquatable<EnrollmentActivationRequest>
+    {
+        /// <summary>
+        /// Name of the fulfillment provider for the WebAuthn Preregistration Factor
+        /// </summary>
+        /// <value>Name of the fulfillment provider for the WebAuthn Preregistration Factor</value>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class FulfillmentProviderEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum Yubico for value: yubico
+            /// </summary>
+            
+            public static FulfillmentProviderEnum Yubico = new FulfillmentProviderEnum("yubico");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="FulfillmentProviderEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator FulfillmentProviderEnum(string value) => new FulfillmentProviderEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="FulfillmentProvider"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public FulfillmentProviderEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// Name of the fulfillment provider for the WebAuthn Preregistration Factor
+        /// </summary>
+        /// <value>Name of the fulfillment provider for the WebAuthn Preregistration Factor</value>
+        [DataMember(Name = "fulfillmentProvider", EmitDefaultValue = true)]
+        
+        public FulfillmentProviderEnum FulfillmentProvider { get; set; }
+        
+        /// <summary>
+        /// List of credential responses from the fulfillment provider
+        /// </summary>
+        /// <value>List of credential responses from the fulfillment provider</value>
+        [DataMember(Name = "credResponses", EmitDefaultValue = true)]
+        public List<WebAuthnCredResponse> CredResponses { get; set; }
+
+        /// <summary>
+        /// Encrypted JWE of PIN response from the fulfillment provider
+        /// </summary>
+        /// <value>Encrypted JWE of PIN response from the fulfillment provider</value>
+        [DataMember(Name = "pinResponseJwe", EmitDefaultValue = true)]
+        public string PinResponseJwe { get; set; }
+
+        /// <summary>
+        /// Serial number of the YubiKey
+        /// </summary>
+        /// <value>Serial number of the YubiKey</value>
+        [DataMember(Name = "serial", EmitDefaultValue = true)]
+        public string Serial { get; set; }
+
+        /// <summary>
+        /// ID of an existing Okta user
+        /// </summary>
+        /// <value>ID of an existing Okta user</value>
+        [DataMember(Name = "userId", EmitDefaultValue = true)]
+        public string UserId { get; set; }
+
+        /// <summary>
+        /// Firmware version of the YubiKey
+        /// </summary>
+        /// <value>Firmware version of the YubiKey</value>
+        [DataMember(Name = "version", EmitDefaultValue = true)]
+        public string _Version { get; set; }
+
+        /// <summary>
+        /// List of usable signing keys from Yubico (in JWKS format) used to verify the JWS inside the JWE
+        /// </summary>
+        /// <value>List of usable signing keys from Yubico (in JWKS format) used to verify the JWS inside the JWE</value>
+        [DataMember(Name = "yubicoSigningJwks", EmitDefaultValue = true)]
+        public List<ECKeyJWK> YubicoSigningJwks { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EnrollmentActivationRequest {\n");
+            sb.Append("  CredResponses: ").Append(CredResponses).Append("\n");
+            sb.Append("  FulfillmentProvider: ").Append(FulfillmentProvider).Append("\n");
+            sb.Append("  PinResponseJwe: ").Append(PinResponseJwe).Append("\n");
+            sb.Append("  Serial: ").Append(Serial).Append("\n");
+            sb.Append("  UserId: ").Append(UserId).Append("\n");
+            sb.Append("  _Version: ").Append(_Version).Append("\n");
+            sb.Append("  YubicoSigningJwks: ").Append(YubicoSigningJwks).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EnrollmentActivationRequest);
+        }
+
+        /// <summary>
+        /// Returns true if EnrollmentActivationRequest instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EnrollmentActivationRequest to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EnrollmentActivationRequest input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.CredResponses == input.CredResponses ||
+                    this.CredResponses != null &&
+                    input.CredResponses != null &&
+                    this.CredResponses.SequenceEqual(input.CredResponses)
+                ) && 
+                (
+                    this.FulfillmentProvider == input.FulfillmentProvider ||
+                    this.FulfillmentProvider.Equals(input.FulfillmentProvider)
+                ) && 
+                (
+                    this.PinResponseJwe == input.PinResponseJwe ||
+                    (this.PinResponseJwe != null &&
+                    this.PinResponseJwe.Equals(input.PinResponseJwe))
+                ) && 
+                (
+                    this.Serial == input.Serial ||
+                    (this.Serial != null &&
+                    this.Serial.Equals(input.Serial))
+                ) && 
+                (
+                    this.UserId == input.UserId ||
+                    (this.UserId != null &&
+                    this.UserId.Equals(input.UserId))
+                ) && 
+                (
+                    this._Version == input._Version ||
+                    (this._Version != null &&
+                    this._Version.Equals(input._Version))
+                ) && 
+                (
+                    this.YubicoSigningJwks == input.YubicoSigningJwks ||
+                    this.YubicoSigningJwks != null &&
+                    input.YubicoSigningJwks != null &&
+                    this.YubicoSigningJwks.SequenceEqual(input.YubicoSigningJwks)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.CredResponses != null)
+                {
+                    hashCode = (hashCode * 59) + this.CredResponses.GetHashCode();
+                }
+                if (this.FulfillmentProvider != null)
+                {
+                    hashCode = (hashCode * 59) + this.FulfillmentProvider.GetHashCode();
+                }
+                if (this.PinResponseJwe != null)
+                {
+                    hashCode = (hashCode * 59) + this.PinResponseJwe.GetHashCode();
+                }
+                if (this.Serial != null)
+                {
+                    hashCode = (hashCode * 59) + this.Serial.GetHashCode();
+                }
+                if (this.UserId != null)
+                {
+                    hashCode = (hashCode * 59) + this.UserId.GetHashCode();
+                }
+                if (this._Version != null)
+                {
+                    hashCode = (hashCode * 59) + this._Version.GetHashCode();
+                }
+                if (this.YubicoSigningJwks != null)
+                {
+                    hashCode = (hashCode * 59) + this.YubicoSigningJwks.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EnrollmentActivationResponse.cs b/src/Okta.Sdk/Model/EnrollmentActivationResponse.cs
new file mode 100644
index 000000000..816ea3630
--- /dev/null
+++ b/src/Okta.Sdk/Model/EnrollmentActivationResponse.cs
@@ -0,0 +1,180 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Enrollment Initialization Response
+    /// </summary>
+    [DataContract(Name = "EnrollmentActivationResponse")]
+    
+    public partial class EnrollmentActivationResponse : IEquatable<EnrollmentActivationResponse>
+    {
+        /// <summary>
+        /// Name of the fulfillment provider for the WebAuthn Preregistration Factor
+        /// </summary>
+        /// <value>Name of the fulfillment provider for the WebAuthn Preregistration Factor</value>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class FulfillmentProviderEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum Yubico for value: yubico
+            /// </summary>
+            
+            public static FulfillmentProviderEnum Yubico = new FulfillmentProviderEnum("yubico");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="FulfillmentProviderEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator FulfillmentProviderEnum(string value) => new FulfillmentProviderEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="FulfillmentProvider"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public FulfillmentProviderEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// Name of the fulfillment provider for the WebAuthn Preregistration Factor
+        /// </summary>
+        /// <value>Name of the fulfillment provider for the WebAuthn Preregistration Factor</value>
+        [DataMember(Name = "fulfillmentProvider", EmitDefaultValue = true)]
+        
+        public FulfillmentProviderEnum FulfillmentProvider { get; set; }
+        
+        /// <summary>
+        /// List of IDs for preregistered WebAuthn Factors in Okta
+        /// </summary>
+        /// <value>List of IDs for preregistered WebAuthn Factors in Okta</value>
+        [DataMember(Name = "authenticatorEnrollmentIds", EmitDefaultValue = true)]
+        public List<string> AuthenticatorEnrollmentIds { get; set; }
+
+        /// <summary>
+        /// ID of an existing Okta user
+        /// </summary>
+        /// <value>ID of an existing Okta user</value>
+        [DataMember(Name = "userId", EmitDefaultValue = true)]
+        public string UserId { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EnrollmentActivationResponse {\n");
+            sb.Append("  AuthenticatorEnrollmentIds: ").Append(AuthenticatorEnrollmentIds).Append("\n");
+            sb.Append("  FulfillmentProvider: ").Append(FulfillmentProvider).Append("\n");
+            sb.Append("  UserId: ").Append(UserId).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EnrollmentActivationResponse);
+        }
+
+        /// <summary>
+        /// Returns true if EnrollmentActivationResponse instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EnrollmentActivationResponse to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EnrollmentActivationResponse input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.AuthenticatorEnrollmentIds == input.AuthenticatorEnrollmentIds ||
+                    this.AuthenticatorEnrollmentIds != null &&
+                    input.AuthenticatorEnrollmentIds != null &&
+                    this.AuthenticatorEnrollmentIds.SequenceEqual(input.AuthenticatorEnrollmentIds)
+                ) && 
+                (
+                    this.FulfillmentProvider == input.FulfillmentProvider ||
+                    this.FulfillmentProvider.Equals(input.FulfillmentProvider)
+                ) && 
+                (
+                    this.UserId == input.UserId ||
+                    (this.UserId != null &&
+                    this.UserId.Equals(input.UserId))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.AuthenticatorEnrollmentIds != null)
+                {
+                    hashCode = (hashCode * 59) + this.AuthenticatorEnrollmentIds.GetHashCode();
+                }
+                if (this.FulfillmentProvider != null)
+                {
+                    hashCode = (hashCode * 59) + this.FulfillmentProvider.GetHashCode();
+                }
+                if (this.UserId != null)
+                {
+                    hashCode = (hashCode * 59) + this.UserId.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EnrollmentInitializationRequest.cs b/src/Okta.Sdk/Model/EnrollmentInitializationRequest.cs
new file mode 100644
index 000000000..d40663289
--- /dev/null
+++ b/src/Okta.Sdk/Model/EnrollmentInitializationRequest.cs
@@ -0,0 +1,196 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Enrollment Initialization Request
+    /// </summary>
+    [DataContract(Name = "EnrollmentInitializationRequest")]
+    
+    public partial class EnrollmentInitializationRequest : IEquatable<EnrollmentInitializationRequest>
+    {
+        /// <summary>
+        /// Name of the fulfillment provider for the WebAuthn Preregistration Factor
+        /// </summary>
+        /// <value>Name of the fulfillment provider for the WebAuthn Preregistration Factor</value>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class FulfillmentProviderEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum Yubico for value: yubico
+            /// </summary>
+            
+            public static FulfillmentProviderEnum Yubico = new FulfillmentProviderEnum("yubico");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="FulfillmentProviderEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator FulfillmentProviderEnum(string value) => new FulfillmentProviderEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="FulfillmentProvider"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public FulfillmentProviderEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// Name of the fulfillment provider for the WebAuthn Preregistration Factor
+        /// </summary>
+        /// <value>Name of the fulfillment provider for the WebAuthn Preregistration Factor</value>
+        [DataMember(Name = "fulfillmentProvider", EmitDefaultValue = true)]
+        
+        public FulfillmentProviderEnum FulfillmentProvider { get; set; }
+        
+        /// <summary>
+        /// List of Relying Party hostnames to register on the YubiKey.
+        /// </summary>
+        /// <value>List of Relying Party hostnames to register on the YubiKey.</value>
+        [DataMember(Name = "enrollmentRpIds", EmitDefaultValue = true)]
+        public List<string> EnrollmentRpIds { get; set; }
+
+        /// <summary>
+        /// ID of an existing Okta user
+        /// </summary>
+        /// <value>ID of an existing Okta user</value>
+        [DataMember(Name = "userId", EmitDefaultValue = true)]
+        public string UserId { get; set; }
+
+        /// <summary>
+        /// Gets or Sets YubicoTransportKeyJWK
+        /// </summary>
+        [DataMember(Name = "yubicoTransportKeyJWK", EmitDefaultValue = true)]
+        public ECKeyJWK YubicoTransportKeyJWK { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EnrollmentInitializationRequest {\n");
+            sb.Append("  EnrollmentRpIds: ").Append(EnrollmentRpIds).Append("\n");
+            sb.Append("  FulfillmentProvider: ").Append(FulfillmentProvider).Append("\n");
+            sb.Append("  UserId: ").Append(UserId).Append("\n");
+            sb.Append("  YubicoTransportKeyJWK: ").Append(YubicoTransportKeyJWK).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EnrollmentInitializationRequest);
+        }
+
+        /// <summary>
+        /// Returns true if EnrollmentInitializationRequest instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EnrollmentInitializationRequest to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EnrollmentInitializationRequest input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.EnrollmentRpIds == input.EnrollmentRpIds ||
+                    this.EnrollmentRpIds != null &&
+                    input.EnrollmentRpIds != null &&
+                    this.EnrollmentRpIds.SequenceEqual(input.EnrollmentRpIds)
+                ) && 
+                (
+                    this.FulfillmentProvider == input.FulfillmentProvider ||
+                    this.FulfillmentProvider.Equals(input.FulfillmentProvider)
+                ) && 
+                (
+                    this.UserId == input.UserId ||
+                    (this.UserId != null &&
+                    this.UserId.Equals(input.UserId))
+                ) && 
+                (
+                    this.YubicoTransportKeyJWK == input.YubicoTransportKeyJWK ||
+                    (this.YubicoTransportKeyJWK != null &&
+                    this.YubicoTransportKeyJWK.Equals(input.YubicoTransportKeyJWK))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.EnrollmentRpIds != null)
+                {
+                    hashCode = (hashCode * 59) + this.EnrollmentRpIds.GetHashCode();
+                }
+                if (this.FulfillmentProvider != null)
+                {
+                    hashCode = (hashCode * 59) + this.FulfillmentProvider.GetHashCode();
+                }
+                if (this.UserId != null)
+                {
+                    hashCode = (hashCode * 59) + this.UserId.GetHashCode();
+                }
+                if (this.YubicoTransportKeyJWK != null)
+                {
+                    hashCode = (hashCode * 59) + this.YubicoTransportKeyJWK.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EnrollmentInitializationResponse.cs b/src/Okta.Sdk/Model/EnrollmentInitializationResponse.cs
new file mode 100644
index 000000000..4e16913df
--- /dev/null
+++ b/src/Okta.Sdk/Model/EnrollmentInitializationResponse.cs
@@ -0,0 +1,197 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Yubico Transport Key in the form of a JWK, used to encrypt our fulfillment request to Yubico. The currently agreed protocol uses P-384.
+    /// </summary>
+    [DataContract(Name = "EnrollmentInitializationResponse")]
+    
+    public partial class EnrollmentInitializationResponse : IEquatable<EnrollmentInitializationResponse>
+    {
+        /// <summary>
+        /// Name of the fulfillment provider for the WebAuthn Preregistration Factor
+        /// </summary>
+        /// <value>Name of the fulfillment provider for the WebAuthn Preregistration Factor</value>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class FulfillmentProviderEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum Yubico for value: yubico
+            /// </summary>
+            
+            public static FulfillmentProviderEnum Yubico = new FulfillmentProviderEnum("yubico");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="FulfillmentProviderEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator FulfillmentProviderEnum(string value) => new FulfillmentProviderEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="FulfillmentProvider"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public FulfillmentProviderEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// Name of the fulfillment provider for the WebAuthn Preregistration Factor
+        /// </summary>
+        /// <value>Name of the fulfillment provider for the WebAuthn Preregistration Factor</value>
+        [DataMember(Name = "fulfillmentProvider", EmitDefaultValue = true)]
+        
+        public FulfillmentProviderEnum FulfillmentProvider { get; set; }
+        
+        /// <summary>
+        /// List of credential requests for the fulfillment provider
+        /// </summary>
+        /// <value>List of credential requests for the fulfillment provider</value>
+        [DataMember(Name = "credRequests", EmitDefaultValue = true)]
+        public List<WebAuthnCredRequest> CredRequests { get; set; }
+
+        /// <summary>
+        /// Encrypted JWE of PIN request for the fulfillment provider
+        /// </summary>
+        /// <value>Encrypted JWE of PIN request for the fulfillment provider</value>
+        [DataMember(Name = "pinRequestJwe", EmitDefaultValue = true)]
+        public string PinRequestJwe { get; set; }
+
+        /// <summary>
+        /// ID of an existing Okta user
+        /// </summary>
+        /// <value>ID of an existing Okta user</value>
+        [DataMember(Name = "userId", EmitDefaultValue = true)]
+        public string UserId { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EnrollmentInitializationResponse {\n");
+            sb.Append("  CredRequests: ").Append(CredRequests).Append("\n");
+            sb.Append("  FulfillmentProvider: ").Append(FulfillmentProvider).Append("\n");
+            sb.Append("  PinRequestJwe: ").Append(PinRequestJwe).Append("\n");
+            sb.Append("  UserId: ").Append(UserId).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EnrollmentInitializationResponse);
+        }
+
+        /// <summary>
+        /// Returns true if EnrollmentInitializationResponse instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EnrollmentInitializationResponse to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EnrollmentInitializationResponse input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.CredRequests == input.CredRequests ||
+                    this.CredRequests != null &&
+                    input.CredRequests != null &&
+                    this.CredRequests.SequenceEqual(input.CredRequests)
+                ) && 
+                (
+                    this.FulfillmentProvider == input.FulfillmentProvider ||
+                    this.FulfillmentProvider.Equals(input.FulfillmentProvider)
+                ) && 
+                (
+                    this.PinRequestJwe == input.PinRequestJwe ||
+                    (this.PinRequestJwe != null &&
+                    this.PinRequestJwe.Equals(input.PinRequestJwe))
+                ) && 
+                (
+                    this.UserId == input.UserId ||
+                    (this.UserId != null &&
+                    this.UserId.Equals(input.UserId))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.CredRequests != null)
+                {
+                    hashCode = (hashCode * 59) + this.CredRequests.GetHashCode();
+                }
+                if (this.FulfillmentProvider != null)
+                {
+                    hashCode = (hashCode * 59) + this.FulfillmentProvider.GetHashCode();
+                }
+                if (this.PinRequestJwe != null)
+                {
+                    hashCode = (hashCode * 59) + this.PinRequestJwe.GetHashCode();
+                }
+                if (this.UserId != null)
+                {
+                    hashCode = (hashCode * 59) + this.UserId.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EntitlementValue.cs b/src/Okta.Sdk/Model/EntitlementValue.cs
new file mode 100644
index 000000000..5dc2f7b7d
--- /dev/null
+++ b/src/Okta.Sdk/Model/EntitlementValue.cs
@@ -0,0 +1,162 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// EntitlementValue
+    /// </summary>
+    [DataContract(Name = "EntitlementValue")]
+    
+    public partial class EntitlementValue : IEquatable<EntitlementValue>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Id
+        /// </summary>
+        [DataMember(Name = "id", EmitDefaultValue = true)]
+        public string Id { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Name
+        /// </summary>
+        [DataMember(Name = "name", EmitDefaultValue = true)]
+        public string Name { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Value
+        /// </summary>
+        [DataMember(Name = "value", EmitDefaultValue = true)]
+        public string Value { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Links
+        /// </summary>
+        [DataMember(Name = "_links", EmitDefaultValue = true)]
+        public EntitlementValueLinks Links { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EntitlementValue {\n");
+            sb.Append("  Id: ").Append(Id).Append("\n");
+            sb.Append("  Name: ").Append(Name).Append("\n");
+            sb.Append("  Value: ").Append(Value).Append("\n");
+            sb.Append("  Links: ").Append(Links).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EntitlementValue);
+        }
+
+        /// <summary>
+        /// Returns true if EntitlementValue instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EntitlementValue to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EntitlementValue input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Id == input.Id ||
+                    (this.Id != null &&
+                    this.Id.Equals(input.Id))
+                ) && 
+                (
+                    this.Name == input.Name ||
+                    (this.Name != null &&
+                    this.Name.Equals(input.Name))
+                ) && 
+                (
+                    this.Value == input.Value ||
+                    (this.Value != null &&
+                    this.Value.Equals(input.Value))
+                ) && 
+                (
+                    this.Links == input.Links ||
+                    (this.Links != null &&
+                    this.Links.Equals(input.Links))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Id != null)
+                {
+                    hashCode = (hashCode * 59) + this.Id.GetHashCode();
+                }
+                if (this.Name != null)
+                {
+                    hashCode = (hashCode * 59) + this.Name.GetHashCode();
+                }
+                if (this.Value != null)
+                {
+                    hashCode = (hashCode * 59) + this.Value.GetHashCode();
+                }
+                if (this.Links != null)
+                {
+                    hashCode = (hashCode * 59) + this.Links.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EntitlementValueLinks.cs b/src/Okta.Sdk/Model/EntitlementValueLinks.cs
new file mode 100644
index 000000000..6768c930e
--- /dev/null
+++ b/src/Okta.Sdk/Model/EntitlementValueLinks.cs
@@ -0,0 +1,219 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: AnyOf
+    /// EntitlementValueLinks
+    /// </summary>
+    [JsonConverter(typeof(EntitlementValueLinksJsonConverter))]
+    [DataContract(Name = "EntitlementValue__links")]
+    public partial class EntitlementValueLinks : AbstractOpenAPISchema, IEquatable<EntitlementValueLinks>
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="EntitlementValueLinks" /> class
+        /// with the <see cref="EntitlementValueLinksAnyOf" /> class
+        /// </summary>
+        /// <param name="actualInstance">An instance of EntitlementValueLinksAnyOf.</param>
+        public EntitlementValueLinks(EntitlementValueLinksAnyOf actualInstance)
+        {
+            this.IsNullable = false;
+            this.SchemaType= "anyOf";
+            this.ActualInstance = actualInstance ?? throw new ArgumentException("Invalid instance found. Must not be null.");
+        }
+
+
+        private Object _actualInstance;
+
+        /// <summary>
+        /// Gets or Sets ActualInstance
+        /// </summary>
+        public override Object ActualInstance
+        {
+            get
+            {
+                return _actualInstance;
+            }
+            set
+            {
+                if (value.GetType() == typeof(EntitlementValueLinksAnyOf))
+                {
+                    this._actualInstance = value;
+                }
+                else
+                {
+                    throw new ArgumentException("Invalid instance found. Must be the following types: EntitlementValueLinksAnyOf");
+                }
+            }
+        }
+
+        /// <summary>
+        /// Get the actual instance of `EntitlementValueLinksAnyOf`. If the actual instance is not `EntitlementValueLinksAnyOf`,
+        /// the InvalidClassException will be thrown
+        /// </summary>
+        /// <returns>An instance of EntitlementValueLinksAnyOf</returns>
+        public EntitlementValueLinksAnyOf GetEntitlementValueLinksAnyOf()
+        {
+            return (EntitlementValueLinksAnyOf)this.ActualInstance;
+        }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            var sb = new StringBuilder();
+            sb.Append("class EntitlementValueLinks {\n");
+            sb.Append("  ActualInstance: ").Append(this.ActualInstance).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return JsonConvert.SerializeObject(this.ActualInstance, EntitlementValueLinks.SerializerSettings);
+        }
+
+        /// <summary>
+        /// Converts the JSON string into an instance of EntitlementValueLinks
+        /// </summary>
+        /// <param name="jsonString">JSON string</param>
+        /// <returns>An instance of EntitlementValueLinks</returns>
+        public static EntitlementValueLinks FromJson(string jsonString)
+        {
+            EntitlementValueLinks newEntitlementValueLinks = null;
+
+            if (string.IsNullOrEmpty(jsonString))
+            {
+                return newEntitlementValueLinks;
+            }
+
+            try
+            {
+                newEntitlementValueLinks = new EntitlementValueLinks(JsonConvert.DeserializeObject<EntitlementValueLinksAnyOf>(jsonString, EntitlementValueLinks.SerializerSettings));
+                // deserialization is considered successful at this point if no exception has been thrown.
+                return newEntitlementValueLinks;
+            }
+            catch (Exception exception)
+            {
+                // deserialization failed, try the next one
+                System.Diagnostics.Debug.WriteLine(string.Format("Failed to deserialize `{0}` into EntitlementValueLinksAnyOf: {1}", jsonString, exception.ToString()));
+            }
+
+            // no match found, throw an exception
+            throw new InvalidDataException("The JSON string `" + jsonString + "` cannot be deserialized into any schema defined.");
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EntitlementValueLinks);
+        }
+
+        /// <summary>
+        /// Returns true if EntitlementValueLinks instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EntitlementValueLinks to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EntitlementValueLinks input)
+        {
+            if (input == null)
+                return false;
+
+            return this.ActualInstance.Equals(input.ActualInstance);
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                if (this.ActualInstance != null)
+                    hashCode = hashCode * 59 + this.ActualInstance.GetHashCode();
+                return hashCode;
+            }
+        }
+
+    }
+
+    /// <summary>
+    /// Custom JSON converter for EntitlementValueLinks
+    /// </summary>
+    public class EntitlementValueLinksJsonConverter : JsonConverter
+    {
+        /// <summary>
+        /// To write the JSON string
+        /// </summary>
+        /// <param name="writer">JSON writer</param>
+        /// <param name="value">Object to be converted into a JSON string</param>
+        /// <param name="serializer">JSON Serializer</param>
+        public override void WriteJson(JsonWriter writer, object value, JsonSerializer serializer)
+        {
+            writer.WriteRawValue((string)(typeof(EntitlementValueLinks).GetMethod("ToJson").Invoke(value, null)));
+        }
+
+        /// <summary>
+        /// To convert a JSON string into an object
+        /// </summary>
+        /// <param name="reader">JSON reader</param>
+        /// <param name="objectType">Object type</param>
+        /// <param name="existingValue">Existing value</param>
+        /// <param name="serializer">JSON Serializer</param>
+        /// <returns>The object converted from the JSON string</returns>
+        public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer)
+        {
+            if(reader.TokenType != JsonToken.Null)
+            {
+                return EntitlementValueLinks.FromJson(JObject.Load(reader).ToString(Formatting.None));
+            }
+            return null;
+        }
+
+        /// <summary>
+        /// Check if the object can be converted
+        /// </summary>
+        /// <param name="objectType">Object type</param>
+        /// <returns>True if the object can be converted</returns>
+        public override bool CanConvert(Type objectType)
+        {
+            return false;
+        }
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EntitlementValueLinksAnyOf.cs b/src/Okta.Sdk/Model/EntitlementValueLinksAnyOf.cs
new file mode 100644
index 000000000..99481b381
--- /dev/null
+++ b/src/Okta.Sdk/Model/EntitlementValueLinksAnyOf.cs
@@ -0,0 +1,146 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// EntitlementValueLinksAnyOf
+    /// </summary>
+    [DataContract(Name = "EntitlementValue__links_anyOf")]
+    
+    public partial class EntitlementValueLinksAnyOf : IEquatable<EntitlementValueLinksAnyOf>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Group
+        /// </summary>
+        [DataMember(Name = "group", EmitDefaultValue = true)]
+        public HrefObject Group { get; set; }
+
+        /// <summary>
+        /// Gets or Sets App
+        /// </summary>
+        [DataMember(Name = "app", EmitDefaultValue = true)]
+        public HrefObject App { get; set; }
+
+        /// <summary>
+        /// Gets or Sets ResourceSet
+        /// </summary>
+        [DataMember(Name = "resource-set", EmitDefaultValue = true)]
+        public HrefObject ResourceSet { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EntitlementValueLinksAnyOf {\n");
+            sb.Append("  Group: ").Append(Group).Append("\n");
+            sb.Append("  App: ").Append(App).Append("\n");
+            sb.Append("  ResourceSet: ").Append(ResourceSet).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EntitlementValueLinksAnyOf);
+        }
+
+        /// <summary>
+        /// Returns true if EntitlementValueLinksAnyOf instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EntitlementValueLinksAnyOf to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EntitlementValueLinksAnyOf input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Group == input.Group ||
+                    (this.Group != null &&
+                    this.Group.Equals(input.Group))
+                ) && 
+                (
+                    this.App == input.App ||
+                    (this.App != null &&
+                    this.App.Equals(input.App))
+                ) && 
+                (
+                    this.ResourceSet == input.ResourceSet ||
+                    (this.ResourceSet != null &&
+                    this.ResourceSet.Equals(input.ResourceSet))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Group != null)
+                {
+                    hashCode = (hashCode * 59) + this.Group.GetHashCode();
+                }
+                if (this.App != null)
+                {
+                    hashCode = (hashCode * 59) + this.App.GetHashCode();
+                }
+                if (this.ResourceSet != null)
+                {
+                    hashCode = (hashCode * 59) + this.ResourceSet.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EntitlementValuesResponse.cs b/src/Okta.Sdk/Model/EntitlementValuesResponse.cs
new file mode 100644
index 000000000..b27e64b8a
--- /dev/null
+++ b/src/Okta.Sdk/Model/EntitlementValuesResponse.cs
@@ -0,0 +1,131 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// EntitlementValuesResponse
+    /// </summary>
+    [DataContract(Name = "EntitlementValuesResponse")]
+    
+    public partial class EntitlementValuesResponse : IEquatable<EntitlementValuesResponse>
+    {
+        
+        /// <summary>
+        /// Gets or Sets EntitlementValues
+        /// </summary>
+        [DataMember(Name = "entitlementValues", EmitDefaultValue = true)]
+        public List<EntitlementValue> EntitlementValues { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Links
+        /// </summary>
+        [DataMember(Name = "_links", EmitDefaultValue = true)]
+        public EntitlementValuesResponseLinks Links { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EntitlementValuesResponse {\n");
+            sb.Append("  EntitlementValues: ").Append(EntitlementValues).Append("\n");
+            sb.Append("  Links: ").Append(Links).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EntitlementValuesResponse);
+        }
+
+        /// <summary>
+        /// Returns true if EntitlementValuesResponse instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EntitlementValuesResponse to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EntitlementValuesResponse input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.EntitlementValues == input.EntitlementValues ||
+                    this.EntitlementValues != null &&
+                    input.EntitlementValues != null &&
+                    this.EntitlementValues.SequenceEqual(input.EntitlementValues)
+                ) && 
+                (
+                    this.Links == input.Links ||
+                    (this.Links != null &&
+                    this.Links.Equals(input.Links))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.EntitlementValues != null)
+                {
+                    hashCode = (hashCode * 59) + this.EntitlementValues.GetHashCode();
+                }
+                if (this.Links != null)
+                {
+                    hashCode = (hashCode * 59) + this.Links.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EntitlementValuesResponseLinks.cs b/src/Okta.Sdk/Model/EntitlementValuesResponseLinks.cs
new file mode 100644
index 000000000..b35f61a3e
--- /dev/null
+++ b/src/Okta.Sdk/Model/EntitlementValuesResponseLinks.cs
@@ -0,0 +1,295 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: AnyOf
+    /// EntitlementValuesResponseLinks
+    /// </summary>
+    [JsonConverter(typeof(EntitlementValuesResponseLinksJsonConverter))]
+    [DataContract(Name = "EntitlementValuesResponse__links")]
+    public partial class EntitlementValuesResponseLinks : AbstractOpenAPISchema, IEquatable<EntitlementValuesResponseLinks>
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="EntitlementValuesResponseLinks" /> class
+        /// with the <see cref="EntitlementValuesResponseLinksAnyOf" /> class
+        /// </summary>
+        /// <param name="actualInstance">An instance of EntitlementValuesResponseLinksAnyOf.</param>
+        public EntitlementValuesResponseLinks(EntitlementValuesResponseLinksAnyOf actualInstance)
+        {
+            this.IsNullable = false;
+            this.SchemaType= "anyOf";
+            this.ActualInstance = actualInstance ?? throw new ArgumentException("Invalid instance found. Must not be null.");
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="EntitlementValuesResponseLinks" /> class
+        /// with the <see cref="LinksNext" /> class
+        /// </summary>
+        /// <param name="actualInstance">An instance of LinksNext.</param>
+        public EntitlementValuesResponseLinks(LinksNext actualInstance)
+        {
+            this.IsNullable = false;
+            this.SchemaType= "anyOf";
+            this.ActualInstance = actualInstance ?? throw new ArgumentException("Invalid instance found. Must not be null.");
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="EntitlementValuesResponseLinks" /> class
+        /// with the <see cref="LinksSelf" /> class
+        /// </summary>
+        /// <param name="actualInstance">An instance of LinksSelf.</param>
+        public EntitlementValuesResponseLinks(LinksSelf actualInstance)
+        {
+            this.IsNullable = false;
+            this.SchemaType= "anyOf";
+            this.ActualInstance = actualInstance ?? throw new ArgumentException("Invalid instance found. Must not be null.");
+        }
+
+
+        private Object _actualInstance;
+
+        /// <summary>
+        /// Gets or Sets ActualInstance
+        /// </summary>
+        public override Object ActualInstance
+        {
+            get
+            {
+                return _actualInstance;
+            }
+            set
+            {
+                if (value.GetType() == typeof(EntitlementValuesResponseLinksAnyOf))
+                {
+                    this._actualInstance = value;
+                }
+                else if (value.GetType() == typeof(LinksNext))
+                {
+                    this._actualInstance = value;
+                }
+                else if (value.GetType() == typeof(LinksSelf))
+                {
+                    this._actualInstance = value;
+                }
+                else
+                {
+                    throw new ArgumentException("Invalid instance found. Must be the following types: EntitlementValuesResponseLinksAnyOf, LinksNext, LinksSelf");
+                }
+            }
+        }
+
+        /// <summary>
+        /// Get the actual instance of `EntitlementValuesResponseLinksAnyOf`. If the actual instance is not `EntitlementValuesResponseLinksAnyOf`,
+        /// the InvalidClassException will be thrown
+        /// </summary>
+        /// <returns>An instance of EntitlementValuesResponseLinksAnyOf</returns>
+        public EntitlementValuesResponseLinksAnyOf GetEntitlementValuesResponseLinksAnyOf()
+        {
+            return (EntitlementValuesResponseLinksAnyOf)this.ActualInstance;
+        }
+
+        /// <summary>
+        /// Get the actual instance of `LinksNext`. If the actual instance is not `LinksNext`,
+        /// the InvalidClassException will be thrown
+        /// </summary>
+        /// <returns>An instance of LinksNext</returns>
+        public LinksNext GetLinksNext()
+        {
+            return (LinksNext)this.ActualInstance;
+        }
+
+        /// <summary>
+        /// Get the actual instance of `LinksSelf`. If the actual instance is not `LinksSelf`,
+        /// the InvalidClassException will be thrown
+        /// </summary>
+        /// <returns>An instance of LinksSelf</returns>
+        public LinksSelf GetLinksSelf()
+        {
+            return (LinksSelf)this.ActualInstance;
+        }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            var sb = new StringBuilder();
+            sb.Append("class EntitlementValuesResponseLinks {\n");
+            sb.Append("  ActualInstance: ").Append(this.ActualInstance).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return JsonConvert.SerializeObject(this.ActualInstance, EntitlementValuesResponseLinks.SerializerSettings);
+        }
+
+        /// <summary>
+        /// Converts the JSON string into an instance of EntitlementValuesResponseLinks
+        /// </summary>
+        /// <param name="jsonString">JSON string</param>
+        /// <returns>An instance of EntitlementValuesResponseLinks</returns>
+        public static EntitlementValuesResponseLinks FromJson(string jsonString)
+        {
+            EntitlementValuesResponseLinks newEntitlementValuesResponseLinks = null;
+
+            if (string.IsNullOrEmpty(jsonString))
+            {
+                return newEntitlementValuesResponseLinks;
+            }
+
+            try
+            {
+                newEntitlementValuesResponseLinks = new EntitlementValuesResponseLinks(JsonConvert.DeserializeObject<EntitlementValuesResponseLinksAnyOf>(jsonString, EntitlementValuesResponseLinks.SerializerSettings));
+                // deserialization is considered successful at this point if no exception has been thrown.
+                return newEntitlementValuesResponseLinks;
+            }
+            catch (Exception exception)
+            {
+                // deserialization failed, try the next one
+                System.Diagnostics.Debug.WriteLine(string.Format("Failed to deserialize `{0}` into EntitlementValuesResponseLinksAnyOf: {1}", jsonString, exception.ToString()));
+            }
+
+            try
+            {
+                newEntitlementValuesResponseLinks = new EntitlementValuesResponseLinks(JsonConvert.DeserializeObject<LinksNext>(jsonString, EntitlementValuesResponseLinks.SerializerSettings));
+                // deserialization is considered successful at this point if no exception has been thrown.
+                return newEntitlementValuesResponseLinks;
+            }
+            catch (Exception exception)
+            {
+                // deserialization failed, try the next one
+                System.Diagnostics.Debug.WriteLine(string.Format("Failed to deserialize `{0}` into LinksNext: {1}", jsonString, exception.ToString()));
+            }
+
+            try
+            {
+                newEntitlementValuesResponseLinks = new EntitlementValuesResponseLinks(JsonConvert.DeserializeObject<LinksSelf>(jsonString, EntitlementValuesResponseLinks.SerializerSettings));
+                // deserialization is considered successful at this point if no exception has been thrown.
+                return newEntitlementValuesResponseLinks;
+            }
+            catch (Exception exception)
+            {
+                // deserialization failed, try the next one
+                System.Diagnostics.Debug.WriteLine(string.Format("Failed to deserialize `{0}` into LinksSelf: {1}", jsonString, exception.ToString()));
+            }
+
+            // no match found, throw an exception
+            throw new InvalidDataException("The JSON string `" + jsonString + "` cannot be deserialized into any schema defined.");
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EntitlementValuesResponseLinks);
+        }
+
+        /// <summary>
+        /// Returns true if EntitlementValuesResponseLinks instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EntitlementValuesResponseLinks to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EntitlementValuesResponseLinks input)
+        {
+            if (input == null)
+                return false;
+
+            return this.ActualInstance.Equals(input.ActualInstance);
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                if (this.ActualInstance != null)
+                    hashCode = hashCode * 59 + this.ActualInstance.GetHashCode();
+                return hashCode;
+            }
+        }
+
+    }
+
+    /// <summary>
+    /// Custom JSON converter for EntitlementValuesResponseLinks
+    /// </summary>
+    public class EntitlementValuesResponseLinksJsonConverter : JsonConverter
+    {
+        /// <summary>
+        /// To write the JSON string
+        /// </summary>
+        /// <param name="writer">JSON writer</param>
+        /// <param name="value">Object to be converted into a JSON string</param>
+        /// <param name="serializer">JSON Serializer</param>
+        public override void WriteJson(JsonWriter writer, object value, JsonSerializer serializer)
+        {
+            writer.WriteRawValue((string)(typeof(EntitlementValuesResponseLinks).GetMethod("ToJson").Invoke(value, null)));
+        }
+
+        /// <summary>
+        /// To convert a JSON string into an object
+        /// </summary>
+        /// <param name="reader">JSON reader</param>
+        /// <param name="objectType">Object type</param>
+        /// <param name="existingValue">Existing value</param>
+        /// <param name="serializer">JSON Serializer</param>
+        /// <returns>The object converted from the JSON string</returns>
+        public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer)
+        {
+            if(reader.TokenType != JsonToken.Null)
+            {
+                return EntitlementValuesResponseLinks.FromJson(JObject.Load(reader).ToString(Formatting.None));
+            }
+            return null;
+        }
+
+        /// <summary>
+        /// Check if the object can be converted
+        /// </summary>
+        /// <param name="objectType">Object type</param>
+        /// <returns>True if the object can be converted</returns>
+        public override bool CanConvert(Type objectType)
+        {
+            return false;
+        }
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EntitlementValuesResponseLinksAnyOf.cs b/src/Okta.Sdk/Model/EntitlementValuesResponseLinksAnyOf.cs
new file mode 100644
index 000000000..180e417b3
--- /dev/null
+++ b/src/Okta.Sdk/Model/EntitlementValuesResponseLinksAnyOf.cs
@@ -0,0 +1,130 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// EntitlementValuesResponseLinksAnyOf
+    /// </summary>
+    [DataContract(Name = "EntitlementValuesResponse__links_anyOf")]
+    
+    public partial class EntitlementValuesResponseLinksAnyOf : IEquatable<EntitlementValuesResponseLinksAnyOf>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Bundle
+        /// </summary>
+        [DataMember(Name = "bundle", EmitDefaultValue = true)]
+        public HrefObject Bundle { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Entitlements
+        /// </summary>
+        [DataMember(Name = "entitlements", EmitDefaultValue = true)]
+        public HrefObject Entitlements { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EntitlementValuesResponseLinksAnyOf {\n");
+            sb.Append("  Bundle: ").Append(Bundle).Append("\n");
+            sb.Append("  Entitlements: ").Append(Entitlements).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EntitlementValuesResponseLinksAnyOf);
+        }
+
+        /// <summary>
+        /// Returns true if EntitlementValuesResponseLinksAnyOf instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EntitlementValuesResponseLinksAnyOf to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EntitlementValuesResponseLinksAnyOf input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Bundle == input.Bundle ||
+                    (this.Bundle != null &&
+                    this.Bundle.Equals(input.Bundle))
+                ) && 
+                (
+                    this.Entitlements == input.Entitlements ||
+                    (this.Entitlements != null &&
+                    this.Entitlements.Equals(input.Entitlements))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Bundle != null)
+                {
+                    hashCode = (hashCode * 59) + this.Bundle.GetHashCode();
+                }
+                if (this.Entitlements != null)
+                {
+                    hashCode = (hashCode * 59) + this.Entitlements.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EntityRiskPolicy.cs b/src/Okta.Sdk/Model/EntityRiskPolicy.cs
new file mode 100644
index 000000000..241ba4289
--- /dev/null
+++ b/src/Okta.Sdk/Model/EntityRiskPolicy.cs
@@ -0,0 +1,126 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using JsonSubTypes;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// EntityRiskPolicy
+    /// </summary>
+    [DataContract(Name = "EntityRiskPolicy")]
+    [JsonConverter(typeof(JsonSubtypes), "Type")]
+    [JsonSubtypes.KnownSubType(typeof(AccessPolicy), "ACCESS_POLICY")]
+    [JsonSubtypes.KnownSubType(typeof(ContinuousAccessPolicy), "CONTINUOUS_ACCESS")]
+    [JsonSubtypes.KnownSubType(typeof(EntityRiskPolicy), "ENTITY_RISK")]
+    [JsonSubtypes.KnownSubType(typeof(IdpDiscoveryPolicy), "IDP_DISCOVERY")]
+    [JsonSubtypes.KnownSubType(typeof(MultifactorEnrollmentPolicy), "MFA_ENROLL")]
+    [JsonSubtypes.KnownSubType(typeof(OktaSignOnPolicy), "OKTA_SIGN_ON")]
+    [JsonSubtypes.KnownSubType(typeof(PasswordPolicy), "PASSWORD")]
+    [JsonSubtypes.KnownSubType(typeof(ProfileEnrollmentPolicy), "PROFILE_ENROLLMENT")]
+    
+    public partial class EntityRiskPolicy : Policy, IEquatable<EntityRiskPolicy>
+    {
+        
+        /// <summary>
+        /// Policy conditions aren&#39;t supported for this policy types.
+        /// </summary>
+        /// <value>Policy conditions aren&#39;t supported for this policy types.</value>
+        [DataMember(Name = "conditions", EmitDefaultValue = true)]
+        public string Conditions { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EntityRiskPolicy {\n");
+            sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
+            sb.Append("  Conditions: ").Append(Conditions).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EntityRiskPolicy);
+        }
+
+        /// <summary>
+        /// Returns true if EntityRiskPolicy instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EntityRiskPolicy to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EntityRiskPolicy input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return base.Equals(input) && 
+                (
+                    this.Conditions == input.Conditions ||
+                    (this.Conditions != null &&
+                    this.Conditions.Equals(input.Conditions))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = base.GetHashCode();
+                
+                if (this.Conditions != null)
+                {
+                    hashCode = (hashCode * 59) + this.Conditions.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EntityRiskPolicyRule.cs b/src/Okta.Sdk/Model/EntityRiskPolicyRule.cs
new file mode 100644
index 000000000..0491d92b7
--- /dev/null
+++ b/src/Okta.Sdk/Model/EntityRiskPolicyRule.cs
@@ -0,0 +1,141 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using JsonSubTypes;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// EntityRiskPolicyRule
+    /// </summary>
+    [DataContract(Name = "EntityRiskPolicyRule")]
+    [JsonConverter(typeof(JsonSubtypes), "Type")]
+    [JsonSubtypes.KnownSubType(typeof(AccessPolicyRule), "ACCESS_POLICY")]
+    [JsonSubtypes.KnownSubType(typeof(ContinuousAccessPolicyRule), "CONTINUOUS_ACCESS")]
+    [JsonSubtypes.KnownSubType(typeof(EntityRiskPolicyRule), "ENTITY_RISK")]
+    [JsonSubtypes.KnownSubType(typeof(IdpDiscoveryPolicyRule), "IDP_DISCOVERY")]
+    [JsonSubtypes.KnownSubType(typeof(PasswordPolicyRule), "PASSWORD")]
+    [JsonSubtypes.KnownSubType(typeof(ProfileEnrollmentPolicyRule), "PROFILE_ENROLLMENT")]
+    [JsonSubtypes.KnownSubType(typeof(AuthorizationServerPolicyRule), "RESOURCE_ACCESS")]
+    [JsonSubtypes.KnownSubType(typeof(OktaSignOnPolicyRule), "SIGN_ON")]
+    
+    public partial class EntityRiskPolicyRule : PolicyRule, IEquatable<EntityRiskPolicyRule>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Actions
+        /// </summary>
+        [DataMember(Name = "actions", EmitDefaultValue = true)]
+        public EntityRiskPolicyRuleAllOfActions Actions { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Conditions
+        /// </summary>
+        [DataMember(Name = "conditions", EmitDefaultValue = true)]
+        public EntityRiskPolicyRuleAllOfConditions Conditions { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EntityRiskPolicyRule {\n");
+            sb.Append("  ").Append(base.ToString().Replace("\n", "\n  ")).Append("\n");
+            sb.Append("  Actions: ").Append(Actions).Append("\n");
+            sb.Append("  Conditions: ").Append(Conditions).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public override string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EntityRiskPolicyRule);
+        }
+
+        /// <summary>
+        /// Returns true if EntityRiskPolicyRule instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EntityRiskPolicyRule to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EntityRiskPolicyRule input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return base.Equals(input) && 
+                (
+                    this.Actions == input.Actions ||
+                    (this.Actions != null &&
+                    this.Actions.Equals(input.Actions))
+                ) && base.Equals(input) && 
+                (
+                    this.Conditions == input.Conditions ||
+                    (this.Conditions != null &&
+                    this.Conditions.Equals(input.Conditions))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = base.GetHashCode();
+                
+                if (this.Actions != null)
+                {
+                    hashCode = (hashCode * 59) + this.Actions.GetHashCode();
+                }
+                if (this.Conditions != null)
+                {
+                    hashCode = (hashCode * 59) + this.Conditions.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EntityRiskPolicyRuleActionRunWorkflow.cs b/src/Okta.Sdk/Model/EntityRiskPolicyRuleActionRunWorkflow.cs
new file mode 100644
index 000000000..7c74c579c
--- /dev/null
+++ b/src/Okta.Sdk/Model/EntityRiskPolicyRuleActionRunWorkflow.cs
@@ -0,0 +1,159 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// EntityRiskPolicyRuleActionRunWorkflow
+    /// </summary>
+    [DataContract(Name = "EntityRiskPolicyRuleActionRunWorkflow")]
+    
+    public partial class EntityRiskPolicyRuleActionRunWorkflow : IEquatable<EntityRiskPolicyRuleActionRunWorkflow>
+    {
+        /// <summary>
+        /// Defines Action
+        /// </summary>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class ActionEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum RUNWORKFLOW for value: RUN_WORKFLOW
+            /// </summary>
+            
+            public static ActionEnum RUNWORKFLOW = new ActionEnum("RUN_WORKFLOW");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="ActionEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator ActionEnum(string value) => new ActionEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="Action"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public ActionEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// Gets or Sets Action
+        /// </summary>
+        [DataMember(Name = "action", EmitDefaultValue = true)]
+        
+        public ActionEnum Action { get; set; }
+        
+        /// <summary>
+        /// Gets or Sets Workflow
+        /// </summary>
+        [DataMember(Name = "workflow", EmitDefaultValue = true)]
+        public ContinuousAccessPolicyRuleRunWorkflowWorkflow Workflow { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EntityRiskPolicyRuleActionRunWorkflow {\n");
+            sb.Append("  Action: ").Append(Action).Append("\n");
+            sb.Append("  Workflow: ").Append(Workflow).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EntityRiskPolicyRuleActionRunWorkflow);
+        }
+
+        /// <summary>
+        /// Returns true if EntityRiskPolicyRuleActionRunWorkflow instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EntityRiskPolicyRuleActionRunWorkflow to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EntityRiskPolicyRuleActionRunWorkflow input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Action == input.Action ||
+                    this.Action.Equals(input.Action)
+                ) && 
+                (
+                    this.Workflow == input.Workflow ||
+                    (this.Workflow != null &&
+                    this.Workflow.Equals(input.Workflow))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Action != null)
+                {
+                    hashCode = (hashCode * 59) + this.Action.GetHashCode();
+                }
+                if (this.Workflow != null)
+                {
+                    hashCode = (hashCode * 59) + this.Workflow.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EntityRiskPolicyRuleActionTerminateAllSessions.cs b/src/Okta.Sdk/Model/EntityRiskPolicyRuleActionTerminateAllSessions.cs
new file mode 100644
index 000000000..84fc87836
--- /dev/null
+++ b/src/Okta.Sdk/Model/EntityRiskPolicyRuleActionTerminateAllSessions.cs
@@ -0,0 +1,145 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// EntityRiskPolicyRuleActionTerminateAllSessions
+    /// </summary>
+    [DataContract(Name = "EntityRiskPolicyRuleActionTerminateAllSessions")]
+    
+    public partial class EntityRiskPolicyRuleActionTerminateAllSessions : IEquatable<EntityRiskPolicyRuleActionTerminateAllSessions>
+    {
+        /// <summary>
+        /// This action revokes or terminates all of the user&#39;s active sessions.
+        /// </summary>
+        /// <value>This action revokes or terminates all of the user&#39;s active sessions.</value>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class ActionEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum TERMINATEALLSESSIONS for value: TERMINATE_ALL_SESSIONS
+            /// </summary>
+            
+            public static ActionEnum TERMINATEALLSESSIONS = new ActionEnum("TERMINATE_ALL_SESSIONS");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="ActionEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator ActionEnum(string value) => new ActionEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="Action"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public ActionEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// This action revokes or terminates all of the user&#39;s active sessions.
+        /// </summary>
+        /// <value>This action revokes or terminates all of the user&#39;s active sessions.</value>
+        [DataMember(Name = "action", EmitDefaultValue = true)]
+        
+        public ActionEnum Action { get; set; }
+        
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EntityRiskPolicyRuleActionTerminateAllSessions {\n");
+            sb.Append("  Action: ").Append(Action).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EntityRiskPolicyRuleActionTerminateAllSessions);
+        }
+
+        /// <summary>
+        /// Returns true if EntityRiskPolicyRuleActionTerminateAllSessions instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EntityRiskPolicyRuleActionTerminateAllSessions to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EntityRiskPolicyRuleActionTerminateAllSessions input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Action == input.Action ||
+                    this.Action.Equals(input.Action)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Action != null)
+                {
+                    hashCode = (hashCode * 59) + this.Action.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EntityRiskPolicyRuleActionsObject.cs b/src/Okta.Sdk/Model/EntityRiskPolicyRuleActionsObject.cs
new file mode 100644
index 000000000..2d339ab8b
--- /dev/null
+++ b/src/Okta.Sdk/Model/EntityRiskPolicyRuleActionsObject.cs
@@ -0,0 +1,153 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using JsonSubTypes;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// EntityRiskPolicyRuleActionsObject
+    /// </summary>
+    [DataContract(Name = "EntityRiskPolicyRuleActionsObject")]
+    [JsonConverter(typeof(JsonSubtypes), "Action")]
+    [JsonSubtypes.KnownSubType(typeof(EntityRiskPolicyRuleActionRunWorkflow), "RUN_WORKFLOW")]
+    [JsonSubtypes.KnownSubType(typeof(EntityRiskPolicyRuleActionTerminateAllSessions), "TERMINATE_ALL_SESSIONS")]
+    
+    public partial class EntityRiskPolicyRuleActionsObject : IEquatable<EntityRiskPolicyRuleActionsObject>
+    {
+        /// <summary>
+        /// Defines Action
+        /// </summary>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class ActionEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum RUNWORKFLOW for value: RUN_WORKFLOW
+            /// </summary>
+            
+            public static ActionEnum RUNWORKFLOW = new ActionEnum("RUN_WORKFLOW");
+
+            /// <summary>
+            /// StringEnum TERMINATEALLSESSIONS for value: TERMINATE_ALL_SESSIONS
+            /// </summary>
+            
+            public static ActionEnum TERMINATEALLSESSIONS = new ActionEnum("TERMINATE_ALL_SESSIONS");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="ActionEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator ActionEnum(string value) => new ActionEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="Action"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public ActionEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// Gets or Sets Action
+        /// </summary>
+        [DataMember(Name = "action", EmitDefaultValue = true)]
+        
+        public ActionEnum Action { get; set; }
+        
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EntityRiskPolicyRuleActionsObject {\n");
+            sb.Append("  Action: ").Append(Action).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EntityRiskPolicyRuleActionsObject);
+        }
+
+        /// <summary>
+        /// Returns true if EntityRiskPolicyRuleActionsObject instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EntityRiskPolicyRuleActionsObject to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EntityRiskPolicyRuleActionsObject input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Action == input.Action ||
+                    this.Action.Equals(input.Action)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Action != null)
+                {
+                    hashCode = (hashCode * 59) + this.Action.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EntityRiskPolicyRuleAllOfActions.cs b/src/Okta.Sdk/Model/EntityRiskPolicyRuleAllOfActions.cs
new file mode 100644
index 000000000..4327bf307
--- /dev/null
+++ b/src/Okta.Sdk/Model/EntityRiskPolicyRuleAllOfActions.cs
@@ -0,0 +1,114 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// The action to take based on the risk event
+    /// </summary>
+    [DataContract(Name = "EntityRiskPolicyRule_allOf_actions")]
+    
+    public partial class EntityRiskPolicyRuleAllOfActions : IEquatable<EntityRiskPolicyRuleAllOfActions>
+    {
+        
+        /// <summary>
+        /// Gets or Sets EntityRisk
+        /// </summary>
+        [DataMember(Name = "entityRisk", EmitDefaultValue = true)]
+        public EntityRiskPolicyRuleAllOfActionsEntityRisk EntityRisk { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EntityRiskPolicyRuleAllOfActions {\n");
+            sb.Append("  EntityRisk: ").Append(EntityRisk).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EntityRiskPolicyRuleAllOfActions);
+        }
+
+        /// <summary>
+        /// Returns true if EntityRiskPolicyRuleAllOfActions instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EntityRiskPolicyRuleAllOfActions to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EntityRiskPolicyRuleAllOfActions input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.EntityRisk == input.EntityRisk ||
+                    (this.EntityRisk != null &&
+                    this.EntityRisk.Equals(input.EntityRisk))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.EntityRisk != null)
+                {
+                    hashCode = (hashCode * 59) + this.EntityRisk.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EntityRiskPolicyRuleAllOfActionsEntityRisk.cs b/src/Okta.Sdk/Model/EntityRiskPolicyRuleAllOfActionsEntityRisk.cs
new file mode 100644
index 000000000..701408ff5
--- /dev/null
+++ b/src/Okta.Sdk/Model/EntityRiskPolicyRuleAllOfActionsEntityRisk.cs
@@ -0,0 +1,116 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// The object that contains the &#x60;actions&#x60; array
+    /// </summary>
+    [DataContract(Name = "EntityRiskPolicyRule_allOf_actions_entityRisk")]
+    
+    public partial class EntityRiskPolicyRuleAllOfActionsEntityRisk : IEquatable<EntityRiskPolicyRuleAllOfActionsEntityRisk>
+    {
+        
+        /// <summary>
+        /// The &#x60;entityRisk&#x60; object&#39;s &#x60;actions&#x60; array can be empty or contain one of two &#x60;action&#x60; object value pairs. This object determines the specific response to a risk event.
+        /// </summary>
+        /// <value>The &#x60;entityRisk&#x60; object&#39;s &#x60;actions&#x60; array can be empty or contain one of two &#x60;action&#x60; object value pairs. This object determines the specific response to a risk event.</value>
+        [DataMember(Name = "actions", EmitDefaultValue = true)]
+        public List<EntityRiskPolicyRuleActionsObject> Actions { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EntityRiskPolicyRuleAllOfActionsEntityRisk {\n");
+            sb.Append("  Actions: ").Append(Actions).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EntityRiskPolicyRuleAllOfActionsEntityRisk);
+        }
+
+        /// <summary>
+        /// Returns true if EntityRiskPolicyRuleAllOfActionsEntityRisk instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EntityRiskPolicyRuleAllOfActionsEntityRisk to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EntityRiskPolicyRuleAllOfActionsEntityRisk input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Actions == input.Actions ||
+                    this.Actions != null &&
+                    input.Actions != null &&
+                    this.Actions.SequenceEqual(input.Actions)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Actions != null)
+                {
+                    hashCode = (hashCode * 59) + this.Actions.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EntityRiskPolicyRuleAllOfConditions.cs b/src/Okta.Sdk/Model/EntityRiskPolicyRuleAllOfConditions.cs
new file mode 100644
index 000000000..577279518
--- /dev/null
+++ b/src/Okta.Sdk/Model/EntityRiskPolicyRuleAllOfConditions.cs
@@ -0,0 +1,146 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// EntityRiskPolicyRuleAllOfConditions
+    /// </summary>
+    [DataContract(Name = "EntityRiskPolicyRule_allOf_conditions")]
+    
+    public partial class EntityRiskPolicyRuleAllOfConditions : IEquatable<EntityRiskPolicyRuleAllOfConditions>
+    {
+        
+        /// <summary>
+        /// Gets or Sets People
+        /// </summary>
+        [DataMember(Name = "people", EmitDefaultValue = true)]
+        public PolicyPeopleCondition People { get; set; }
+
+        /// <summary>
+        /// Gets or Sets RiskDetectionTypes
+        /// </summary>
+        [DataMember(Name = "riskDetectionTypes", EmitDefaultValue = true)]
+        public EntityRiskPolicyRuleAllOfConditionsRiskDetectionTypes RiskDetectionTypes { get; set; }
+
+        /// <summary>
+        /// Gets or Sets EntityRisk
+        /// </summary>
+        [DataMember(Name = "EntityRisk", EmitDefaultValue = true)]
+        public EntityRiskPolicyRuleAllOfConditionsEntityRisk EntityRisk { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EntityRiskPolicyRuleAllOfConditions {\n");
+            sb.Append("  People: ").Append(People).Append("\n");
+            sb.Append("  RiskDetectionTypes: ").Append(RiskDetectionTypes).Append("\n");
+            sb.Append("  EntityRisk: ").Append(EntityRisk).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EntityRiskPolicyRuleAllOfConditions);
+        }
+
+        /// <summary>
+        /// Returns true if EntityRiskPolicyRuleAllOfConditions instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EntityRiskPolicyRuleAllOfConditions to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EntityRiskPolicyRuleAllOfConditions input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.People == input.People ||
+                    (this.People != null &&
+                    this.People.Equals(input.People))
+                ) && 
+                (
+                    this.RiskDetectionTypes == input.RiskDetectionTypes ||
+                    (this.RiskDetectionTypes != null &&
+                    this.RiskDetectionTypes.Equals(input.RiskDetectionTypes))
+                ) && 
+                (
+                    this.EntityRisk == input.EntityRisk ||
+                    (this.EntityRisk != null &&
+                    this.EntityRisk.Equals(input.EntityRisk))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.People != null)
+                {
+                    hashCode = (hashCode * 59) + this.People.GetHashCode();
+                }
+                if (this.RiskDetectionTypes != null)
+                {
+                    hashCode = (hashCode * 59) + this.RiskDetectionTypes.GetHashCode();
+                }
+                if (this.EntityRisk != null)
+                {
+                    hashCode = (hashCode * 59) + this.EntityRisk.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EntityRiskPolicyRuleAllOfConditionsEntityRisk.cs b/src/Okta.Sdk/Model/EntityRiskPolicyRuleAllOfConditionsEntityRisk.cs
new file mode 100644
index 000000000..23e768e08
--- /dev/null
+++ b/src/Okta.Sdk/Model/EntityRiskPolicyRuleAllOfConditionsEntityRisk.cs
@@ -0,0 +1,161 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// The risk score level of the entity risk policy rule
+    /// </summary>
+    [DataContract(Name = "EntityRiskPolicyRule_allOf_conditions_EntityRisk")]
+    
+    public partial class EntityRiskPolicyRuleAllOfConditionsEntityRisk : IEquatable<EntityRiskPolicyRuleAllOfConditionsEntityRisk>
+    {
+        /// <summary>
+        /// Defines Level
+        /// </summary>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class LevelEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum ANY for value: ANY
+            /// </summary>
+            
+            public static LevelEnum ANY = new LevelEnum("ANY");
+
+            /// <summary>
+            /// StringEnum LOW for value: LOW
+            /// </summary>
+            
+            public static LevelEnum LOW = new LevelEnum("LOW");
+
+            /// <summary>
+            /// StringEnum MEDIUM for value: MEDIUM
+            /// </summary>
+            
+            public static LevelEnum MEDIUM = new LevelEnum("MEDIUM");
+
+            /// <summary>
+            /// StringEnum HIGH for value: HIGH
+            /// </summary>
+            
+            public static LevelEnum HIGH = new LevelEnum("HIGH");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="LevelEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator LevelEnum(string value) => new LevelEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="Level"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public LevelEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// Gets or Sets Level
+        /// </summary>
+        [DataMember(Name = "level", EmitDefaultValue = true)]
+        
+        public LevelEnum Level { get; set; }
+        
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EntityRiskPolicyRuleAllOfConditionsEntityRisk {\n");
+            sb.Append("  Level: ").Append(Level).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EntityRiskPolicyRuleAllOfConditionsEntityRisk);
+        }
+
+        /// <summary>
+        /// Returns true if EntityRiskPolicyRuleAllOfConditionsEntityRisk instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EntityRiskPolicyRuleAllOfConditionsEntityRisk to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EntityRiskPolicyRuleAllOfConditionsEntityRisk input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Level == input.Level ||
+                    this.Level.Equals(input.Level)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Level != null)
+                {
+                    hashCode = (hashCode * 59) + this.Level.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EntityRiskPolicyRuleAllOfConditionsRiskDetectionTypes.cs b/src/Okta.Sdk/Model/EntityRiskPolicyRuleAllOfConditionsRiskDetectionTypes.cs
new file mode 100644
index 000000000..4bce97d48
--- /dev/null
+++ b/src/Okta.Sdk/Model/EntityRiskPolicyRuleAllOfConditionsRiskDetectionTypes.cs
@@ -0,0 +1,134 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// An object that references detected risk events. This object can have an &#x60;include&#x60; parameter or an &#x60;exclude&#x60; parameter, but not both.
+    /// </summary>
+    [DataContract(Name = "EntityRiskPolicyRule_allOf_conditions_riskDetectionTypes")]
+    
+    public partial class EntityRiskPolicyRuleAllOfConditionsRiskDetectionTypes : IEquatable<EntityRiskPolicyRuleAllOfConditionsRiskDetectionTypes>
+    {
+        
+        /// <summary>
+        /// An array of detected risk events to exclude in the entity policy rule
+        /// </summary>
+        /// <value>An array of detected risk events to exclude in the entity policy rule</value>
+        [DataMember(Name = "exclude", EmitDefaultValue = true)]
+        public List<DetectedRiskEvents> Exclude { get; set; }
+
+        /// <summary>
+        /// An array of detected risk events to include in the entity policy rule
+        /// </summary>
+        /// <value>An array of detected risk events to include in the entity policy rule</value>
+        [DataMember(Name = "include", EmitDefaultValue = true)]
+        public List<DetectedRiskEvents> Include { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EntityRiskPolicyRuleAllOfConditionsRiskDetectionTypes {\n");
+            sb.Append("  Exclude: ").Append(Exclude).Append("\n");
+            sb.Append("  Include: ").Append(Include).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EntityRiskPolicyRuleAllOfConditionsRiskDetectionTypes);
+        }
+
+        /// <summary>
+        /// Returns true if EntityRiskPolicyRuleAllOfConditionsRiskDetectionTypes instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EntityRiskPolicyRuleAllOfConditionsRiskDetectionTypes to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EntityRiskPolicyRuleAllOfConditionsRiskDetectionTypes input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Exclude == input.Exclude ||
+                    this.Exclude != null &&
+                    input.Exclude != null &&
+                    this.Exclude.SequenceEqual(input.Exclude)
+                ) && 
+                (
+                    this.Include == input.Include ||
+                    this.Include != null &&
+                    input.Include != null &&
+                    this.Include.SequenceEqual(input.Include)
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Exclude != null)
+                {
+                    hashCode = (hashCode * 59) + this.Exclude.GetHashCode();
+                }
+                if (this.Include != null)
+                {
+                    hashCode = (hashCode * 59) + this.Include.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/Error.cs b/src/Okta.Sdk/Model/Error.cs
index 897b8bdb6..708958f48 100644
--- a/src/Okta.Sdk/Model/Error.cs
+++ b/src/Okta.Sdk/Model/Error.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -38,7 +38,7 @@ public partial class Error : IEquatable<Error>
         /// Gets or Sets ErrorCauses
         /// </summary>
         [DataMember(Name = "errorCauses", EmitDefaultValue = true)]
-        public List<ErrorErrorCausesInner> ErrorCauses { get; set; }
+        public List<ErrorCause> ErrorCauses { get; set; }
 
         /// <summary>
         /// An Okta code for this type of error
diff --git a/src/Okta.Sdk/Model/ErrorCause.cs b/src/Okta.Sdk/Model/ErrorCause.cs
new file mode 100644
index 000000000..9d8a14511
--- /dev/null
+++ b/src/Okta.Sdk/Model/ErrorCause.cs
@@ -0,0 +1,114 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// ErrorCause
+    /// </summary>
+    [DataContract(Name = "ErrorCause")]
+    
+    public partial class ErrorCause : IEquatable<ErrorCause>
+    {
+        
+        /// <summary>
+        /// Gets or Sets ErrorSummary
+        /// </summary>
+        [DataMember(Name = "errorSummary", EmitDefaultValue = true)]
+        public string ErrorSummary { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class ErrorCause {\n");
+            sb.Append("  ErrorSummary: ").Append(ErrorSummary).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as ErrorCause);
+        }
+
+        /// <summary>
+        /// Returns true if ErrorCause instances are equal
+        /// </summary>
+        /// <param name="input">Instance of ErrorCause to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(ErrorCause input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.ErrorSummary == input.ErrorSummary ||
+                    (this.ErrorSummary != null &&
+                    this.ErrorSummary.Equals(input.ErrorSummary))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.ErrorSummary != null)
+                {
+                    hashCode = (hashCode * 59) + this.ErrorSummary.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/ErrorPage.cs b/src/Okta.Sdk/Model/ErrorPage.cs
index 465c9490f..0ee27faf3 100644
--- a/src/Okta.Sdk/Model/ErrorPage.cs
+++ b/src/Okta.Sdk/Model/ErrorPage.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -35,8 +35,9 @@ public partial class ErrorPage : IEquatable<ErrorPage>
     {
         
         /// <summary>
-        /// Gets or Sets PageContent
+        /// The HTML for the page
         /// </summary>
+        /// <value>The HTML for the page</value>
         [DataMember(Name = "pageContent", EmitDefaultValue = true)]
         public string PageContent { get; set; }
 
diff --git a/src/Okta.Sdk/Model/ErrorPageTouchPointVariant.cs b/src/Okta.Sdk/Model/ErrorPageTouchPointVariant.cs
index 314594319..5b57b3c21 100644
--- a/src/Okta.Sdk/Model/ErrorPageTouchPointVariant.cs
+++ b/src/Okta.Sdk/Model/ErrorPageTouchPointVariant.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -26,8 +26,9 @@
 namespace Okta.Sdk.Model
 {
     /// <summary>
-    /// Defines ErrorPageTouchPointVariant
+    /// Variant for the error page. You can publish a theme for error page with different combinations of assets. Variants are preset combinations of those assets. 
     /// </summary>
+    /// <value>Variant for the error page. You can publish a theme for error page with different combinations of assets. Variants are preset combinations of those assets. </value>
     [JsonConverter(typeof(StringEnumSerializingConverter))]
     public sealed class ErrorPageTouchPointVariant : StringEnum
     {
diff --git a/src/Okta.Sdk/Model/EventHook.cs b/src/Okta.Sdk/Model/EventHook.cs
index 6724a0539..bca0998bf 100644
--- a/src/Okta.Sdk/Model/EventHook.cs
+++ b/src/Okta.Sdk/Model/EventHook.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -33,13 +33,59 @@ namespace Okta.Sdk.Model
     
     public partial class EventHook : IEquatable<EventHook>
     {
+        /// <summary>
+        /// Status of the event hook
+        /// </summary>
+        /// <value>Status of the event hook</value>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class StatusEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum ACTIVE for value: ACTIVE
+            /// </summary>
+            
+            public static StatusEnum ACTIVE = new StatusEnum("ACTIVE");
+
+            /// <summary>
+            /// StringEnum INACTIVE for value: INACTIVE
+            /// </summary>
+            
+            public static StatusEnum INACTIVE = new StatusEnum("INACTIVE");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="StatusEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator StatusEnum(string value) => new StatusEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="Status"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public StatusEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
 
         /// <summary>
-        /// Gets or Sets Status
+        /// Status of the event hook
         /// </summary>
+        /// <value>Status of the event hook</value>
         [DataMember(Name = "status", EmitDefaultValue = true)]
         
-        public LifecycleStatus Status { get; set; }
+        public StatusEnum Status { get; set; }
+
+        /// <summary>
+        /// Returns false as Status should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeStatus()
+        {
+            return false;
+        }
 
         /// <summary>
         /// Gets or Sets VerificationStatus
@@ -47,6 +93,11 @@ public partial class EventHook : IEquatable<EventHook>
         [DataMember(Name = "verificationStatus", EmitDefaultValue = true)]
         
         public EventHookVerificationStatus VerificationStatus { get; set; }
+        /// <summary>
+        /// Initializes a new instance of the <see cref="EventHook" /> class.
+        /// </summary>
+        [JsonConstructorAttribute]
+        public EventHook() { }
         
         /// <summary>
         /// Gets or Sets Channel
@@ -55,8 +106,9 @@ public partial class EventHook : IEquatable<EventHook>
         public EventHookChannel Channel { get; set; }
 
         /// <summary>
-        /// Gets or Sets Created
+        /// Timestamp of the event hook creation
         /// </summary>
+        /// <value>Timestamp of the event hook creation</value>
         [DataMember(Name = "created", EmitDefaultValue = true)]
         public DateTimeOffset Created { get; private set; }
 
@@ -69,10 +121,26 @@ public bool ShouldSerializeCreated()
             return false;
         }
         /// <summary>
-        /// Gets or Sets CreatedBy
+        /// The ID of the user who created the event hook
         /// </summary>
+        /// <value>The ID of the user who created the event hook</value>
         [DataMember(Name = "createdBy", EmitDefaultValue = true)]
-        public string CreatedBy { get; set; }
+        public string CreatedBy { get; private set; }
+
+        /// <summary>
+        /// Returns false as CreatedBy should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeCreatedBy()
+        {
+            return false;
+        }
+        /// <summary>
+        /// Description of the event hook
+        /// </summary>
+        /// <value>Description of the event hook</value>
+        [DataMember(Name = "description", EmitDefaultValue = true)]
+        public string Description { get; set; }
 
         /// <summary>
         /// Gets or Sets Events
@@ -81,8 +149,9 @@ public bool ShouldSerializeCreated()
         public EventSubscriptions Events { get; set; }
 
         /// <summary>
-        /// Gets or Sets Id
+        /// Unique key for the event hook
         /// </summary>
+        /// <value>Unique key for the event hook</value>
         [DataMember(Name = "id", EmitDefaultValue = true)]
         public string Id { get; private set; }
 
@@ -95,8 +164,9 @@ public bool ShouldSerializeId()
             return false;
         }
         /// <summary>
-        /// Gets or Sets LastUpdated
+        /// Date of the last event hook update
         /// </summary>
+        /// <value>Date of the last event hook update</value>
         [DataMember(Name = "lastUpdated", EmitDefaultValue = true)]
         public DateTimeOffset LastUpdated { get; private set; }
 
@@ -109,8 +179,9 @@ public bool ShouldSerializeLastUpdated()
             return false;
         }
         /// <summary>
-        /// Gets or Sets Name
+        /// Display name for the event hook
         /// </summary>
+        /// <value>Display name for the event hook</value>
         [DataMember(Name = "name", EmitDefaultValue = true)]
         public string Name { get; set; }
 
@@ -118,7 +189,7 @@ public bool ShouldSerializeLastUpdated()
         /// Gets or Sets Links
         /// </summary>
         [DataMember(Name = "_links", EmitDefaultValue = true)]
-        public LinksSelf Links { get; set; }
+        public EventHookLinks Links { get; set; }
 
         /// <summary>
         /// Returns the string presentation of the object
@@ -131,6 +202,7 @@ public override string ToString()
             sb.Append("  Channel: ").Append(Channel).Append("\n");
             sb.Append("  Created: ").Append(Created).Append("\n");
             sb.Append("  CreatedBy: ").Append(CreatedBy).Append("\n");
+            sb.Append("  Description: ").Append(Description).Append("\n");
             sb.Append("  Events: ").Append(Events).Append("\n");
             sb.Append("  Id: ").Append(Id).Append("\n");
             sb.Append("  LastUpdated: ").Append(LastUpdated).Append("\n");
@@ -188,6 +260,11 @@ public bool Equals(EventHook input)
                     (this.CreatedBy != null &&
                     this.CreatedBy.Equals(input.CreatedBy))
                 ) && 
+                (
+                    this.Description == input.Description ||
+                    (this.Description != null &&
+                    this.Description.Equals(input.Description))
+                ) && 
                 (
                     this.Events == input.Events ||
                     (this.Events != null &&
@@ -245,6 +322,10 @@ public override int GetHashCode()
                 {
                     hashCode = (hashCode * 59) + this.CreatedBy.GetHashCode();
                 }
+                if (this.Description != null)
+                {
+                    hashCode = (hashCode * 59) + this.Description.GetHashCode();
+                }
                 if (this.Events != null)
                 {
                     hashCode = (hashCode * 59) + this.Events.GetHashCode();
diff --git a/src/Okta.Sdk/Model/EventHookChannel.cs b/src/Okta.Sdk/Model/EventHookChannel.cs
index 88be89377..0061831eb 100644
--- a/src/Okta.Sdk/Model/EventHookChannel.cs
+++ b/src/Okta.Sdk/Model/EventHookChannel.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -40,6 +40,11 @@ public partial class EventHookChannel : IEquatable<EventHookChannel>
         [DataMember(Name = "type", EmitDefaultValue = true)]
         
         public EventHookChannelType Type { get; set; }
+        /// <summary>
+        /// Initializes a new instance of the <see cref="EventHookChannel" /> class.
+        /// </summary>
+        [JsonConstructorAttribute]
+        public EventHookChannel() { }
         
         /// <summary>
         /// Gets or Sets Config
@@ -48,8 +53,9 @@ public partial class EventHookChannel : IEquatable<EventHookChannel>
         public EventHookChannelConfig Config { get; set; }
 
         /// <summary>
-        /// Gets or Sets _Version
+        /// Version of the channel. Currently the only supported version is &#x60;1.0.0&#x60;&#x60;.
         /// </summary>
+        /// <value>Version of the channel. Currently the only supported version is &#x60;1.0.0&#x60;&#x60;.</value>
         [DataMember(Name = "version", EmitDefaultValue = true)]
         public string _Version { get; set; }
 
diff --git a/src/Okta.Sdk/Model/EventHookChannelConfig.cs b/src/Okta.Sdk/Model/EventHookChannelConfig.cs
index ee284f501..194568fad 100644
--- a/src/Okta.Sdk/Model/EventHookChannelConfig.cs
+++ b/src/Okta.Sdk/Model/EventHookChannelConfig.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -33,6 +33,11 @@ namespace Okta.Sdk.Model
     
     public partial class EventHookChannelConfig : IEquatable<EventHookChannelConfig>
     {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="EventHookChannelConfig" /> class.
+        /// </summary>
+        [JsonConstructorAttribute]
+        public EventHookChannelConfig() { }
         
         /// <summary>
         /// Gets or Sets AuthScheme
@@ -41,14 +46,31 @@ public partial class EventHookChannelConfig : IEquatable<EventHookChannelConfig>
         public EventHookChannelConfigAuthScheme AuthScheme { get; set; }
 
         /// <summary>
-        /// Gets or Sets Headers
+        /// Optional list of key/value pairs for headers that can be sent with the request to the external service. For example, &#x60;X-Other-Header&#x60; is an example of an optional header, with a value of &#x60;my-header-value&#x60;, that you want Okta to pass to your external service.
         /// </summary>
+        /// <value>Optional list of key/value pairs for headers that can be sent with the request to the external service. For example, &#x60;X-Other-Header&#x60; is an example of an optional header, with a value of &#x60;my-header-value&#x60;, that you want Okta to pass to your external service.</value>
         [DataMember(Name = "headers", EmitDefaultValue = true)]
         public List<EventHookChannelConfigHeader> Headers { get; set; }
 
         /// <summary>
-        /// Gets or Sets Uri
+        /// The method of the Okta event hook request
         /// </summary>
+        /// <value>The method of the Okta event hook request</value>
+        [DataMember(Name = "method", EmitDefaultValue = true)]
+        public string Method { get; private set; }
+
+        /// <summary>
+        /// Returns false as Method should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeMethod()
+        {
+            return false;
+        }
+        /// <summary>
+        /// The external service endpoint called to execute the event hook handler
+        /// </summary>
+        /// <value>The external service endpoint called to execute the event hook handler</value>
         [DataMember(Name = "uri", EmitDefaultValue = true)]
         public string Uri { get; set; }
 
@@ -62,6 +84,7 @@ public override string ToString()
             sb.Append("class EventHookChannelConfig {\n");
             sb.Append("  AuthScheme: ").Append(AuthScheme).Append("\n");
             sb.Append("  Headers: ").Append(Headers).Append("\n");
+            sb.Append("  Method: ").Append(Method).Append("\n");
             sb.Append("  Uri: ").Append(Uri).Append("\n");
             sb.Append("}\n");
             return sb.ToString();
@@ -109,6 +132,11 @@ public bool Equals(EventHookChannelConfig input)
                     input.Headers != null &&
                     this.Headers.SequenceEqual(input.Headers)
                 ) && 
+                (
+                    this.Method == input.Method ||
+                    (this.Method != null &&
+                    this.Method.Equals(input.Method))
+                ) && 
                 (
                     this.Uri == input.Uri ||
                     (this.Uri != null &&
@@ -134,6 +162,10 @@ public override int GetHashCode()
                 {
                     hashCode = (hashCode * 59) + this.Headers.GetHashCode();
                 }
+                if (this.Method != null)
+                {
+                    hashCode = (hashCode * 59) + this.Method.GetHashCode();
+                }
                 if (this.Uri != null)
                 {
                     hashCode = (hashCode * 59) + this.Uri.GetHashCode();
diff --git a/src/Okta.Sdk/Model/EventHookChannelConfigAuthScheme.cs b/src/Okta.Sdk/Model/EventHookChannelConfigAuthScheme.cs
index 010a3b416..2b06192ba 100644
--- a/src/Okta.Sdk/Model/EventHookChannelConfigAuthScheme.cs
+++ b/src/Okta.Sdk/Model/EventHookChannelConfigAuthScheme.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -27,7 +27,7 @@ namespace Okta.Sdk.Model
 {
     /// <summary>
     /// Template: ModelGeneric
-    /// EventHookChannelConfigAuthScheme
+    /// The authentication scheme used for this request.  To use Basic Auth for authentication, set &#x60;type&#x60; to &#x60;HEADER&#x60;, &#x60;key&#x60; to &#x60;Authorization&#x60;, and &#x60;value&#x60; to the Base64-encoded string of \&quot;username:password\&quot;. Ensure that you include the scheme (including space) as part of the &#x60;value&#x60; parameter. For example, &#x60;Basic YWRtaW46c3VwZXJzZWNyZXQ&#x3D;&#x60;. See [HTTP Basic Authentication](/books/api-security/authn/api-authentication-options/#http-basic-authentication).
     /// </summary>
     [DataContract(Name = "EventHookChannelConfigAuthScheme")]
     
@@ -42,14 +42,16 @@ public partial class EventHookChannelConfigAuthScheme : IEquatable<EventHookChan
         public EventHookChannelConfigAuthSchemeType Type { get; set; }
         
         /// <summary>
-        /// Gets or Sets Key
+        /// The name for the authorization header
         /// </summary>
+        /// <value>The name for the authorization header</value>
         [DataMember(Name = "key", EmitDefaultValue = true)]
         public string Key { get; set; }
 
         /// <summary>
-        /// Gets or Sets Value
+        /// The header value. This secret key is passed to your external service endpoint for security verification. This property is not returned in the response.
         /// </summary>
+        /// <value>The header value. This secret key is passed to your external service endpoint for security verification. This property is not returned in the response.</value>
         [DataMember(Name = "value", EmitDefaultValue = true)]
         public string Value { get; set; }
 
diff --git a/src/Okta.Sdk/Model/EventHookChannelConfigAuthSchemeType.cs b/src/Okta.Sdk/Model/EventHookChannelConfigAuthSchemeType.cs
index 0dde7199d..142dbc58c 100644
--- a/src/Okta.Sdk/Model/EventHookChannelConfigAuthSchemeType.cs
+++ b/src/Okta.Sdk/Model/EventHookChannelConfigAuthSchemeType.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -26,8 +26,9 @@
 namespace Okta.Sdk.Model
 {
     /// <summary>
-    /// Defines EventHookChannelConfigAuthSchemeType
+    /// The authentication scheme type. Currently only supports &#x60;HEADER&#x60;.
     /// </summary>
+    /// <value>The authentication scheme type. Currently only supports &#x60;HEADER&#x60;.</value>
     [JsonConverter(typeof(StringEnumSerializingConverter))]
     public sealed class EventHookChannelConfigAuthSchemeType : StringEnum
     {
diff --git a/src/Okta.Sdk/Model/EventHookChannelConfigHeader.cs b/src/Okta.Sdk/Model/EventHookChannelConfigHeader.cs
index f1f2ea98d..38e5db0e2 100644
--- a/src/Okta.Sdk/Model/EventHookChannelConfigHeader.cs
+++ b/src/Okta.Sdk/Model/EventHookChannelConfigHeader.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -35,14 +35,16 @@ public partial class EventHookChannelConfigHeader : IEquatable<EventHookChannelC
     {
         
         /// <summary>
-        /// Gets or Sets Key
+        /// The optional field or header name
         /// </summary>
+        /// <value>The optional field or header name</value>
         [DataMember(Name = "key", EmitDefaultValue = true)]
         public string Key { get; set; }
 
         /// <summary>
-        /// Gets or Sets Value
+        /// The value for the key
         /// </summary>
+        /// <value>The value for the key</value>
         [DataMember(Name = "value", EmitDefaultValue = true)]
         public string Value { get; set; }
 
diff --git a/src/Okta.Sdk/Model/EventHookChannelType.cs b/src/Okta.Sdk/Model/EventHookChannelType.cs
index 2d2cfe566..0328c5eb5 100644
--- a/src/Okta.Sdk/Model/EventHookChannelType.cs
+++ b/src/Okta.Sdk/Model/EventHookChannelType.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -26,8 +26,9 @@
 namespace Okta.Sdk.Model
 {
     /// <summary>
-    /// Defines EventHookChannelType
+    /// The channel type. Currently supports &#x60;HTTP&#x60;.
     /// </summary>
+    /// <value>The channel type. Currently supports &#x60;HTTP&#x60;.</value>
     [JsonConverter(typeof(StringEnumSerializingConverter))]
     public sealed class EventHookChannelType : StringEnum
     {
diff --git a/src/Okta.Sdk/Model/EventHookFilterMapObject.cs b/src/Okta.Sdk/Model/EventHookFilterMapObject.cs
new file mode 100644
index 000000000..3dda277e5
--- /dev/null
+++ b/src/Okta.Sdk/Model/EventHookFilterMapObject.cs
@@ -0,0 +1,131 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// EventHookFilterMapObject
+    /// </summary>
+    [DataContract(Name = "EventHookFilterMapObject")]
+    
+    public partial class EventHookFilterMapObject : IEquatable<EventHookFilterMapObject>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Condition
+        /// </summary>
+        [DataMember(Name = "condition", EmitDefaultValue = true)]
+        public EventHookFilterMapObjectCondition Condition { get; set; }
+
+        /// <summary>
+        /// The filtered event type
+        /// </summary>
+        /// <value>The filtered event type</value>
+        [DataMember(Name = "event", EmitDefaultValue = true)]
+        public string Event { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EventHookFilterMapObject {\n");
+            sb.Append("  Condition: ").Append(Condition).Append("\n");
+            sb.Append("  Event: ").Append(Event).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EventHookFilterMapObject);
+        }
+
+        /// <summary>
+        /// Returns true if EventHookFilterMapObject instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EventHookFilterMapObject to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EventHookFilterMapObject input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Condition == input.Condition ||
+                    (this.Condition != null &&
+                    this.Condition.Equals(input.Condition))
+                ) && 
+                (
+                    this.Event == input.Event ||
+                    (this.Event != null &&
+                    this.Event.Equals(input.Event))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Condition != null)
+                {
+                    hashCode = (hashCode * 59) + this.Condition.GetHashCode();
+                }
+                if (this.Event != null)
+                {
+                    hashCode = (hashCode * 59) + this.Event.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EventHookFilterMapObjectCondition.cs b/src/Okta.Sdk/Model/EventHookFilterMapObjectCondition.cs
new file mode 100644
index 000000000..c1d088898
--- /dev/null
+++ b/src/Okta.Sdk/Model/EventHookFilterMapObjectCondition.cs
@@ -0,0 +1,140 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// EventHookFilterMapObjectCondition
+    /// </summary>
+    [DataContract(Name = "EventHookFilterMapObjectCondition")]
+    
+    public partial class EventHookFilterMapObjectCondition : IEquatable<EventHookFilterMapObjectCondition>
+    {
+        
+        /// <summary>
+        /// The Okta Expression language statement that filters the event type
+        /// </summary>
+        /// <value>The Okta Expression language statement that filters the event type</value>
+        [DataMember(Name = "expression", EmitDefaultValue = true)]
+        public string Expression { get; set; }
+
+        /// <summary>
+        /// Internal field
+        /// </summary>
+        /// <value>Internal field</value>
+        [DataMember(Name = "version", EmitDefaultValue = true)]
+        public string _Version { get; private set; }
+
+        /// <summary>
+        /// Returns false as _Version should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerialize_Version()
+        {
+            return false;
+        }
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EventHookFilterMapObjectCondition {\n");
+            sb.Append("  Expression: ").Append(Expression).Append("\n");
+            sb.Append("  _Version: ").Append(_Version).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EventHookFilterMapObjectCondition);
+        }
+
+        /// <summary>
+        /// Returns true if EventHookFilterMapObjectCondition instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EventHookFilterMapObjectCondition to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EventHookFilterMapObjectCondition input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Expression == input.Expression ||
+                    (this.Expression != null &&
+                    this.Expression.Equals(input.Expression))
+                ) && 
+                (
+                    this._Version == input._Version ||
+                    (this._Version != null &&
+                    this._Version.Equals(input._Version))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Expression != null)
+                {
+                    hashCode = (hashCode * 59) + this.Expression.GetHashCode();
+                }
+                if (this._Version != null)
+                {
+                    hashCode = (hashCode * 59) + this._Version.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EventHookFilters.cs b/src/Okta.Sdk/Model/EventHookFilters.cs
new file mode 100644
index 000000000..86a9c0662
--- /dev/null
+++ b/src/Okta.Sdk/Model/EventHookFilters.cs
@@ -0,0 +1,141 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// The optional filter defined on a specific event type  &gt; **Note:** Event hook filters is a [self-service Early Access (EA)](/openapi/okta-management/guides/release-lifecycle/#early-access-ea) to enable. If you want to disable this feature, it&#39;s recommended to first remove all event filters.
+    /// </summary>
+    [DataContract(Name = "EventHookFilters")]
+    
+    public partial class EventHookFilters : IEquatable<EventHookFilters>
+    {
+        
+        /// <summary>
+        /// The object that maps the filter to the event type
+        /// </summary>
+        /// <value>The object that maps the filter to the event type</value>
+        [DataMember(Name = "eventFilterMap", EmitDefaultValue = true)]
+        public List<EventHookFilterMapObject> EventFilterMap { get; set; }
+
+        /// <summary>
+        /// The type of filter. Currently only supports &#x60;EXPRESSION_LANGUAGE&#x60;
+        /// </summary>
+        /// <value>The type of filter. Currently only supports &#x60;EXPRESSION_LANGUAGE&#x60;</value>
+        [DataMember(Name = "type", EmitDefaultValue = true)]
+        public string Type { get; private set; }
+
+        /// <summary>
+        /// Returns false as Type should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeType()
+        {
+            return false;
+        }
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EventHookFilters {\n");
+            sb.Append("  EventFilterMap: ").Append(EventFilterMap).Append("\n");
+            sb.Append("  Type: ").Append(Type).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EventHookFilters);
+        }
+
+        /// <summary>
+        /// Returns true if EventHookFilters instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EventHookFilters to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EventHookFilters input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.EventFilterMap == input.EventFilterMap ||
+                    this.EventFilterMap != null &&
+                    input.EventFilterMap != null &&
+                    this.EventFilterMap.SequenceEqual(input.EventFilterMap)
+                ) && 
+                (
+                    this.Type == input.Type ||
+                    (this.Type != null &&
+                    this.Type.Equals(input.Type))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.EventFilterMap != null)
+                {
+                    hashCode = (hashCode * 59) + this.EventFilterMap.GetHashCode();
+                }
+                if (this.Type != null)
+                {
+                    hashCode = (hashCode * 59) + this.Type.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EventHookLinks.cs b/src/Okta.Sdk/Model/EventHookLinks.cs
new file mode 100644
index 000000000..63074f856
--- /dev/null
+++ b/src/Okta.Sdk/Model/EventHookLinks.cs
@@ -0,0 +1,146 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// EventHookLinks
+    /// </summary>
+    [DataContract(Name = "EventHook__links")]
+    
+    public partial class EventHookLinks : IEquatable<EventHookLinks>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Self
+        /// </summary>
+        [DataMember(Name = "self", EmitDefaultValue = true)]
+        public HrefObjectSelfLink Self { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Deactivate
+        /// </summary>
+        [DataMember(Name = "deactivate", EmitDefaultValue = true)]
+        public HrefObject Deactivate { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Verify
+        /// </summary>
+        [DataMember(Name = "verify", EmitDefaultValue = true)]
+        public HrefObject Verify { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class EventHookLinks {\n");
+            sb.Append("  Self: ").Append(Self).Append("\n");
+            sb.Append("  Deactivate: ").Append(Deactivate).Append("\n");
+            sb.Append("  Verify: ").Append(Verify).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as EventHookLinks);
+        }
+
+        /// <summary>
+        /// Returns true if EventHookLinks instances are equal
+        /// </summary>
+        /// <param name="input">Instance of EventHookLinks to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(EventHookLinks input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Self == input.Self ||
+                    (this.Self != null &&
+                    this.Self.Equals(input.Self))
+                ) && 
+                (
+                    this.Deactivate == input.Deactivate ||
+                    (this.Deactivate != null &&
+                    this.Deactivate.Equals(input.Deactivate))
+                ) && 
+                (
+                    this.Verify == input.Verify ||
+                    (this.Verify != null &&
+                    this.Verify.Equals(input.Verify))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Self != null)
+                {
+                    hashCode = (hashCode * 59) + this.Self.GetHashCode();
+                }
+                if (this.Deactivate != null)
+                {
+                    hashCode = (hashCode * 59) + this.Deactivate.GetHashCode();
+                }
+                if (this.Verify != null)
+                {
+                    hashCode = (hashCode * 59) + this.Verify.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/EventHookVerificationStatus.cs b/src/Okta.Sdk/Model/EventHookVerificationStatus.cs
index bbbdb06c4..fbec2997f 100644
--- a/src/Okta.Sdk/Model/EventHookVerificationStatus.cs
+++ b/src/Okta.Sdk/Model/EventHookVerificationStatus.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -26,8 +26,9 @@
 namespace Okta.Sdk.Model
 {
     /// <summary>
-    /// Defines EventHookVerificationStatus
+    /// Verification status of the event hook. &#x60;UNVERIFIED&#x60; event hooks won&#39;t receive any events.
     /// </summary>
+    /// <value>Verification status of the event hook. &#x60;UNVERIFIED&#x60; event hooks won&#39;t receive any events.</value>
     [JsonConverter(typeof(StringEnumSerializingConverter))]
     public sealed class EventHookVerificationStatus : StringEnum
     {
diff --git a/src/Okta.Sdk/Model/EventSubscriptionType.cs b/src/Okta.Sdk/Model/EventSubscriptionType.cs
index 659ad4bb6..999c4baa4 100644
--- a/src/Okta.Sdk/Model/EventSubscriptionType.cs
+++ b/src/Okta.Sdk/Model/EventSubscriptionType.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -26,8 +26,9 @@
 namespace Okta.Sdk.Model
 {
     /// <summary>
-    /// Defines EventSubscriptionType
+    /// The events object type. Currently supports &#x60;EVENT_TYPE&#x60;.
     /// </summary>
+    /// <value>The events object type. Currently supports &#x60;EVENT_TYPE&#x60;.</value>
     [JsonConverter(typeof(StringEnumSerializingConverter))]
     public sealed class EventSubscriptionType : StringEnum
     {
@@ -35,10 +36,6 @@ public sealed class EventSubscriptionType : StringEnum
         /// StringEnum EventSubscriptionType for value: EVENT_TYPE
         /// </summary>
         public static EventSubscriptionType EVENTTYPE = new EventSubscriptionType("EVENT_TYPE");
-        /// <summary>
-        /// StringEnum EventSubscriptionType for value: FLOW_EVENT
-        /// </summary>
-        public static EventSubscriptionType FLOWEVENT = new EventSubscriptionType("FLOW_EVENT");
 
         /// <summary>
         /// Implicit operator declaration to accept and convert a string value as a <see cref="EventSubscriptionType"/>
diff --git a/src/Okta.Sdk/Model/EventSubscriptions.cs b/src/Okta.Sdk/Model/EventSubscriptions.cs
index 066f5b58c..1e371d156 100644
--- a/src/Okta.Sdk/Model/EventSubscriptions.cs
+++ b/src/Okta.Sdk/Model/EventSubscriptions.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -21,7 +21,6 @@
 using Newtonsoft.Json;
 using Newtonsoft.Json.Converters;
 using Newtonsoft.Json.Linq;
-using JsonSubTypes;
 using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
 
 namespace Okta.Sdk.Model
@@ -31,7 +30,6 @@ namespace Okta.Sdk.Model
     /// EventSubscriptions
     /// </summary>
     [DataContract(Name = "EventSubscriptions")]
-    [JsonConverter(typeof(JsonSubtypes), "Type")]
     
     public partial class EventSubscriptions : IEquatable<EventSubscriptions>
     {
@@ -42,10 +40,22 @@ public partial class EventSubscriptions : IEquatable<EventSubscriptions>
         [DataMember(Name = "type", EmitDefaultValue = true)]
         
         public EventSubscriptionType Type { get; set; }
+        /// <summary>
+        /// Initializes a new instance of the <see cref="EventSubscriptions" /> class.
+        /// </summary>
+        [JsonConstructorAttribute]
+        public EventSubscriptions() { }
         
         /// <summary>
-        /// Gets or Sets Items
+        /// Gets or Sets Filter
+        /// </summary>
+        [DataMember(Name = "filter", EmitDefaultValue = true)]
+        public EventHookFilters Filter { get; set; }
+
+        /// <summary>
+        /// The subscribed event types that trigger the event hook. When you register an event hook you need to specify which events you want to subscribe to. To see the list of event types currently eligible for use in event hooks, use the [Event Types catalog](/docs/reference/api/event-types/#catalog) and search with the parameter &#x60;event-hook-eligible&#x60;.
         /// </summary>
+        /// <value>The subscribed event types that trigger the event hook. When you register an event hook you need to specify which events you want to subscribe to. To see the list of event types currently eligible for use in event hooks, use the [Event Types catalog](/docs/reference/api/event-types/#catalog) and search with the parameter &#x60;event-hook-eligible&#x60;.</value>
         [DataMember(Name = "items", EmitDefaultValue = true)]
         public List<string> Items { get; set; }
 
@@ -57,6 +67,7 @@ public override string ToString()
         {
             StringBuilder sb = new StringBuilder();
             sb.Append("class EventSubscriptions {\n");
+            sb.Append("  Filter: ").Append(Filter).Append("\n");
             sb.Append("  Items: ").Append(Items).Append("\n");
             sb.Append("  Type: ").Append(Type).Append("\n");
             sb.Append("}\n");
@@ -94,6 +105,11 @@ public bool Equals(EventSubscriptions input)
                 return false;
             }
             return 
+                (
+                    this.Filter == input.Filter ||
+                    (this.Filter != null &&
+                    this.Filter.Equals(input.Filter))
+                ) && 
                 (
                     this.Items == input.Items ||
                     this.Items != null &&
@@ -116,6 +132,10 @@ public override int GetHashCode()
             {
                 int hashCode = 41;
                 
+                if (this.Filter != null)
+                {
+                    hashCode = (hashCode * 59) + this.Filter.GetHashCode();
+                }
                 if (this.Items != null)
                 {
                     hashCode = (hashCode * 59) + this.Items.GetHashCode();
diff --git a/src/Okta.Sdk/Model/Expression.cs b/src/Okta.Sdk/Model/Expression.cs
new file mode 100644
index 000000000..f61fb21df
--- /dev/null
+++ b/src/Okta.Sdk/Model/Expression.cs
@@ -0,0 +1,114 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Expression
+    /// </summary>
+    [DataContract(Name = "Expression")]
+    
+    public partial class Expression : IEquatable<Expression>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Value
+        /// </summary>
+        [DataMember(Name = "value", EmitDefaultValue = true)]
+        public string Value { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class Expression {\n");
+            sb.Append("  Value: ").Append(Value).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as Expression);
+        }
+
+        /// <summary>
+        /// Returns true if Expression instances are equal
+        /// </summary>
+        /// <param name="input">Instance of Expression to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(Expression input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Value == input.Value ||
+                    (this.Value != null &&
+                    this.Value.Equals(input.Value))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Value != null)
+                {
+                    hashCode = (hashCode * 59) + this.Value.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/FCMConfiguration.cs b/src/Okta.Sdk/Model/FCMConfiguration.cs
index 9540455d0..89dd79547 100644
--- a/src/Okta.Sdk/Model/FCMConfiguration.cs
+++ b/src/Okta.Sdk/Model/FCMConfiguration.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/FCMPushProvider.cs b/src/Okta.Sdk/Model/FCMPushProvider.cs
index c09de21da..91a3acf1a 100644
--- a/src/Okta.Sdk/Model/FCMPushProvider.cs
+++ b/src/Okta.Sdk/Model/FCMPushProvider.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/Feature.cs b/src/Okta.Sdk/Model/Feature.cs
index bacb2d6c6..ad88287eb 100644
--- a/src/Okta.Sdk/Model/Feature.cs
+++ b/src/Okta.Sdk/Model/Feature.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -27,7 +27,7 @@ namespace Okta.Sdk.Model
 {
     /// <summary>
     /// Template: ModelGeneric
-    /// Feature
+    /// Specifies feature release cycle information
     /// </summary>
     [DataContract(Name = "Feature")]
     
@@ -49,14 +49,16 @@ public partial class Feature : IEquatable<Feature>
         public FeatureType Type { get; set; }
         
         /// <summary>
-        /// Gets or Sets Description
+        /// Brief description of the feature and what it provides
         /// </summary>
+        /// <value>Brief description of the feature and what it provides</value>
         [DataMember(Name = "description", EmitDefaultValue = true)]
         public string Description { get; set; }
 
         /// <summary>
-        /// Gets or Sets Id
+        /// Unique identifier for this feature
         /// </summary>
+        /// <value>Unique identifier for this feature</value>
         [DataMember(Name = "id", EmitDefaultValue = true)]
         public string Id { get; private set; }
 
@@ -69,8 +71,9 @@ public bool ShouldSerializeId()
             return false;
         }
         /// <summary>
-        /// Gets or Sets Name
+        /// Name of the feature
         /// </summary>
+        /// <value>Name of the feature</value>
         [DataMember(Name = "name", EmitDefaultValue = true)]
         public string Name { get; set; }
 
@@ -84,7 +87,7 @@ public bool ShouldSerializeId()
         /// Gets or Sets Links
         /// </summary>
         [DataMember(Name = "_links", EmitDefaultValue = true)]
-        public LinksSelf Links { get; set; }
+        public FeatureLinks Links { get; set; }
 
         /// <summary>
         /// Returns the string presentation of the object
diff --git a/src/Okta.Sdk/Model/FeatureLifecycle.cs b/src/Okta.Sdk/Model/FeatureLifecycle.cs
index 533aeaf4e..379c9c6e3 100644
--- a/src/Okta.Sdk/Model/FeatureLifecycle.cs
+++ b/src/Okta.Sdk/Model/FeatureLifecycle.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -32,13 +32,13 @@ namespace Okta.Sdk.Model
     public sealed class FeatureLifecycle : StringEnum
     {
         /// <summary>
-        /// StringEnum FeatureLifecycle for value: disable
+        /// StringEnum FeatureLifecycle for value: DISABLE
         /// </summary>
-        public static FeatureLifecycle Disable = new FeatureLifecycle("disable");
+        public static FeatureLifecycle DISABLE = new FeatureLifecycle("DISABLE");
         /// <summary>
-        /// StringEnum FeatureLifecycle for value: enable
+        /// StringEnum FeatureLifecycle for value: ENABLE
         /// </summary>
-        public static FeatureLifecycle Enable = new FeatureLifecycle("enable");
+        public static FeatureLifecycle ENABLE = new FeatureLifecycle("ENABLE");
 
         /// <summary>
         /// Implicit operator declaration to accept and convert a string value as a <see cref="FeatureLifecycle"/>
diff --git a/src/Okta.Sdk/Model/FeatureLinks.cs b/src/Okta.Sdk/Model/FeatureLinks.cs
new file mode 100644
index 000000000..ce7a1a3d1
--- /dev/null
+++ b/src/Okta.Sdk/Model/FeatureLinks.cs
@@ -0,0 +1,146 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// FeatureLinks
+    /// </summary>
+    [DataContract(Name = "Feature__links")]
+    
+    public partial class FeatureLinks : IEquatable<FeatureLinks>
+    {
+        
+        /// <summary>
+        /// Gets or Sets Self
+        /// </summary>
+        [DataMember(Name = "self", EmitDefaultValue = true)]
+        public HrefObjectSelfLink Self { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Dependents
+        /// </summary>
+        [DataMember(Name = "dependents", EmitDefaultValue = true)]
+        public FeatureLinksAllOfDependents Dependents { get; set; }
+
+        /// <summary>
+        /// Gets or Sets Dependencies
+        /// </summary>
+        [DataMember(Name = "dependencies", EmitDefaultValue = true)]
+        public FeatureLinksAllOfDependencies Dependencies { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class FeatureLinks {\n");
+            sb.Append("  Self: ").Append(Self).Append("\n");
+            sb.Append("  Dependents: ").Append(Dependents).Append("\n");
+            sb.Append("  Dependencies: ").Append(Dependencies).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as FeatureLinks);
+        }
+
+        /// <summary>
+        /// Returns true if FeatureLinks instances are equal
+        /// </summary>
+        /// <param name="input">Instance of FeatureLinks to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(FeatureLinks input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Self == input.Self ||
+                    (this.Self != null &&
+                    this.Self.Equals(input.Self))
+                ) && 
+                (
+                    this.Dependents == input.Dependents ||
+                    (this.Dependents != null &&
+                    this.Dependents.Equals(input.Dependents))
+                ) && 
+                (
+                    this.Dependencies == input.Dependencies ||
+                    (this.Dependencies != null &&
+                    this.Dependencies.Equals(input.Dependencies))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Self != null)
+                {
+                    hashCode = (hashCode * 59) + this.Self.GetHashCode();
+                }
+                if (this.Dependents != null)
+                {
+                    hashCode = (hashCode * 59) + this.Dependents.GetHashCode();
+                }
+                if (this.Dependencies != null)
+                {
+                    hashCode = (hashCode * 59) + this.Dependencies.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/FeatureLinksAllOfDependencies.cs b/src/Okta.Sdk/Model/FeatureLinksAllOfDependencies.cs
new file mode 100644
index 000000000..a1f61bd27
--- /dev/null
+++ b/src/Okta.Sdk/Model/FeatureLinksAllOfDependencies.cs
@@ -0,0 +1,123 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Link to feature dependencies
+    /// </summary>
+    [DataContract(Name = "Feature__links_allOf_dependencies")]
+    
+    public partial class FeatureLinksAllOfDependencies : IEquatable<FeatureLinksAllOfDependencies>
+    {
+        
+        /// <summary>
+        /// Link URI
+        /// </summary>
+        /// <value>Link URI</value>
+        [DataMember(Name = "href", EmitDefaultValue = true)]
+        public string Href { get; private set; }
+
+        /// <summary>
+        /// Returns false as Href should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeHref()
+        {
+            return false;
+        }
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class FeatureLinksAllOfDependencies {\n");
+            sb.Append("  Href: ").Append(Href).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as FeatureLinksAllOfDependencies);
+        }
+
+        /// <summary>
+        /// Returns true if FeatureLinksAllOfDependencies instances are equal
+        /// </summary>
+        /// <param name="input">Instance of FeatureLinksAllOfDependencies to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(FeatureLinksAllOfDependencies input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Href == input.Href ||
+                    (this.Href != null &&
+                    this.Href.Equals(input.Href))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Href != null)
+                {
+                    hashCode = (hashCode * 59) + this.Href.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/FeatureLinksAllOfDependents.cs b/src/Okta.Sdk/Model/FeatureLinksAllOfDependents.cs
new file mode 100644
index 000000000..122de08c7
--- /dev/null
+++ b/src/Okta.Sdk/Model/FeatureLinksAllOfDependents.cs
@@ -0,0 +1,123 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Link to feature dependents
+    /// </summary>
+    [DataContract(Name = "Feature__links_allOf_dependents")]
+    
+    public partial class FeatureLinksAllOfDependents : IEquatable<FeatureLinksAllOfDependents>
+    {
+        
+        /// <summary>
+        /// Link URI
+        /// </summary>
+        /// <value>Link URI</value>
+        [DataMember(Name = "href", EmitDefaultValue = true)]
+        public string Href { get; private set; }
+
+        /// <summary>
+        /// Returns false as Href should not be serialized given that it's read-only.
+        /// </summary>
+        /// <returns>false (boolean)</returns>
+        public bool ShouldSerializeHref()
+        {
+            return false;
+        }
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class FeatureLinksAllOfDependents {\n");
+            sb.Append("  Href: ").Append(Href).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as FeatureLinksAllOfDependents);
+        }
+
+        /// <summary>
+        /// Returns true if FeatureLinksAllOfDependents instances are equal
+        /// </summary>
+        /// <param name="input">Instance of FeatureLinksAllOfDependents to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(FeatureLinksAllOfDependents input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.Href == input.Href ||
+                    (this.Href != null &&
+                    this.Href.Equals(input.Href))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.Href != null)
+                {
+                    hashCode = (hashCode * 59) + this.Href.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/FeatureStage.cs b/src/Okta.Sdk/Model/FeatureStage.cs
index 8a82fca95..15a364639 100644
--- a/src/Okta.Sdk/Model/FeatureStage.cs
+++ b/src/Okta.Sdk/Model/FeatureStage.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -27,7 +27,7 @@ namespace Okta.Sdk.Model
 {
     /// <summary>
     /// Template: ModelGeneric
-    /// FeatureStage
+    /// Current release cycle stage of a feature  If a feature&#39;s stage value is &#x60;EA&#x60;, the state is &#x60;null&#x60; and not returned. If the value is &#x60;BETA&#x60;, the state is &#x60;OPEN&#x60; or &#x60;CLOSED&#x60; depending on whether the &#x60;BETA&#x60; feature is manageable.  &gt; **Note:** If a feature&#39;s stage is &#x60;OPEN BETA&#x60;, you can update it only in Preview cells. If a feature&#39;s stage is &#x60;CLOSED BETA&#x60;, you can disable it only in Preview cells.
     /// </summary>
     [DataContract(Name = "FeatureStage")]
     
diff --git a/src/Okta.Sdk/Model/FeatureStageState.cs b/src/Okta.Sdk/Model/FeatureStageState.cs
index 87c3fc5ec..1bb7b6e62 100644
--- a/src/Okta.Sdk/Model/FeatureStageState.cs
+++ b/src/Okta.Sdk/Model/FeatureStageState.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -26,8 +26,9 @@
 namespace Okta.Sdk.Model
 {
     /// <summary>
-    /// Defines FeatureStageState
+    /// Indicates the release state of the feature
     /// </summary>
+    /// <value>Indicates the release state of the feature</value>
     [JsonConverter(typeof(StringEnumSerializingConverter))]
     public sealed class FeatureStageState : StringEnum
     {
diff --git a/src/Okta.Sdk/Model/FeatureStageValue.cs b/src/Okta.Sdk/Model/FeatureStageValue.cs
index 3a8b6dc38..406b4265b 100644
--- a/src/Okta.Sdk/Model/FeatureStageValue.cs
+++ b/src/Okta.Sdk/Model/FeatureStageValue.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -26,8 +26,9 @@
 namespace Okta.Sdk.Model
 {
     /// <summary>
-    /// Defines FeatureStageValue
+    /// Current release stage of the feature
     /// </summary>
+    /// <value>Current release stage of the feature</value>
     [JsonConverter(typeof(StringEnumSerializingConverter))]
     public sealed class FeatureStageValue : StringEnum
     {
diff --git a/src/Okta.Sdk/Model/FeatureType.cs b/src/Okta.Sdk/Model/FeatureType.cs
index 1704c838c..6ba3e21cd 100644
--- a/src/Okta.Sdk/Model/FeatureType.cs
+++ b/src/Okta.Sdk/Model/FeatureType.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
@@ -26,8 +26,9 @@
 namespace Okta.Sdk.Model
 {
     /// <summary>
-    /// Defines FeatureType
+    /// Type of feature
     /// </summary>
+    /// <value>Type of feature</value>
     [JsonConverter(typeof(StringEnumSerializingConverter))]
     public sealed class FeatureType : StringEnum
     {
diff --git a/src/Okta.Sdk/Model/FipsEnum.cs b/src/Okta.Sdk/Model/FipsEnum.cs
index 53342e6da..d7dadc06d 100644
--- a/src/Okta.Sdk/Model/FipsEnum.cs
+++ b/src/Okta.Sdk/Model/FipsEnum.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/ForgotPasswordResponse.cs b/src/Okta.Sdk/Model/ForgotPasswordResponse.cs
index c109b6ec1..717432e88 100644
--- a/src/Okta.Sdk/Model/ForgotPasswordResponse.cs
+++ b/src/Okta.Sdk/Model/ForgotPasswordResponse.cs
@@ -3,7 +3,7 @@
  *
  * Allows customers to easily access the Okta Management APIs
  *
- * The version of the OpenAPI document: 5.1.0
+ * The version of the OpenAPI document: 2024.06.1
  * Contact: devex-public@okta.com
  * Generated by: https://github.com/openapitools/openapi-generator.git
  */
diff --git a/src/Okta.Sdk/Model/FulfillmentData.cs b/src/Okta.Sdk/Model/FulfillmentData.cs
new file mode 100644
index 000000000..219d5c11c
--- /dev/null
+++ b/src/Okta.Sdk/Model/FulfillmentData.cs
@@ -0,0 +1,149 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Fulfillment provider details
+    /// </summary>
+    [DataContract(Name = "FulfillmentData")]
+    
+    public partial class FulfillmentData : IEquatable<FulfillmentData>
+    {
+        
+        /// <summary>
+        /// ID for the set of custom configurations of the requested Factor
+        /// </summary>
+        /// <value>ID for the set of custom configurations of the requested Factor</value>
+        [DataMember(Name = "customizationId", EmitDefaultValue = true)]
+        public string CustomizationId { get; set; }
+
+        /// <summary>
+        /// ID for the specific inventory bucket of the requested Factor
+        /// </summary>
+        /// <value>ID for the specific inventory bucket of the requested Factor</value>
+        [DataMember(Name = "inventoryProductId", EmitDefaultValue = true)]
+        public string InventoryProductId { get; set; }
+
+        /// <summary>
+        /// ID for the make and model of the requested Factor
+        /// </summary>
+        /// <value>ID for the make and model of the requested Factor</value>
+        [DataMember(Name = "productId", EmitDefaultValue = true)]
+        public string ProductId { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class FulfillmentData {\n");
+            sb.Append("  CustomizationId: ").Append(CustomizationId).Append("\n");
+            sb.Append("  InventoryProductId: ").Append(InventoryProductId).Append("\n");
+            sb.Append("  ProductId: ").Append(ProductId).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as FulfillmentData);
+        }
+
+        /// <summary>
+        /// Returns true if FulfillmentData instances are equal
+        /// </summary>
+        /// <param name="input">Instance of FulfillmentData to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(FulfillmentData input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.CustomizationId == input.CustomizationId ||
+                    (this.CustomizationId != null &&
+                    this.CustomizationId.Equals(input.CustomizationId))
+                ) && 
+                (
+                    this.InventoryProductId == input.InventoryProductId ||
+                    (this.InventoryProductId != null &&
+                    this.InventoryProductId.Equals(input.InventoryProductId))
+                ) && 
+                (
+                    this.ProductId == input.ProductId ||
+                    (this.ProductId != null &&
+                    this.ProductId.Equals(input.ProductId))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.CustomizationId != null)
+                {
+                    hashCode = (hashCode * 59) + this.CustomizationId.GetHashCode();
+                }
+                if (this.InventoryProductId != null)
+                {
+                    hashCode = (hashCode * 59) + this.InventoryProductId.GetHashCode();
+                }
+                if (this.ProductId != null)
+                {
+                    hashCode = (hashCode * 59) + this.ProductId.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}
diff --git a/src/Okta.Sdk/Model/FulfillmentRequest.cs b/src/Okta.Sdk/Model/FulfillmentRequest.cs
new file mode 100644
index 000000000..88d1ee221
--- /dev/null
+++ b/src/Okta.Sdk/Model/FulfillmentRequest.cs
@@ -0,0 +1,178 @@
+/*
+ * Okta Admin Management
+ *
+ * Allows customers to easily access the Okta Management APIs
+ *
+ * The version of the OpenAPI document: 2024.06.1
+ * Contact: devex-public@okta.com
+ * Generated by: https://github.com/openapitools/openapi-generator.git
+ */
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Linq;
+using OpenAPIDateConverter = Okta.Sdk.Client.OpenAPIDateConverter;
+
+namespace Okta.Sdk.Model
+{
+    /// <summary>
+    /// Template: ModelGeneric
+    /// Fulfillment Request
+    /// </summary>
+    [DataContract(Name = "FulfillmentRequest")]
+    
+    public partial class FulfillmentRequest : IEquatable<FulfillmentRequest>
+    {
+        /// <summary>
+        /// Name of the fulfillment provider for the WebAuthn Preregistration Factor
+        /// </summary>
+        /// <value>Name of the fulfillment provider for the WebAuthn Preregistration Factor</value>
+        [JsonConverter(typeof(StringEnumSerializingConverter))]
+        public sealed class FulfillmentProviderEnum : StringEnum
+        {
+            /// <summary>
+            /// StringEnum Yubico for value: yubico
+            /// </summary>
+            
+            public static FulfillmentProviderEnum Yubico = new FulfillmentProviderEnum("yubico");
+
+
+            /// <summary>
+            /// Implicit operator declaration to accept and convert a string value as a <see cref="FulfillmentProviderEnum"/>
+            /// </summary>
+            /// <param name="value">The value to use</param>
+            public static implicit operator FulfillmentProviderEnum(string value) => new FulfillmentProviderEnum(value);
+
+            /// <summary>
+            /// Creates a new <see cref="FulfillmentProvider"/> instance.
+            /// </summary>
+            /// <param name="value">The value to use.</param>
+            public FulfillmentProviderEnum(string value)
+                : base(value)
+            {
+            }
+        }
+
+
+        /// <summary>
+        /// Name of the fulfillment provider for the WebAuthn Preregistration Factor
+        /// </summary>
+        /// <value>Name of the fulfillment provider for the WebAuthn Preregistration Factor</value>
+        [DataMember(Name = "fulfillmentProvider", EmitDefaultValue = true)]
+        
+        public FulfillmentProviderEnum FulfillmentProvider { get; set; }
+        
+        /// <summary>
+        /// Gets or Sets FulfillmentData
+        /// </summary>
+        [DataMember(Name = "fulfillmentData", EmitDefaultValue = true)]
+        public FulfillmentData FulfillmentData { get; set; }
+
+        /// <summary>
+        /// ID of an existing Okta user
+        /// </summary>
+        /// <value>ID of an existing Okta user</value>
+        [DataMember(Name = "userId", EmitDefaultValue = true)]
+        public string UserId { get; set; }
+
+        /// <summary>
+        /// Returns the string presentation of the object
+        /// </summary>
+        /// <returns>String presentation of the object</returns>
+        public override string ToString()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.Append("class FulfillmentRequest {\n");
+            sb.Append("  FulfillmentData: ").Append(FulfillmentData).Append("\n");
+            sb.Append("  FulfillmentProvider: ").Append(FulfillmentProvider).Append("\n");
+            sb.Append("  UserId: ").Append(UserId).Append("\n");
+            sb.Append("}\n");
+            return sb.ToString();
+        }
+
+        /// <summary>
+        /// Returns the JSON string presentation of the object
+        /// </summary>
+        /// <returns>JSON string presentation of the object</returns>
+        public virtual string ToJson()
+        {
+            return Newtonsoft.Json.JsonConvert.SerializeObject(this, Newtonsoft.Json.Formatting.Indented);
+        }
+
+        /// <summary>
+        /// Returns true if objects are equal
+        /// </summary>
+        /// <param name="input">Object to be compared</param>
+        /// <returns>Boolean</returns>
+        public override bool Equals(object input)
+        {
+            return this.Equals(input as FulfillmentRequest);
+        }
+
+        /// <summary>
+        /// Returns true if FulfillmentRequest instances are equal
+        /// </summary>
+        /// <param name="input">Instance of FulfillmentRequest to be compared</param>
+        /// <returns>Boolean</returns>
+        public bool Equals(FulfillmentRequest input)
+        {
+            if (input == null)
+            {
+                return false;
+            }
+            return 
+                (
+                    this.FulfillmentData == input.FulfillmentData ||
+                    (this.FulfillmentData != null &&
+                    this.FulfillmentData.Equals(input.FulfillmentData))
+                ) && 
+                (
+                    this.FulfillmentProvider == input.FulfillmentProvider ||
+                    this.FulfillmentProvider.Equals(input.FulfillmentProvider)
+                ) && 
+                (
+                    this.UserId == input.UserId ||
+                    (this.UserId != null &&
+                    this.UserId.Equals(input.UserId))
+                );
+        }
+
+        /// <summary>
+        /// Gets the hash code
+        /// </summary>
+        /// <returns>Hash code</returns>
+        public override int GetHashCode()
+        {
+            unchecked // Overflow is fine, just wrap
+            {
+                int hashCode = 41;
+                
+                if (this.FulfillmentData != null)
+                {
+                    hashCode = (hashCode * 59) + this.FulfillmentData.GetHashCode();
+                }
+                if (this.FulfillmentProvider != null)
+                {
+                    hashCode = (hashCode * 59) + this.FulfillmentProvider.GetHashCode();
+                }
+                if (this.UserId != null)
+                {
+                    hashCode = (hashCode * 59) + this.UserId.GetHashCode();
+                }
+                return hashCode;
+            }
+        }
+
+    }
+
+}