Get an application

Lists a specified application.

Path Params
string
required

A unique identifier for each application.

Query Params
string
required

The Akamai contract identifier for your Enterprise Application Access product.

boolean

When set to true, includes additional members in the request.

boolean

When set to true, the application members include services and directories.

string

For customers who manage more than one account, this runs the operation from another account. The Identity and Access Management API provides a list of available account switch keys.

Response

Response body
object
advanced_settings
object

Application config version advanced settings.

string

Enables traffic acceleration for the application. Either true or false.

true false

string

Allows cross-origin resource sharing between domains. Either true or false.

true false

string

The maximum number of concurrent anonymous server connections.

string

The maximum number of concurrent anonymous server requests.

string

The application-facing authentication mechanism. Default is none.

string | null

Specifies the active directory domain where the application's service account was created. Used if the application supports Kerberos. Specify null if you want to provide this later.

string

Enables client certificate authentication. Either true or false.

true false

string | null
string | null

The application's location. Specify null if you want to provide this later.

string

The maximum time for an application server to fulfill a user request. The default is 60 seconds.

string

The maximum number of authenticated server connections allowed.

string

The maximum number of authenticated server connections allowed.

string

Enables client certificate authorization. Either true or false.

true false

string

Relevant certificate parameters for client authentication.

string
string
Defaults to unbounded

Controls which origins are populated in the Access-Control-Allow-Origin`` header. Defaults to unbounded, which echoes back the value of the Origin` header which was sent by the browser.

string

The maximum time in seconds that can lapse before preflight information expires. After this time a new preflight request needs to be made for an unsafe request.

string

Controls which HTTP methods are populated in the Access-Control-Allow-Methods header in response to a preflight request.

string

Controls which origins are populated in the Access-Control-Allow-Origin header. The default value of unbounded echoes back the value of the Origin header sent by the browser.

string

Enables the application to respond with the Access-Control-Allow-Credentials: true header set. Either on or off. If off, authentication between applications fails. If a cookie is sent to a cross-origin and the response does not include this header, the browser ignores the response. Either off or on.

off on

custom_headers
array of strings or null

Custom headers for application connections.

custom_headers
string

A list of domains to except from content rewrite.

string

Enables edge authentication for the application. Either true or false.

true false

string
string | null
string

Forces multi-factor authentication. Either off or on.

on off

string

Enables Kerberos forward ticket grants, instead of using a keytab file. Either true or false.

true false

string

Enables G2O on an application configuration. Either true or false.

true false

string | null

The G2O key to share with your ION configuration.

string | null

The G2O nonce to share with your ION configuration.

string

The number of consecutive missed heartbeats before the connector considers an application server to be unreachable.

string | null

The host header to use for HTTP health checks.

string

The URL to use for HTTP health checks.

string

The HTTP version to use for the health check.

string

The interval between successive heartbeats in seconds.

string

The number of consecutive successful heartbeats that connectors need to receive before considering an application server to be healthy. The default is two.

string

The time in seconds that the connector waits before considering a heartbeat attempt to have failed.

string

The type of health check to perform on all the associated servers to verify service availability. Either 0 for default, 1 for http, 2 for https, 3 for tls, 4 for sslv3, 5 for 6 for tcp, or 7 for disable.

0 1 2 3 4 5 6 7

string

Used to hide the application from the login portal. Either true or false.

true false

string | null

The host secret key.

string

The maximum age of the HTTP Strict Transport Security activity period, in seconds.

string
string

Enables the application to interact with the connector using SSLv3. Either true or false.

true false

string

The number of seconds a session may remain idle before it's closed.

string

The maximum number of user access TLS sessions to applications pre-created by a given connector.

string

The minimum number of user access TLS sessions to applications pre-created by a given connector.

string

The incremental number of user access TLS sessions to launch for applications by a given connector.

string | null

The number of seconds before an idle session with the IDP expires. Specify null if you want to provide this later.

string | null

The maximum number of seconds to maintain an IDP session. Specify null if you want to provide this later.

string

Ignores MFA bypass attempts on the application. Either off or on.

off on

string

Ignore CNAME DNS resolutions for the application. Either true or false.

true false

string

Enables custom JavaScript injection when rewriting websocket and XHR requests. Either off or on.

off on

string

The internal host port to perform CNAME redirection on. Specify null if not applicable.

string | null

The internal hostname to perform CNAME redirection on. Specify null if not applicable.

string

Allows access to IP based applications hosted in internal networks though EAA Client connector. Either true or false.

true false

string

Indicates if SSL verification is enabled for the application. Either true or false.

true false

string

The maximum number of connections allowed in the keepalive pool.

string

Enables connection keepalives. Either true or false.

true false

string

The keepalive timeout period in seconds.

string

Configures the application to perform Kerberos authentication only on the initial login URL. Either on or off.

string

Allows a connection between two devices to remain open, even when no data is being transmitted. Either true or false.

true false

string

A unique keytab for Kerberos delegation.

string

The load-balancing metric for the application. Either round-robin or ip-hash.

round-robin ip-hash

string

Enables logging for the application. Either true or false.

true false

string

The number of seconds before a login attempt times out.

string | null

The URL for which authentication tokens need to be generated. Specify null if not applicable.

string | null

The single-sign out URL triggered when a user logs out of an SSO application. Specify null if not applicable.

string

Enables multi-data center connections. Either true or false.

true false

string

Enables multi-factor authentication for the application. Either enable, disable, or inherit.

enable disable inherit

string

Enables on-premises users to bypass the EAA cloud to access applications. Either true or false.

true false

string | null

The passphrase for the certificate.

string
string

The URL that users are directed to when authenticating with a third party IdP. By default users are directed to the EAA application page.

string | null

Private key for the certificate.

string | null

The size of the proxy's buffer, in kilobytes.

string

Prevents users from copying information from a RDP session. Either true or false.

true false

string

Enables rate limiting for the application. Either on or off.

on off

string | null

The program that initializes when the user logs in to the remote environment. Specify null if not applicable.

string

Enables legacy mode RDP connections to the application. Either true or false.

true false

rdp_remote_apps
array of strings or null

Remote RDP applications.

rdp_remote_apps
string

Enables TLS v1 for RDP connections. Either true or false.

true false

string
string

Enables audio integration for Cisco Webex Spark application. Either true or false.

true false

string

Name of the disk for Cisco Webex Spark application.

string

Enables map clipboard integration for Cisco Webex Spark application. Either on or off.

on off

string

Enables map disk integration for Cisco Webex Spark application. Either true or false.

true false

string

Enables map printer integration for Cisco Webex Spark application. Either true or false.

true false

string

Name of the printer for Cisco Webex Spark application.

string

Enables recording integration for Cisco Webex Spark application. Either true or false.

true false

string

Enables the application to rewrite request body data. Either true or false.

true false

string | null

The HTTP request parameter to use. For example, GET. Specify null if not applicable.

string

Enables SaaS for the application. Either true or false.

true false

string

Enables the Sentry module to redirect requests that receive a 401 response.

string

Enables EAA to fo origin server certification validation for HTTPS applications. Either true or false.

true false

string

The server request threshold for burst monitoring.

string | null

The application's Kerberos service principal name (SPN). If your application uses a different service principal name, specify the configuration suitable for your application. Specify null if not applicable.

string | null

Enables session stickiness to ensure that a given session always traverses the same connector when interacting with the application. Either true or false. Specify null if not applicable.

true false

string
string | null
string

Enables single host content rewrite. Either true or false.

true false

string
string

Enables single host FQDN for the application. Either true or false.

true false

string

The single host fully qualified domain name used to host multiple applications.

string

The single host path used to host multiple applications.

string

The SLA object URL to share with your ION configuration.

string

Enables SPDY traffic management. Either true or false.

true false

string

Enables ssh session auditing. Either true or false.

true false

string

Enables SSO authentication for the application. Either true or false.

true false

string

Enables connector persistence for connections. Either true or false.

true false

string | null

The username to use for application authentication. Specify null if not applicable.

string

The authentication method for the application. Either form, basic, basic+cookie, or certificate_only.

form basic basic+cookie certificate_only

string

Indicates that this application uses WebSockets for HTTP transport. Either true or false.

true false

string

Enables an optional wildcard string for internal hostnames. Either true or false.

true false

agents
array of objects
length ≥ 1

Target connectors for deploying the application configuration.

agents
object
boolean
required

Whether the target connector is compatible with the application configuration.

string
required
length ≥ 1

The name of the connector.

string
required
length ≥ 1

The UUID URL of the connector.

app
object

Specifies the application for the application directory.

string
required
length ≥ 1

The application UUID URL.

string
required
length ≥ 1

The application name.

app_category
object

Specifies the category the application belongs to.

string
length ≥ 1

The name of the category.

string
length ≥ 1

The UUID of the category.

boolean

Whether the application configuration is deployed.

string
length ≥ 1

A URL identifying the application configuration's logo icon.

integer
Defaults to 1

The operational status of the application configuration. Either 1 for No, 2 for Pending, or 3 for Okay.

1 2 3

integer
Defaults to 1

The access application profile. Either 1 for HTTP, 2 for SharePoint, 3 for Jira, 4 for RDP, 5 for VNC, 6 for ssh, 7 for Jenkins, 8 for Confluence, or 9 for TCP.

1 2 3 4 5 6 7 8 9

integer
Defaults to 1

The status of the application configuration. Either 1 for not ready, 2 for ready, 3 for pending, 4 for deployed, 5 for failed, 6 for cloud deployed, or 7 for connector deployed.

1 2 3 4 5 6 7

integer

The type of application configuration. Either 1 for Enterprise Hosted, 2 for SAAS, 3 for Bookmark, 4 for Tunnel, or 5 for Enterprise Threat Protector.

1 2 3 4 5

string | null

The connector for the application.

string
length ≥ 1
Defaults to true

Enables authentication.

integer
Defaults to 1

The type of authentication used. Either 1 for Cloud, 2 for Enterprise, or 3 for Third Party.

1 2 3

string
length ≥ 0

The Okta Bookmark app URL.

string | null

A valid certificate string for front-end SSL connections. Used if you configure your domain as the external hostname. Specify null if you want to name it later.

integer
Defaults to 1

The mode of client app. 1 for TCP or 2 for Tunnel.

1 2

string | null

The upstream URL for a CNAME redirect.

string

Read-only ISO 8601 timestamp marking the application object's creation.

string | null

The data connector for the application.

string
length ≥ 1

A description of the application.

directories
array of objects
length ≥ 1

Application directory details for validating user accounts.

directories
object
string
required
length ≥ 1

The name of the directory.

integer
required

The type of directory. Select 1 for EAA Cloud Directory, 2 for Active Directory, 3 for LDAP, or 4 for Active Directory LDS.

1 2 3 4

integer
required
≥ 0

The total number of user accounts configured on the directory.

string
required
length ≥ 1

The UUID URL of the directory.

directory
object

Directory properties.

string

The directory's unique ID.

string

The directory name.

integer
Defaults to 1

The type of access domain. Select 1 for custom or 2 for Akamai.

1 2

string
length ≥ 0

The domain suffix. For example, .com.

string

Enables multifactor authentication. Either enable or use to inherit to use the IDP's MFA settings.

inherit enable

string | null

The external default hostname for the application.

idp
object

Specifies the identity provider (IDP) for authenticating user requests.

string

Enables client certificate authorization. Either true or false.

true false

string
length ≥ 0

Relevant cert based parameters for client authentication.

string
length ≥ 1

The ID of the IDP configuration.

string
length ≥ 0

The name of the IDP configuration.

integer
Defaults to 1

The type of IDP. Select 1 for Default, 2 for EAA, 3 for SAML, 4 for Okta, 5 for PingOne, 6 for OneLogin, 7 for Google, 8 for OIDC, or 9 for Azure.

1 2 3 4 5 6 7 8 9

string
length ≥ 1

Name of the user who most recently modified this application object. If the object wasn't modified since first being created, the value matches createdAt.

string
length ≥ 0

The name of the application configuration.

boolean

Enables OpenID Connect (OIDC).

object | null

JSON settings to implement OIDC.

string
length ≥ 1

The OIDC endpoint where end users authenticate and grant the client application consent to access their identity information.

string
length ≥ 1

The URI of the relaying party's CA certificate.

string
length ≥ 1

The iframe URL used to check session status.

string
length ≥ 1

The OIDC endpoint the client uses to discover OpenID features and other provider endpoints.

string
length ≥ 1

The OIDC endpoint that triggers single sign out.

string
length ≥ 1

The publishing location of the JSON web keys (JWK). Used for both the open provider and the relaying party.

string
length ≥ 1

Metadata that describes the OIDC provider's configuration.

string
length ≥ 1

The OIDC endpoint that tokens and authenticates client application requests.

string
length ≥ 1

The OIDC endpoint where the client sends requests for identity claims.

string

Whether the origin host uses TLS encryption.

string | null

The IP address or FQDN of the application origin server.

integer

The application's origin port.

string
length ≥ 0

The identifier for the target region to deploy the application.

string
length ≥ 0

The target region to deploy the application. For example, US-West or US-East.

string
length ≥ 1

The version of remote desktop protocol (RDP).

string
length ≥ 1

Name of resource mapping to an entity or set of entities. For example, apps.

resource_status
object

The most recent status of various application resources.

integer
required
Defaults to 1

The certificate resource status. Either 1 for Not Added, 2 for Expired, 3 for Invalid CNAME, 4 for Invalid CA, 5 for No Private Key, 6 for Okay, or 7 for Invalid CA User Parameter.

1 2 3 4 5 6 7

integer
required
Defaults to 1

The CNAME DNS resource status. Either 1 for Not Configured, 2 for Configured, 3 for Ready, 4 for Not Resolved, 5 for Okay.

1 2 3 4 5

integer
required
Defaults to 1

The data agent resource status. Either 1 for Not Added, 2 for Not Installed, 3 for Not Approved, 4 for Not Reachable, 5 for Okay, or 6 for Not Compatible.

1 2 3 4 5 6

integer
required
Defaults to 1

The dialin server resource status. Either 1 for Not Configured, 2 for Configured, 3 for Not Created, 4 for Not Resolved, and 5 for Okay.

1 2 3 4 5

integer
required
Defaults to 1

The directories resource status. Either 1 for Not Added, 2 for Added, 3 for No Connector, 4 for Pending, 5 for Not Reachable, or 6 for Okay.

1 2 3 4 5 6

integer
required
Defaults to 1

The host DNS resource status. Either 1 for Not Configured, 2 for Configured, 3 for Ready, 4 for Not Resolved, 5 for Not Created, 6 for Okay, or 7 for CNAME Mismatch.

1 2 3 4 5 6 7

boolean
required
Defaults to false

Indicates whether the host is reachable.

integer
required
Defaults to 1

The internal host resource status. Either 1 for Not Configured or 2 for Okay.

1 2

integer
required
Defaults to 1

The origin host resource status. Either 1 for Not Configured, 2 for Configured, 3 for Ready, 4 for Not Reachable, or 5 for Okay.

1 2 3 4 5

integer
required
Defaults to 1

The pop resource status. Either 1 for Not Configured) or 2 for Okay.

1 2

resource_uri
object

Related resource URIs for the application.

string
length ≥ 1

The URI location of an associated application resource.

string
length ≥ 1

The URI location of an associated directory resource.

string
length ≥ 1

The URI location of an associated group resource.

string
length ≥ 1

The URI location of an associated href resource.

string
length ≥ 1

The URI location of an associated pop resource.

string
length ≥ 1

The URI location of an associated service resource.

string
length ≥ 1

The URI location of an associated site resource.

boolean

Enables SAML for the application.

saml_settings
array of objects
length ≥ 1

SAML configuration for an application.

saml_settings
object
attrmap
array of objects
required
length ≥ 1

SAML attribute mapping details.

attrmap*
object
string
required

The name format of the attribute. Either email, basic, persistent, unspecified, or transient.

email basic unspecified persistent transient

string
length ≥ 0

The fname of the attribute.

string
required
length ≥ 1

The name of the attribute.

string
length ≥ 1

The custom rule language for the attribute.

string
required
length ≥ 1

The source of the attribute.

string
length ≥ 1

The value of the attribute.

idp
object
required

Specifies identity provider (IDP) settings for the SAML configuration.

sp
object
required

Specifies service provider (SP) settings for the SAML configuration.

subject
object
required

Specifies the subject settings for the SAML configuration.

servers
array of objects
length ≥ 0

Origin server details of the internal application within your network.

servers
object
string
length ≥ 1

The name of the origin server.

boolean
required

Enables TLS on the origin server.

string | null
required

The IP address or FQDN of the origin server.

integer
required
≥ 0

The port number of the origin server.

string
required

The protocol of the origin server connection. Either ssh or http.

ssh http

services
array of objects
length ≥ 1

Services enabled on the application configuration.

services
object
string
length ≥ 1

The name of the service.

string
length ≥ 1

The unique ID of the service.

sites
array of strings
length ≥ 1

List of associated site resources.

sites
Defaults to 1

The status of the application configuration. Either 1 for not ready, 2 for ready, 3 for pending, 4 for deployed, 5 for failed, 6 for cloud deployed, or 7 for connector deployed.

string
length ≥ 1

A unique identifier for the application.

boolean

Enables Web Services Federation (WSFED) identity federation.

wsfed_settings
array of objects
length ≥ 1

JSON settings to implement WSFED.

Web Services Federation (WSFED) settings
object
attrmap
array of objects
required
length ≥ 1

Mapped attributes for the WSFED configuration.

attrmap*
object
string
length ≥ 1

The custom format of the attribute.

string
required
length ≥ 1

The name format of the attribute.

string
length ≥ 1

The name of the attribute.

string
length ≥ 1

The custom rule language for the attribute.

string
length ≥ 1

The source of the attribute.

string
length ≥ 1

The value of the attribute.

idp
object
required

Specifies identity provider (IDP) settings for the WSFED configuration.

sp
object
required

Specifies service provider settings for the WSFED configuration.

subject
object
required

Specifies subject settings for the WSFED configuration.

Language
Authentication
URL